xref: /freebsd/contrib/wpa/src/ap/pmksa_cache_auth.c (revision c1d255d3) 
1e28a4053SRui Paulo /*
2e28a4053SRui Paulo  * hostapd - PMKSA cache for IEEE 802.11i RSN
35b9c547cSRui Paulo  * Copyright (c) 2004-2008, 2012-2015, Jouni Malinen <j@w1.fi>
4e28a4053SRui Paulo  *
5f05cddf9SRui Paulo  * This software may be distributed under the terms of the BSD license.
6f05cddf9SRui Paulo  * See README for more details.
7e28a4053SRui Paulo  */
8e28a4053SRui Paulo 
9e28a4053SRui Paulo #include "utils/includes.h"
10e28a4053SRui Paulo 
11e28a4053SRui Paulo #include "utils/common.h"
12e28a4053SRui Paulo #include "utils/eloop.h"
13e28a4053SRui Paulo #include "eapol_auth/eapol_auth_sm.h"
14e28a4053SRui Paulo #include "eapol_auth/eapol_auth_sm_i.h"
155b9c547cSRui Paulo #include "radius/radius_das.h"
16e28a4053SRui Paulo #include "sta_info.h"
17e28a4053SRui Paulo #include "ap_config.h"
18e28a4053SRui Paulo #include "pmksa_cache_auth.h"
19e28a4053SRui Paulo 
20e28a4053SRui Paulo 
21e28a4053SRui Paulo static const int pmksa_cache_max_entries = 1024;
22e28a4053SRui Paulo static const int dot11RSNAConfigPMKLifetime = 43200;
23e28a4053SRui Paulo 
24e28a4053SRui Paulo struct rsn_pmksa_cache {
25e28a4053SRui Paulo #define PMKID_HASH_SIZE 128
26e28a4053SRui Paulo #define PMKID_HASH(pmkid) (unsigned int) ((pmkid)[0] & 0x7f)
27e28a4053SRui Paulo 	struct rsn_pmksa_cache_entry *pmkid[PMKID_HASH_SIZE];
28e28a4053SRui Paulo 	struct rsn_pmksa_cache_entry *pmksa;
29e28a4053SRui Paulo 	int pmksa_count;
30e28a4053SRui Paulo 
31e28a4053SRui Paulo 	void (*free_cb)(struct rsn_pmksa_cache_entry *entry, void *ctx);
32e28a4053SRui Paulo 	void *ctx;
33e28a4053SRui Paulo };
34e28a4053SRui Paulo 
35e28a4053SRui Paulo 
36e28a4053SRui Paulo static void pmksa_cache_set_expiration(struct rsn_pmksa_cache *pmksa);
37e28a4053SRui Paulo 
38e28a4053SRui Paulo 
_pmksa_cache_free_entry(struct rsn_pmksa_cache_entry * entry)39e28a4053SRui Paulo static void _pmksa_cache_free_entry(struct rsn_pmksa_cache_entry *entry)
40e28a4053SRui Paulo {
41780fb4a2SCy Schubert 	os_free(entry->vlan_desc);
42e28a4053SRui Paulo 	os_free(entry->identity);
43f05cddf9SRui Paulo 	wpabuf_free(entry->cui);
44e28a4053SRui Paulo #ifndef CONFIG_NO_RADIUS
45e28a4053SRui Paulo 	radius_free_class(&entry->radius_class);
46e28a4053SRui Paulo #endif /* CONFIG_NO_RADIUS */
475b9c547cSRui Paulo 	bin_clear_free(entry, sizeof(*entry));
48e28a4053SRui Paulo }
49e28a4053SRui Paulo 
50e28a4053SRui Paulo 
pmksa_cache_free_entry(struct rsn_pmksa_cache * pmksa,struct rsn_pmksa_cache_entry * entry)515b9c547cSRui Paulo void pmksa_cache_free_entry(struct rsn_pmksa_cache *pmksa,
52e28a4053SRui Paulo 			    struct rsn_pmksa_cache_entry *entry)
53e28a4053SRui Paulo {
54e28a4053SRui Paulo 	struct rsn_pmksa_cache_entry *pos, *prev;
555b9c547cSRui Paulo 	unsigned int hash;
56e28a4053SRui Paulo 
57e28a4053SRui Paulo 	pmksa->pmksa_count--;
58e28a4053SRui Paulo 	pmksa->free_cb(entry, pmksa->ctx);
595b9c547cSRui Paulo 
605b9c547cSRui Paulo 	/* unlink from hash list */
615b9c547cSRui Paulo 	hash = PMKID_HASH(entry->pmkid);
625b9c547cSRui Paulo 	pos = pmksa->pmkid[hash];
63e28a4053SRui Paulo 	prev = NULL;
64e28a4053SRui Paulo 	while (pos) {
65e28a4053SRui Paulo 		if (pos == entry) {
665b9c547cSRui Paulo 			if (prev != NULL)
675b9c547cSRui Paulo 				prev->hnext = entry->hnext;
685b9c547cSRui Paulo 			else
695b9c547cSRui Paulo 				pmksa->pmkid[hash] = entry->hnext;
70e28a4053SRui Paulo 			break;
71e28a4053SRui Paulo 		}
72e28a4053SRui Paulo 		prev = pos;
73e28a4053SRui Paulo 		pos = pos->hnext;
74e28a4053SRui Paulo 	}
75e28a4053SRui Paulo 
765b9c547cSRui Paulo 	/* unlink from entry list */
77e28a4053SRui Paulo 	pos = pmksa->pmksa;
78e28a4053SRui Paulo 	prev = NULL;
79e28a4053SRui Paulo 	while (pos) {
80e28a4053SRui Paulo 		if (pos == entry) {
81e28a4053SRui Paulo 			if (prev != NULL)
825b9c547cSRui Paulo 				prev->next = entry->next;
83e28a4053SRui Paulo 			else
845b9c547cSRui Paulo 				pmksa->pmksa = entry->next;
85e28a4053SRui Paulo 			break;
86e28a4053SRui Paulo 		}
87e28a4053SRui Paulo 		prev = pos;
88e28a4053SRui Paulo 		pos = pos->next;
89e28a4053SRui Paulo 	}
905b9c547cSRui Paulo 
91e28a4053SRui Paulo 	_pmksa_cache_free_entry(entry);
92e28a4053SRui Paulo }
93e28a4053SRui Paulo 
94e28a4053SRui Paulo 
95780fb4a2SCy Schubert /**
96780fb4a2SCy Schubert  * pmksa_cache_auth_flush - Flush all PMKSA cache entries
97780fb4a2SCy Schubert  * @pmksa: Pointer to PMKSA cache data from pmksa_cache_auth_init()
98780fb4a2SCy Schubert  */
pmksa_cache_auth_flush(struct rsn_pmksa_cache * pmksa)99780fb4a2SCy Schubert void pmksa_cache_auth_flush(struct rsn_pmksa_cache *pmksa)
100780fb4a2SCy Schubert {
101780fb4a2SCy Schubert 	while (pmksa->pmksa) {
102780fb4a2SCy Schubert 		wpa_printf(MSG_DEBUG, "RSN: Flush PMKSA cache entry for "
103780fb4a2SCy Schubert 			   MACSTR, MAC2STR(pmksa->pmksa->spa));
104780fb4a2SCy Schubert 		pmksa_cache_free_entry(pmksa, pmksa->pmksa);
105780fb4a2SCy Schubert 	}
106780fb4a2SCy Schubert }
107780fb4a2SCy Schubert 
108780fb4a2SCy Schubert 
pmksa_cache_expire(void * eloop_ctx,void * timeout_ctx)109e28a4053SRui Paulo static void pmksa_cache_expire(void *eloop_ctx, void *timeout_ctx)
110e28a4053SRui Paulo {
111e28a4053SRui Paulo 	struct rsn_pmksa_cache *pmksa = eloop_ctx;
1125b9c547cSRui Paulo 	struct os_reltime now;
113e28a4053SRui Paulo 
1145b9c547cSRui Paulo 	os_get_reltime(&now);
115e28a4053SRui Paulo 	while (pmksa->pmksa && pmksa->pmksa->expiration <= now.sec) {
116e28a4053SRui Paulo 		wpa_printf(MSG_DEBUG, "RSN: expired PMKSA cache entry for "
117f05cddf9SRui Paulo 			   MACSTR, MAC2STR(pmksa->pmksa->spa));
118f05cddf9SRui Paulo 		pmksa_cache_free_entry(pmksa, pmksa->pmksa);
119e28a4053SRui Paulo 	}
120e28a4053SRui Paulo 
121e28a4053SRui Paulo 	pmksa_cache_set_expiration(pmksa);
122e28a4053SRui Paulo }
123e28a4053SRui Paulo 
124e28a4053SRui Paulo 
pmksa_cache_set_expiration(struct rsn_pmksa_cache * pmksa)125e28a4053SRui Paulo static void pmksa_cache_set_expiration(struct rsn_pmksa_cache *pmksa)
126e28a4053SRui Paulo {
127e28a4053SRui Paulo 	int sec;
1285b9c547cSRui Paulo 	struct os_reltime now;
129e28a4053SRui Paulo 
130e28a4053SRui Paulo 	eloop_cancel_timeout(pmksa_cache_expire, pmksa, NULL);
131e28a4053SRui Paulo 	if (pmksa->pmksa == NULL)
132e28a4053SRui Paulo 		return;
1335b9c547cSRui Paulo 	os_get_reltime(&now);
134e28a4053SRui Paulo 	sec = pmksa->pmksa->expiration - now.sec;
135e28a4053SRui Paulo 	if (sec < 0)
136e28a4053SRui Paulo 		sec = 0;
137e28a4053SRui Paulo 	eloop_register_timeout(sec + 1, 0, pmksa_cache_expire, pmksa, NULL);
138e28a4053SRui Paulo }
139e28a4053SRui Paulo 
140e28a4053SRui Paulo 
pmksa_cache_from_eapol_data(struct rsn_pmksa_cache_entry * entry,struct eapol_state_machine * eapol)141e28a4053SRui Paulo static void pmksa_cache_from_eapol_data(struct rsn_pmksa_cache_entry *entry,
142e28a4053SRui Paulo 					struct eapol_state_machine *eapol)
143e28a4053SRui Paulo {
144780fb4a2SCy Schubert 	struct vlan_description *vlan_desc;
145780fb4a2SCy Schubert 
146e28a4053SRui Paulo 	if (eapol == NULL)
147e28a4053SRui Paulo 		return;
148e28a4053SRui Paulo 
149e28a4053SRui Paulo 	if (eapol->identity) {
150e28a4053SRui Paulo 		entry->identity = os_malloc(eapol->identity_len);
151e28a4053SRui Paulo 		if (entry->identity) {
152e28a4053SRui Paulo 			entry->identity_len = eapol->identity_len;
153e28a4053SRui Paulo 			os_memcpy(entry->identity, eapol->identity,
154e28a4053SRui Paulo 				  eapol->identity_len);
155e28a4053SRui Paulo 		}
156e28a4053SRui Paulo 	}
157e28a4053SRui Paulo 
158f05cddf9SRui Paulo 	if (eapol->radius_cui)
159f05cddf9SRui Paulo 		entry->cui = wpabuf_dup(eapol->radius_cui);
160f05cddf9SRui Paulo 
161e28a4053SRui Paulo #ifndef CONFIG_NO_RADIUS
162e28a4053SRui Paulo 	radius_copy_class(&entry->radius_class, &eapol->radius_class);
163e28a4053SRui Paulo #endif /* CONFIG_NO_RADIUS */
164e28a4053SRui Paulo 
165e28a4053SRui Paulo 	entry->eap_type_authsrv = eapol->eap_type_authsrv;
1665b9c547cSRui Paulo 
167780fb4a2SCy Schubert 	vlan_desc = ((struct sta_info *) eapol->sta)->vlan_desc;
168780fb4a2SCy Schubert 	if (vlan_desc && vlan_desc->notempty) {
169780fb4a2SCy Schubert 		entry->vlan_desc = os_zalloc(sizeof(struct vlan_description));
170780fb4a2SCy Schubert 		if (entry->vlan_desc)
171780fb4a2SCy Schubert 			*entry->vlan_desc = *vlan_desc;
172780fb4a2SCy Schubert 	} else {
173780fb4a2SCy Schubert 		entry->vlan_desc = NULL;
174780fb4a2SCy Schubert 	}
175780fb4a2SCy Schubert 
176780fb4a2SCy Schubert 	entry->acct_multi_session_id = eapol->acct_multi_session_id;
177e28a4053SRui Paulo }
178e28a4053SRui Paulo 
179e28a4053SRui Paulo 
pmksa_cache_to_eapol_data(struct hostapd_data * hapd,struct rsn_pmksa_cache_entry * entry,struct eapol_state_machine * eapol)180780fb4a2SCy Schubert void pmksa_cache_to_eapol_data(struct hostapd_data *hapd,
181780fb4a2SCy Schubert 			       struct rsn_pmksa_cache_entry *entry,
182e28a4053SRui Paulo 			       struct eapol_state_machine *eapol)
183e28a4053SRui Paulo {
184e28a4053SRui Paulo 	if (entry == NULL || eapol == NULL)
185e28a4053SRui Paulo 		return;
186e28a4053SRui Paulo 
187e28a4053SRui Paulo 	if (entry->identity) {
188e28a4053SRui Paulo 		os_free(eapol->identity);
189e28a4053SRui Paulo 		eapol->identity = os_malloc(entry->identity_len);
190e28a4053SRui Paulo 		if (eapol->identity) {
191e28a4053SRui Paulo 			eapol->identity_len = entry->identity_len;
192e28a4053SRui Paulo 			os_memcpy(eapol->identity, entry->identity,
193e28a4053SRui Paulo 				  entry->identity_len);
194e28a4053SRui Paulo 		}
195e28a4053SRui Paulo 		wpa_hexdump_ascii(MSG_DEBUG, "STA identity from PMKSA",
196e28a4053SRui Paulo 				  eapol->identity, eapol->identity_len);
197e28a4053SRui Paulo 	}
198e28a4053SRui Paulo 
199f05cddf9SRui Paulo 	if (entry->cui) {
200f05cddf9SRui Paulo 		wpabuf_free(eapol->radius_cui);
201f05cddf9SRui Paulo 		eapol->radius_cui = wpabuf_dup(entry->cui);
202f05cddf9SRui Paulo 	}
203f05cddf9SRui Paulo 
204e28a4053SRui Paulo #ifndef CONFIG_NO_RADIUS
205e28a4053SRui Paulo 	radius_free_class(&eapol->radius_class);
206e28a4053SRui Paulo 	radius_copy_class(&eapol->radius_class, &entry->radius_class);
207e28a4053SRui Paulo #endif /* CONFIG_NO_RADIUS */
208e28a4053SRui Paulo 	if (eapol->radius_class.attr) {
209e28a4053SRui Paulo 		wpa_printf(MSG_DEBUG, "Copied %lu Class attribute(s) from "
210e28a4053SRui Paulo 			   "PMKSA", (unsigned long) eapol->radius_class.count);
211e28a4053SRui Paulo 	}
212e28a4053SRui Paulo 
213e28a4053SRui Paulo 	eapol->eap_type_authsrv = entry->eap_type_authsrv;
214780fb4a2SCy Schubert #ifndef CONFIG_NO_VLAN
215780fb4a2SCy Schubert 	ap_sta_set_vlan(hapd, eapol->sta, entry->vlan_desc);
216780fb4a2SCy Schubert #endif /* CONFIG_NO_VLAN */
2175b9c547cSRui Paulo 
218780fb4a2SCy Schubert 	eapol->acct_multi_session_id = entry->acct_multi_session_id;
219e28a4053SRui Paulo }
220e28a4053SRui Paulo 
221e28a4053SRui Paulo 
pmksa_cache_link_entry(struct rsn_pmksa_cache * pmksa,struct rsn_pmksa_cache_entry * entry)222e28a4053SRui Paulo static void pmksa_cache_link_entry(struct rsn_pmksa_cache *pmksa,
223e28a4053SRui Paulo 				   struct rsn_pmksa_cache_entry *entry)
224e28a4053SRui Paulo {
225e28a4053SRui Paulo 	struct rsn_pmksa_cache_entry *pos, *prev;
2265b9c547cSRui Paulo 	int hash;
227e28a4053SRui Paulo 
228e28a4053SRui Paulo 	/* Add the new entry; order by expiration time */
229e28a4053SRui Paulo 	pos = pmksa->pmksa;
230e28a4053SRui Paulo 	prev = NULL;
231e28a4053SRui Paulo 	while (pos) {
232e28a4053SRui Paulo 		if (pos->expiration > entry->expiration)
233e28a4053SRui Paulo 			break;
234e28a4053SRui Paulo 		prev = pos;
235e28a4053SRui Paulo 		pos = pos->next;
236e28a4053SRui Paulo 	}
237e28a4053SRui Paulo 	if (prev == NULL) {
238e28a4053SRui Paulo 		entry->next = pmksa->pmksa;
239e28a4053SRui Paulo 		pmksa->pmksa = entry;
240e28a4053SRui Paulo 	} else {
241e28a4053SRui Paulo 		entry->next = prev->next;
242e28a4053SRui Paulo 		prev->next = entry;
243e28a4053SRui Paulo 	}
2445b9c547cSRui Paulo 
2455b9c547cSRui Paulo 	hash = PMKID_HASH(entry->pmkid);
2465b9c547cSRui Paulo 	entry->hnext = pmksa->pmkid[hash];
2475b9c547cSRui Paulo 	pmksa->pmkid[hash] = entry;
248e28a4053SRui Paulo 
249e28a4053SRui Paulo 	pmksa->pmksa_count++;
250f05cddf9SRui Paulo 	if (prev == NULL)
251f05cddf9SRui Paulo 		pmksa_cache_set_expiration(pmksa);
252e28a4053SRui Paulo 	wpa_printf(MSG_DEBUG, "RSN: added PMKSA cache entry for " MACSTR,
253e28a4053SRui Paulo 		   MAC2STR(entry->spa));
254e28a4053SRui Paulo 	wpa_hexdump(MSG_DEBUG, "RSN: added PMKID", entry->pmkid, PMKID_LEN);
255e28a4053SRui Paulo }
256e28a4053SRui Paulo 
257e28a4053SRui Paulo 
258e28a4053SRui Paulo /**
259e28a4053SRui Paulo  * pmksa_cache_auth_add - Add a PMKSA cache entry
260e28a4053SRui Paulo  * @pmksa: Pointer to PMKSA cache data from pmksa_cache_auth_init()
261e28a4053SRui Paulo  * @pmk: The new pairwise master key
262e28a4053SRui Paulo  * @pmk_len: PMK length in bytes, usually PMK_LEN (32)
263780fb4a2SCy Schubert  * @pmkid: Calculated PMKID
2645b9c547cSRui Paulo  * @kck: Key confirmation key or %NULL if not yet derived
2655b9c547cSRui Paulo  * @kck_len: KCK length in bytes
266e28a4053SRui Paulo  * @aa: Authenticator address
267e28a4053SRui Paulo  * @spa: Supplicant address
268e28a4053SRui Paulo  * @session_timeout: Session timeout
269e28a4053SRui Paulo  * @eapol: Pointer to EAPOL state machine data
270e28a4053SRui Paulo  * @akmp: WPA_KEY_MGMT_* used in key derivation
271e28a4053SRui Paulo  * Returns: Pointer to the added PMKSA cache entry or %NULL on error
272e28a4053SRui Paulo  *
273e28a4053SRui Paulo  * This function create a PMKSA entry for a new PMK and adds it to the PMKSA
274e28a4053SRui Paulo  * cache. If an old entry is already in the cache for the same Supplicant,
275e28a4053SRui Paulo  * this entry will be replaced with the new entry. PMKID will be calculated
276e28a4053SRui Paulo  * based on the PMK.
277e28a4053SRui Paulo  */
278e28a4053SRui Paulo struct rsn_pmksa_cache_entry *
pmksa_cache_auth_add(struct rsn_pmksa_cache * pmksa,const u8 * pmk,size_t pmk_len,const u8 * pmkid,const u8 * kck,size_t kck_len,const u8 * aa,const u8 * spa,int session_timeout,struct eapol_state_machine * eapol,int akmp)279e28a4053SRui Paulo pmksa_cache_auth_add(struct rsn_pmksa_cache *pmksa,
280780fb4a2SCy Schubert 		     const u8 *pmk, size_t pmk_len, const u8 *pmkid,
2815b9c547cSRui Paulo 		     const u8 *kck, size_t kck_len,
282e28a4053SRui Paulo 		     const u8 *aa, const u8 *spa, int session_timeout,
283e28a4053SRui Paulo 		     struct eapol_state_machine *eapol, int akmp)
284e28a4053SRui Paulo {
28585732ac8SCy Schubert 	struct rsn_pmksa_cache_entry *entry;
28685732ac8SCy Schubert 
28785732ac8SCy Schubert 	entry = pmksa_cache_auth_create_entry(pmk, pmk_len, pmkid, kck, kck_len,
28885732ac8SCy Schubert 					      aa, spa, session_timeout, eapol,
28985732ac8SCy Schubert 					      akmp);
29085732ac8SCy Schubert 
29185732ac8SCy Schubert 	if (pmksa_cache_auth_add_entry(pmksa, entry) < 0)
29285732ac8SCy Schubert 		return NULL;
29385732ac8SCy Schubert 
29485732ac8SCy Schubert 	return entry;
29585732ac8SCy Schubert }
29685732ac8SCy Schubert 
29785732ac8SCy Schubert 
29885732ac8SCy Schubert /**
29985732ac8SCy Schubert  * pmksa_cache_auth_create_entry - Create a PMKSA cache entry
30085732ac8SCy Schubert  * @pmk: The new pairwise master key
30185732ac8SCy Schubert  * @pmk_len: PMK length in bytes, usually PMK_LEN (32)
30285732ac8SCy Schubert  * @pmkid: Calculated PMKID
30385732ac8SCy Schubert  * @kck: Key confirmation key or %NULL if not yet derived
30485732ac8SCy Schubert  * @kck_len: KCK length in bytes
30585732ac8SCy Schubert  * @aa: Authenticator address
30685732ac8SCy Schubert  * @spa: Supplicant address
30785732ac8SCy Schubert  * @session_timeout: Session timeout
30885732ac8SCy Schubert  * @eapol: Pointer to EAPOL state machine data
30985732ac8SCy Schubert  * @akmp: WPA_KEY_MGMT_* used in key derivation
31085732ac8SCy Schubert  * Returns: Pointer to the added PMKSA cache entry or %NULL on error
31185732ac8SCy Schubert  *
31285732ac8SCy Schubert  * This function creates a PMKSA entry.
31385732ac8SCy Schubert  */
31485732ac8SCy Schubert struct rsn_pmksa_cache_entry *
pmksa_cache_auth_create_entry(const u8 * pmk,size_t pmk_len,const u8 * pmkid,const u8 * kck,size_t kck_len,const u8 * aa,const u8 * spa,int session_timeout,struct eapol_state_machine * eapol,int akmp)31585732ac8SCy Schubert pmksa_cache_auth_create_entry(const u8 *pmk, size_t pmk_len, const u8 *pmkid,
31685732ac8SCy Schubert 			      const u8 *kck, size_t kck_len, const u8 *aa,
31785732ac8SCy Schubert 			      const u8 *spa, int session_timeout,
31885732ac8SCy Schubert 			      struct eapol_state_machine *eapol, int akmp)
31985732ac8SCy Schubert {
32085732ac8SCy Schubert 	struct rsn_pmksa_cache_entry *entry;
3215b9c547cSRui Paulo 	struct os_reltime now;
322e28a4053SRui Paulo 
323780fb4a2SCy Schubert 	if (pmk_len > PMK_LEN_MAX)
324e28a4053SRui Paulo 		return NULL;
325e28a4053SRui Paulo 
3265b9c547cSRui Paulo 	if (wpa_key_mgmt_suite_b(akmp) && !kck)
3275b9c547cSRui Paulo 		return NULL;
3285b9c547cSRui Paulo 
329e28a4053SRui Paulo 	entry = os_zalloc(sizeof(*entry));
330e28a4053SRui Paulo 	if (entry == NULL)
331e28a4053SRui Paulo 		return NULL;
332e28a4053SRui Paulo 	os_memcpy(entry->pmk, pmk, pmk_len);
333e28a4053SRui Paulo 	entry->pmk_len = pmk_len;
334780fb4a2SCy Schubert 	if (pmkid)
335780fb4a2SCy Schubert 		os_memcpy(entry->pmkid, pmkid, PMKID_LEN);
336780fb4a2SCy Schubert 	else if (akmp == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
3375b9c547cSRui Paulo 		rsn_pmkid_suite_b_192(kck, kck_len, aa, spa, entry->pmkid);
3385b9c547cSRui Paulo 	else if (wpa_key_mgmt_suite_b(akmp))
3395b9c547cSRui Paulo 		rsn_pmkid_suite_b(kck, kck_len, aa, spa, entry->pmkid);
3405b9c547cSRui Paulo 	else
34185732ac8SCy Schubert 		rsn_pmkid(pmk, pmk_len, aa, spa, entry->pmkid, akmp);
3425b9c547cSRui Paulo 	os_get_reltime(&now);
343e28a4053SRui Paulo 	entry->expiration = now.sec;
344e28a4053SRui Paulo 	if (session_timeout > 0)
345e28a4053SRui Paulo 		entry->expiration += session_timeout;
346e28a4053SRui Paulo 	else
347e28a4053SRui Paulo 		entry->expiration += dot11RSNAConfigPMKLifetime;
348e28a4053SRui Paulo 	entry->akmp = akmp;
349e28a4053SRui Paulo 	os_memcpy(entry->spa, spa, ETH_ALEN);
350e28a4053SRui Paulo 	pmksa_cache_from_eapol_data(entry, eapol);
351e28a4053SRui Paulo 
35285732ac8SCy Schubert 	return entry;
35385732ac8SCy Schubert }
35485732ac8SCy Schubert 
35585732ac8SCy Schubert 
35685732ac8SCy Schubert /**
35785732ac8SCy Schubert  * pmksa_cache_auth_add_entry - Add a PMKSA cache entry
35885732ac8SCy Schubert  * @pmksa: Pointer to PMKSA cache data from pmksa_cache_auth_init()
35985732ac8SCy Schubert  * @entry: Pointer to PMKSA cache entry
36085732ac8SCy Schubert  *
36185732ac8SCy Schubert  * This function adds PMKSA cache entry to the PMKSA cache. If an old entry is
36285732ac8SCy Schubert  * already in the cache for the same Supplicant, this entry will be replaced
36385732ac8SCy Schubert  * with the new entry. PMKID will be calculated based on the PMK.
36485732ac8SCy Schubert  */
pmksa_cache_auth_add_entry(struct rsn_pmksa_cache * pmksa,struct rsn_pmksa_cache_entry * entry)36585732ac8SCy Schubert int pmksa_cache_auth_add_entry(struct rsn_pmksa_cache *pmksa,
36685732ac8SCy Schubert 			       struct rsn_pmksa_cache_entry *entry)
36785732ac8SCy Schubert {
36885732ac8SCy Schubert 	struct rsn_pmksa_cache_entry *pos;
36985732ac8SCy Schubert 
37085732ac8SCy Schubert 	if (entry == NULL)
37185732ac8SCy Schubert 		return -1;
37285732ac8SCy Schubert 
373e28a4053SRui Paulo 	/* Replace an old entry for the same STA (if found) with the new entry
374e28a4053SRui Paulo 	 */
37585732ac8SCy Schubert 	pos = pmksa_cache_auth_get(pmksa, entry->spa, NULL);
376e28a4053SRui Paulo 	if (pos)
377e28a4053SRui Paulo 		pmksa_cache_free_entry(pmksa, pos);
378e28a4053SRui Paulo 
379e28a4053SRui Paulo 	if (pmksa->pmksa_count >= pmksa_cache_max_entries && pmksa->pmksa) {
380e28a4053SRui Paulo 		/* Remove the oldest entry to make room for the new entry */
381e28a4053SRui Paulo 		wpa_printf(MSG_DEBUG, "RSN: removed the oldest PMKSA cache "
382e28a4053SRui Paulo 			   "entry (for " MACSTR ") to make room for new one",
383e28a4053SRui Paulo 			   MAC2STR(pmksa->pmksa->spa));
384e28a4053SRui Paulo 		pmksa_cache_free_entry(pmksa, pmksa->pmksa);
385e28a4053SRui Paulo 	}
386e28a4053SRui Paulo 
387e28a4053SRui Paulo 	pmksa_cache_link_entry(pmksa, entry);
388e28a4053SRui Paulo 
38985732ac8SCy Schubert 	return 0;
390e28a4053SRui Paulo }
391e28a4053SRui Paulo 
392e28a4053SRui Paulo 
393e28a4053SRui Paulo struct rsn_pmksa_cache_entry *
pmksa_cache_add_okc(struct rsn_pmksa_cache * pmksa,const struct rsn_pmksa_cache_entry * old_entry,const u8 * aa,const u8 * pmkid)394e28a4053SRui Paulo pmksa_cache_add_okc(struct rsn_pmksa_cache *pmksa,
395e28a4053SRui Paulo 		    const struct rsn_pmksa_cache_entry *old_entry,
396e28a4053SRui Paulo 		    const u8 *aa, const u8 *pmkid)
397e28a4053SRui Paulo {
398e28a4053SRui Paulo 	struct rsn_pmksa_cache_entry *entry;
399e28a4053SRui Paulo 
400e28a4053SRui Paulo 	entry = os_zalloc(sizeof(*entry));
401e28a4053SRui Paulo 	if (entry == NULL)
402e28a4053SRui Paulo 		return NULL;
403e28a4053SRui Paulo 	os_memcpy(entry->pmkid, pmkid, PMKID_LEN);
404e28a4053SRui Paulo 	os_memcpy(entry->pmk, old_entry->pmk, old_entry->pmk_len);
405e28a4053SRui Paulo 	entry->pmk_len = old_entry->pmk_len;
406e28a4053SRui Paulo 	entry->expiration = old_entry->expiration;
407e28a4053SRui Paulo 	entry->akmp = old_entry->akmp;
408e28a4053SRui Paulo 	os_memcpy(entry->spa, old_entry->spa, ETH_ALEN);
409e28a4053SRui Paulo 	entry->opportunistic = 1;
410e28a4053SRui Paulo 	if (old_entry->identity) {
411e28a4053SRui Paulo 		entry->identity = os_malloc(old_entry->identity_len);
412e28a4053SRui Paulo 		if (entry->identity) {
413e28a4053SRui Paulo 			entry->identity_len = old_entry->identity_len;
414e28a4053SRui Paulo 			os_memcpy(entry->identity, old_entry->identity,
415e28a4053SRui Paulo 				  old_entry->identity_len);
416e28a4053SRui Paulo 		}
417e28a4053SRui Paulo 	}
418f05cddf9SRui Paulo 	if (old_entry->cui)
419f05cddf9SRui Paulo 		entry->cui = wpabuf_dup(old_entry->cui);
420e28a4053SRui Paulo #ifndef CONFIG_NO_RADIUS
421e28a4053SRui Paulo 	radius_copy_class(&entry->radius_class, &old_entry->radius_class);
422e28a4053SRui Paulo #endif /* CONFIG_NO_RADIUS */
423e28a4053SRui Paulo 	entry->eap_type_authsrv = old_entry->eap_type_authsrv;
424780fb4a2SCy Schubert 	if (old_entry->vlan_desc) {
425780fb4a2SCy Schubert 		entry->vlan_desc = os_zalloc(sizeof(struct vlan_description));
426780fb4a2SCy Schubert 		if (entry->vlan_desc)
427780fb4a2SCy Schubert 			*entry->vlan_desc = *old_entry->vlan_desc;
428780fb4a2SCy Schubert 	} else {
429780fb4a2SCy Schubert 		entry->vlan_desc = NULL;
430780fb4a2SCy Schubert 	}
431e28a4053SRui Paulo 	entry->opportunistic = 1;
432e28a4053SRui Paulo 
433e28a4053SRui Paulo 	pmksa_cache_link_entry(pmksa, entry);
434e28a4053SRui Paulo 
435e28a4053SRui Paulo 	return entry;
436e28a4053SRui Paulo }
437e28a4053SRui Paulo 
438e28a4053SRui Paulo 
439e28a4053SRui Paulo /**
440e28a4053SRui Paulo  * pmksa_cache_auth_deinit - Free all entries in PMKSA cache
441e28a4053SRui Paulo  * @pmksa: Pointer to PMKSA cache data from pmksa_cache_auth_init()
442e28a4053SRui Paulo  */
pmksa_cache_auth_deinit(struct rsn_pmksa_cache * pmksa)443e28a4053SRui Paulo void pmksa_cache_auth_deinit(struct rsn_pmksa_cache *pmksa)
444e28a4053SRui Paulo {
445e28a4053SRui Paulo 	struct rsn_pmksa_cache_entry *entry, *prev;
446e28a4053SRui Paulo 	int i;
447e28a4053SRui Paulo 
448e28a4053SRui Paulo 	if (pmksa == NULL)
449e28a4053SRui Paulo 		return;
450e28a4053SRui Paulo 
451e28a4053SRui Paulo 	entry = pmksa->pmksa;
452e28a4053SRui Paulo 	while (entry) {
453e28a4053SRui Paulo 		prev = entry;
454e28a4053SRui Paulo 		entry = entry->next;
455e28a4053SRui Paulo 		_pmksa_cache_free_entry(prev);
456e28a4053SRui Paulo 	}
457e28a4053SRui Paulo 	eloop_cancel_timeout(pmksa_cache_expire, pmksa, NULL);
4585b9c547cSRui Paulo 	pmksa->pmksa_count = 0;
4595b9c547cSRui Paulo 	pmksa->pmksa = NULL;
460e28a4053SRui Paulo 	for (i = 0; i < PMKID_HASH_SIZE; i++)
461e28a4053SRui Paulo 		pmksa->pmkid[i] = NULL;
462e28a4053SRui Paulo 	os_free(pmksa);
463e28a4053SRui Paulo }
464e28a4053SRui Paulo 
465e28a4053SRui Paulo 
466e28a4053SRui Paulo /**
467e28a4053SRui Paulo  * pmksa_cache_auth_get - Fetch a PMKSA cache entry
468e28a4053SRui Paulo  * @pmksa: Pointer to PMKSA cache data from pmksa_cache_auth_init()
469e28a4053SRui Paulo  * @spa: Supplicant address or %NULL to match any
470e28a4053SRui Paulo  * @pmkid: PMKID or %NULL to match any
471e28a4053SRui Paulo  * Returns: Pointer to PMKSA cache entry or %NULL if no match was found
472e28a4053SRui Paulo  */
473e28a4053SRui Paulo struct rsn_pmksa_cache_entry *
pmksa_cache_auth_get(struct rsn_pmksa_cache * pmksa,const u8 * spa,const u8 * pmkid)474e28a4053SRui Paulo pmksa_cache_auth_get(struct rsn_pmksa_cache *pmksa,
475e28a4053SRui Paulo 		     const u8 *spa, const u8 *pmkid)
476e28a4053SRui Paulo {
477e28a4053SRui Paulo 	struct rsn_pmksa_cache_entry *entry;
478e28a4053SRui Paulo 
4795b9c547cSRui Paulo 	if (pmkid) {
4805b9c547cSRui Paulo 		for (entry = pmksa->pmkid[PMKID_HASH(pmkid)]; entry;
4815b9c547cSRui Paulo 		     entry = entry->hnext) {
482e28a4053SRui Paulo 			if ((spa == NULL ||
483e28a4053SRui Paulo 			     os_memcmp(entry->spa, spa, ETH_ALEN) == 0) &&
4845b9c547cSRui Paulo 			    os_memcmp(entry->pmkid, pmkid, PMKID_LEN) == 0)
485e28a4053SRui Paulo 				return entry;
486e28a4053SRui Paulo 		}
4875b9c547cSRui Paulo 	} else {
4885b9c547cSRui Paulo 		for (entry = pmksa->pmksa; entry; entry = entry->next) {
4895b9c547cSRui Paulo 			if (spa == NULL ||
4905b9c547cSRui Paulo 			    os_memcmp(entry->spa, spa, ETH_ALEN) == 0)
4915b9c547cSRui Paulo 				return entry;
4925b9c547cSRui Paulo 		}
4935b9c547cSRui Paulo 	}
4945b9c547cSRui Paulo 
495e28a4053SRui Paulo 	return NULL;
496e28a4053SRui Paulo }
497e28a4053SRui Paulo 
498e28a4053SRui Paulo 
499e28a4053SRui Paulo /**
500e28a4053SRui Paulo  * pmksa_cache_get_okc - Fetch a PMKSA cache entry using OKC
501e28a4053SRui Paulo  * @pmksa: Pointer to PMKSA cache data from pmksa_cache_auth_init()
502e28a4053SRui Paulo  * @aa: Authenticator address
503e28a4053SRui Paulo  * @spa: Supplicant address
504e28a4053SRui Paulo  * @pmkid: PMKID
505e28a4053SRui Paulo  * Returns: Pointer to PMKSA cache entry or %NULL if no match was found
506e28a4053SRui Paulo  *
507e28a4053SRui Paulo  * Use opportunistic key caching (OKC) to find a PMK for a supplicant.
508e28a4053SRui Paulo  */
pmksa_cache_get_okc(struct rsn_pmksa_cache * pmksa,const u8 * aa,const u8 * spa,const u8 * pmkid)509e28a4053SRui Paulo struct rsn_pmksa_cache_entry * pmksa_cache_get_okc(
510e28a4053SRui Paulo 	struct rsn_pmksa_cache *pmksa, const u8 *aa, const u8 *spa,
511e28a4053SRui Paulo 	const u8 *pmkid)
512e28a4053SRui Paulo {
513e28a4053SRui Paulo 	struct rsn_pmksa_cache_entry *entry;
514e28a4053SRui Paulo 	u8 new_pmkid[PMKID_LEN];
515e28a4053SRui Paulo 
5165b9c547cSRui Paulo 	for (entry = pmksa->pmksa; entry; entry = entry->next) {
517e28a4053SRui Paulo 		if (os_memcmp(entry->spa, spa, ETH_ALEN) != 0)
518e28a4053SRui Paulo 			continue;
519*c1d255d3SCy Schubert 		if (wpa_key_mgmt_sae(entry->akmp) ||
520*c1d255d3SCy Schubert 		    wpa_key_mgmt_fils(entry->akmp)) {
521*c1d255d3SCy Schubert 			if (os_memcmp(entry->pmkid, pmkid, PMKID_LEN) == 0)
522*c1d255d3SCy Schubert 				return entry;
523*c1d255d3SCy Schubert 			continue;
524*c1d255d3SCy Schubert 		}
525e28a4053SRui Paulo 		rsn_pmkid(entry->pmk, entry->pmk_len, aa, spa, new_pmkid,
52685732ac8SCy Schubert 			  entry->akmp);
527e28a4053SRui Paulo 		if (os_memcmp(new_pmkid, pmkid, PMKID_LEN) == 0)
528e28a4053SRui Paulo 			return entry;
529e28a4053SRui Paulo 	}
530e28a4053SRui Paulo 	return NULL;
531e28a4053SRui Paulo }
532e28a4053SRui Paulo 
533e28a4053SRui Paulo 
534e28a4053SRui Paulo /**
535e28a4053SRui Paulo  * pmksa_cache_auth_init - Initialize PMKSA cache
536e28a4053SRui Paulo  * @free_cb: Callback function to be called when a PMKSA cache entry is freed
537e28a4053SRui Paulo  * @ctx: Context pointer for free_cb function
538e28a4053SRui Paulo  * Returns: Pointer to PMKSA cache data or %NULL on failure
539e28a4053SRui Paulo  */
540e28a4053SRui Paulo struct rsn_pmksa_cache *
pmksa_cache_auth_init(void (* free_cb)(struct rsn_pmksa_cache_entry * entry,void * ctx),void * ctx)541e28a4053SRui Paulo pmksa_cache_auth_init(void (*free_cb)(struct rsn_pmksa_cache_entry *entry,
542e28a4053SRui Paulo 				      void *ctx), void *ctx)
543e28a4053SRui Paulo {
544e28a4053SRui Paulo 	struct rsn_pmksa_cache *pmksa;
545e28a4053SRui Paulo 
546e28a4053SRui Paulo 	pmksa = os_zalloc(sizeof(*pmksa));
547e28a4053SRui Paulo 	if (pmksa) {
548e28a4053SRui Paulo 		pmksa->free_cb = free_cb;
549e28a4053SRui Paulo 		pmksa->ctx = ctx;
550e28a4053SRui Paulo 	}
551e28a4053SRui Paulo 
552e28a4053SRui Paulo 	return pmksa;
553e28a4053SRui Paulo }
5545b9c547cSRui Paulo 
5555b9c547cSRui Paulo 
das_attr_match(struct rsn_pmksa_cache_entry * entry,struct radius_das_attrs * attr)5565b9c547cSRui Paulo static int das_attr_match(struct rsn_pmksa_cache_entry *entry,
5575b9c547cSRui Paulo 			  struct radius_das_attrs *attr)
5585b9c547cSRui Paulo {
5595b9c547cSRui Paulo 	int match = 0;
5605b9c547cSRui Paulo 
5615b9c547cSRui Paulo 	if (attr->sta_addr) {
5625b9c547cSRui Paulo 		if (os_memcmp(attr->sta_addr, entry->spa, ETH_ALEN) != 0)
5635b9c547cSRui Paulo 			return 0;
5645b9c547cSRui Paulo 		match++;
5655b9c547cSRui Paulo 	}
5665b9c547cSRui Paulo 
5675b9c547cSRui Paulo 	if (attr->acct_multi_session_id) {
5685b9c547cSRui Paulo 		char buf[20];
5695b9c547cSRui Paulo 
570780fb4a2SCy Schubert 		if (attr->acct_multi_session_id_len != 16)
5715b9c547cSRui Paulo 			return 0;
572780fb4a2SCy Schubert 		os_snprintf(buf, sizeof(buf), "%016llX",
573780fb4a2SCy Schubert 			    (unsigned long long) entry->acct_multi_session_id);
574780fb4a2SCy Schubert 		if (os_memcmp(attr->acct_multi_session_id, buf, 16) != 0)
5755b9c547cSRui Paulo 			return 0;
5765b9c547cSRui Paulo 		match++;
5775b9c547cSRui Paulo 	}
5785b9c547cSRui Paulo 
5795b9c547cSRui Paulo 	if (attr->cui) {
5805b9c547cSRui Paulo 		if (!entry->cui ||
5815b9c547cSRui Paulo 		    attr->cui_len != wpabuf_len(entry->cui) ||
5825b9c547cSRui Paulo 		    os_memcmp(attr->cui, wpabuf_head(entry->cui),
5835b9c547cSRui Paulo 			      attr->cui_len) != 0)
5845b9c547cSRui Paulo 			return 0;
5855b9c547cSRui Paulo 		match++;
5865b9c547cSRui Paulo 	}
5875b9c547cSRui Paulo 
5885b9c547cSRui Paulo 	if (attr->user_name) {
5895b9c547cSRui Paulo 		if (!entry->identity ||
5905b9c547cSRui Paulo 		    attr->user_name_len != entry->identity_len ||
5915b9c547cSRui Paulo 		    os_memcmp(attr->user_name, entry->identity,
5925b9c547cSRui Paulo 			      attr->user_name_len) != 0)
5935b9c547cSRui Paulo 			return 0;
5945b9c547cSRui Paulo 		match++;
5955b9c547cSRui Paulo 	}
5965b9c547cSRui Paulo 
5975b9c547cSRui Paulo 	return match;
5985b9c547cSRui Paulo }
5995b9c547cSRui Paulo 
6005b9c547cSRui Paulo 
pmksa_cache_auth_radius_das_disconnect(struct rsn_pmksa_cache * pmksa,struct radius_das_attrs * attr)6015b9c547cSRui Paulo int pmksa_cache_auth_radius_das_disconnect(struct rsn_pmksa_cache *pmksa,
6025b9c547cSRui Paulo 					   struct radius_das_attrs *attr)
6035b9c547cSRui Paulo {
6045b9c547cSRui Paulo 	int found = 0;
6055b9c547cSRui Paulo 	struct rsn_pmksa_cache_entry *entry, *prev;
6065b9c547cSRui Paulo 
6075b9c547cSRui Paulo 	if (attr->acct_session_id)
6085b9c547cSRui Paulo 		return -1;
6095b9c547cSRui Paulo 
6105b9c547cSRui Paulo 	entry = pmksa->pmksa;
6115b9c547cSRui Paulo 	while (entry) {
6125b9c547cSRui Paulo 		if (das_attr_match(entry, attr)) {
6135b9c547cSRui Paulo 			found++;
6145b9c547cSRui Paulo 			prev = entry;
6155b9c547cSRui Paulo 			entry = entry->next;
6165b9c547cSRui Paulo 			pmksa_cache_free_entry(pmksa, prev);
6175b9c547cSRui Paulo 			continue;
6185b9c547cSRui Paulo 		}
6195b9c547cSRui Paulo 		entry = entry->next;
6205b9c547cSRui Paulo 	}
6215b9c547cSRui Paulo 
6225b9c547cSRui Paulo 	return found ? 0 : -1;
6235b9c547cSRui Paulo }
624780fb4a2SCy Schubert 
625780fb4a2SCy Schubert 
626780fb4a2SCy Schubert /**
627780fb4a2SCy Schubert  * pmksa_cache_auth_list - Dump text list of entries in PMKSA cache
628780fb4a2SCy Schubert  * @pmksa: Pointer to PMKSA cache data from pmksa_cache_auth_init()
629780fb4a2SCy Schubert  * @buf: Buffer for the list
630780fb4a2SCy Schubert  * @len: Length of the buffer
631780fb4a2SCy Schubert  * Returns: Number of bytes written to buffer
632780fb4a2SCy Schubert  *
633780fb4a2SCy Schubert  * This function is used to generate a text format representation of the
634780fb4a2SCy Schubert  * current PMKSA cache contents for the ctrl_iface PMKSA command.
635780fb4a2SCy Schubert  */
pmksa_cache_auth_list(struct rsn_pmksa_cache * pmksa,char * buf,size_t len)636780fb4a2SCy Schubert int pmksa_cache_auth_list(struct rsn_pmksa_cache *pmksa, char *buf, size_t len)
637780fb4a2SCy Schubert {
638780fb4a2SCy Schubert 	int i, ret;
639780fb4a2SCy Schubert 	char *pos = buf;
640780fb4a2SCy Schubert 	struct rsn_pmksa_cache_entry *entry;
641780fb4a2SCy Schubert 	struct os_reltime now;
642780fb4a2SCy Schubert 
643780fb4a2SCy Schubert 	os_get_reltime(&now);
644780fb4a2SCy Schubert 	ret = os_snprintf(pos, buf + len - pos,
645780fb4a2SCy Schubert 			  "Index / SPA / PMKID / expiration (in seconds) / opportunistic\n");
646780fb4a2SCy Schubert 	if (os_snprintf_error(buf + len - pos, ret))
647780fb4a2SCy Schubert 		return pos - buf;
648780fb4a2SCy Schubert 	pos += ret;
649780fb4a2SCy Schubert 	i = 0;
650780fb4a2SCy Schubert 	entry = pmksa->pmksa;
651780fb4a2SCy Schubert 	while (entry) {
652780fb4a2SCy Schubert 		ret = os_snprintf(pos, buf + len - pos, "%d " MACSTR " ",
653780fb4a2SCy Schubert 				  i, MAC2STR(entry->spa));
654780fb4a2SCy Schubert 		if (os_snprintf_error(buf + len - pos, ret))
655780fb4a2SCy Schubert 			return pos - buf;
656780fb4a2SCy Schubert 		pos += ret;
657780fb4a2SCy Schubert 		pos += wpa_snprintf_hex(pos, buf + len - pos, entry->pmkid,
658780fb4a2SCy Schubert 					PMKID_LEN);
659780fb4a2SCy Schubert 		ret = os_snprintf(pos, buf + len - pos, " %d %d\n",
660780fb4a2SCy Schubert 				  (int) (entry->expiration - now.sec),
661780fb4a2SCy Schubert 				  entry->opportunistic);
662780fb4a2SCy Schubert 		if (os_snprintf_error(buf + len - pos, ret))
663780fb4a2SCy Schubert 			return pos - buf;
664780fb4a2SCy Schubert 		pos += ret;
665780fb4a2SCy Schubert 		entry = entry->next;
666780fb4a2SCy Schubert 	}
667780fb4a2SCy Schubert 	return pos - buf;
668780fb4a2SCy Schubert }
66985732ac8SCy Schubert 
67085732ac8SCy Schubert 
67185732ac8SCy Schubert #ifdef CONFIG_PMKSA_CACHE_EXTERNAL
67285732ac8SCy Schubert #ifdef CONFIG_MESH
67385732ac8SCy Schubert 
67485732ac8SCy Schubert /**
67585732ac8SCy Schubert  * pmksa_cache_auth_list_mesh - Dump text list of entries in PMKSA cache
67685732ac8SCy Schubert  * @pmksa: Pointer to PMKSA cache data from pmksa_cache_auth_init()
67785732ac8SCy Schubert  * @addr: MAC address of the peer (NULL means any)
67885732ac8SCy Schubert  * @buf: Buffer for the list
67985732ac8SCy Schubert  * @len: Length of the buffer
68085732ac8SCy Schubert  * Returns: Number of bytes written to buffer
68185732ac8SCy Schubert  *
68285732ac8SCy Schubert  * This function is used to generate a text format representation of the
68385732ac8SCy Schubert  * current PMKSA cache contents for the ctrl_iface PMKSA_GET command to store
68485732ac8SCy Schubert  * in external storage.
68585732ac8SCy Schubert  */
pmksa_cache_auth_list_mesh(struct rsn_pmksa_cache * pmksa,const u8 * addr,char * buf,size_t len)68685732ac8SCy Schubert int pmksa_cache_auth_list_mesh(struct rsn_pmksa_cache *pmksa, const u8 *addr,
68785732ac8SCy Schubert 			       char *buf, size_t len)
68885732ac8SCy Schubert {
68985732ac8SCy Schubert 	int ret;
69085732ac8SCy Schubert 	char *pos, *end;
69185732ac8SCy Schubert 	struct rsn_pmksa_cache_entry *entry;
69285732ac8SCy Schubert 	struct os_reltime now;
69385732ac8SCy Schubert 
69485732ac8SCy Schubert 	pos = buf;
69585732ac8SCy Schubert 	end = buf + len;
69685732ac8SCy Schubert 	os_get_reltime(&now);
69785732ac8SCy Schubert 
69885732ac8SCy Schubert 
69985732ac8SCy Schubert 	/*
70085732ac8SCy Schubert 	 * Entry format:
70185732ac8SCy Schubert 	 * <BSSID> <PMKID> <PMK> <expiration in seconds>
70285732ac8SCy Schubert 	 */
70385732ac8SCy Schubert 	for (entry = pmksa->pmksa; entry; entry = entry->next) {
70485732ac8SCy Schubert 		if (addr && os_memcmp(entry->spa, addr, ETH_ALEN) != 0)
70585732ac8SCy Schubert 			continue;
70685732ac8SCy Schubert 
70785732ac8SCy Schubert 		ret = os_snprintf(pos, end - pos, MACSTR " ",
70885732ac8SCy Schubert 				  MAC2STR(entry->spa));
70985732ac8SCy Schubert 		if (os_snprintf_error(end - pos, ret))
71085732ac8SCy Schubert 			return 0;
71185732ac8SCy Schubert 		pos += ret;
71285732ac8SCy Schubert 
71385732ac8SCy Schubert 		pos += wpa_snprintf_hex(pos, end - pos, entry->pmkid,
71485732ac8SCy Schubert 					PMKID_LEN);
71585732ac8SCy Schubert 
71685732ac8SCy Schubert 		ret = os_snprintf(pos, end - pos, " ");
71785732ac8SCy Schubert 		if (os_snprintf_error(end - pos, ret))
71885732ac8SCy Schubert 			return 0;
71985732ac8SCy Schubert 		pos += ret;
72085732ac8SCy Schubert 
72185732ac8SCy Schubert 		pos += wpa_snprintf_hex(pos, end - pos, entry->pmk,
72285732ac8SCy Schubert 					entry->pmk_len);
72385732ac8SCy Schubert 
72485732ac8SCy Schubert 		ret = os_snprintf(pos, end - pos, " %d\n",
72585732ac8SCy Schubert 				  (int) (entry->expiration - now.sec));
72685732ac8SCy Schubert 		if (os_snprintf_error(end - pos, ret))
72785732ac8SCy Schubert 			return 0;
72885732ac8SCy Schubert 		pos += ret;
72985732ac8SCy Schubert 	}
73085732ac8SCy Schubert 
73185732ac8SCy Schubert 	return pos - buf;
73285732ac8SCy Schubert }
73385732ac8SCy Schubert 
73485732ac8SCy Schubert #endif /* CONFIG_MESH */
73585732ac8SCy Schubert #endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
736