1 /*
2 * hostapd - PMKSA cache for IEEE 802.11i RSN
3 * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "utils/includes.h"
10
11 #include "utils/common.h"
12 #include "utils/eloop.h"
13 #include "eapol_auth/eapol_auth_sm.h"
14 #include "eapol_auth/eapol_auth_sm_i.h"
15 #include "sta_info.h"
16 #include "ap_config.h"
17 #include "pmksa_cache_auth.h"
18
19
20 static const int pmksa_cache_max_entries = 1024;
21 static const int dot11RSNAConfigPMKLifetime = 43200;
22
23 struct rsn_pmksa_cache {
24 #define PMKID_HASH_SIZE 128
25 #define PMKID_HASH(pmkid) (unsigned int) ((pmkid)[0] & 0x7f)
26 struct rsn_pmksa_cache_entry *pmkid[PMKID_HASH_SIZE];
27 struct rsn_pmksa_cache_entry *pmksa;
28 int pmksa_count;
29
30 void (*free_cb)(struct rsn_pmksa_cache_entry *entry, void *ctx);
31 void *ctx;
32 };
33
34
35 static void pmksa_cache_set_expiration(struct rsn_pmksa_cache *pmksa);
36
37
_pmksa_cache_free_entry(struct rsn_pmksa_cache_entry * entry)38 static void _pmksa_cache_free_entry(struct rsn_pmksa_cache_entry *entry)
39 {
40 if (entry == NULL)
41 return;
42 os_free(entry->identity);
43 #ifndef CONFIG_NO_RADIUS
44 radius_free_class(&entry->radius_class);
45 #endif /* CONFIG_NO_RADIUS */
46 os_free(entry);
47 }
48
49
pmksa_cache_free_entry(struct rsn_pmksa_cache * pmksa,struct rsn_pmksa_cache_entry * entry)50 static void pmksa_cache_free_entry(struct rsn_pmksa_cache *pmksa,
51 struct rsn_pmksa_cache_entry *entry)
52 {
53 struct rsn_pmksa_cache_entry *pos, *prev;
54
55 pmksa->pmksa_count--;
56 pmksa->free_cb(entry, pmksa->ctx);
57 pos = pmksa->pmkid[PMKID_HASH(entry->pmkid)];
58 prev = NULL;
59 while (pos) {
60 if (pos == entry) {
61 if (prev != NULL) {
62 prev->hnext = pos->hnext;
63 } else {
64 pmksa->pmkid[PMKID_HASH(entry->pmkid)] =
65 pos->hnext;
66 }
67 break;
68 }
69 prev = pos;
70 pos = pos->hnext;
71 }
72
73 pos = pmksa->pmksa;
74 prev = NULL;
75 while (pos) {
76 if (pos == entry) {
77 if (prev != NULL)
78 prev->next = pos->next;
79 else
80 pmksa->pmksa = pos->next;
81 break;
82 }
83 prev = pos;
84 pos = pos->next;
85 }
86 _pmksa_cache_free_entry(entry);
87 }
88
89
pmksa_cache_expire(void * eloop_ctx,void * timeout_ctx)90 static void pmksa_cache_expire(void *eloop_ctx, void *timeout_ctx)
91 {
92 struct rsn_pmksa_cache *pmksa = eloop_ctx;
93 struct os_time now;
94
95 os_get_time(&now);
96 while (pmksa->pmksa && pmksa->pmksa->expiration <= now.sec) {
97 struct rsn_pmksa_cache_entry *entry = pmksa->pmksa;
98 pmksa->pmksa = entry->next;
99 wpa_printf(MSG_DEBUG, "RSN: expired PMKSA cache entry for "
100 MACSTR, MAC2STR(entry->spa));
101 pmksa_cache_free_entry(pmksa, entry);
102 }
103
104 pmksa_cache_set_expiration(pmksa);
105 }
106
107
pmksa_cache_set_expiration(struct rsn_pmksa_cache * pmksa)108 static void pmksa_cache_set_expiration(struct rsn_pmksa_cache *pmksa)
109 {
110 int sec;
111 struct os_time now;
112
113 eloop_cancel_timeout(pmksa_cache_expire, pmksa, NULL);
114 if (pmksa->pmksa == NULL)
115 return;
116 os_get_time(&now);
117 sec = pmksa->pmksa->expiration - now.sec;
118 if (sec < 0)
119 sec = 0;
120 eloop_register_timeout(sec + 1, 0, pmksa_cache_expire, pmksa, NULL);
121 }
122
123
pmksa_cache_from_eapol_data(struct rsn_pmksa_cache_entry * entry,struct eapol_state_machine * eapol)124 static void pmksa_cache_from_eapol_data(struct rsn_pmksa_cache_entry *entry,
125 struct eapol_state_machine *eapol)
126 {
127 if (eapol == NULL)
128 return;
129
130 if (eapol->identity) {
131 entry->identity = os_malloc(eapol->identity_len);
132 if (entry->identity) {
133 entry->identity_len = eapol->identity_len;
134 os_memcpy(entry->identity, eapol->identity,
135 eapol->identity_len);
136 }
137 }
138
139 #ifndef CONFIG_NO_RADIUS
140 radius_copy_class(&entry->radius_class, &eapol->radius_class);
141 #endif /* CONFIG_NO_RADIUS */
142
143 entry->eap_type_authsrv = eapol->eap_type_authsrv;
144 entry->vlan_id = ((struct sta_info *) eapol->sta)->vlan_id;
145 }
146
147
pmksa_cache_to_eapol_data(struct rsn_pmksa_cache_entry * entry,struct eapol_state_machine * eapol)148 void pmksa_cache_to_eapol_data(struct rsn_pmksa_cache_entry *entry,
149 struct eapol_state_machine *eapol)
150 {
151 if (entry == NULL || eapol == NULL)
152 return;
153
154 if (entry->identity) {
155 os_free(eapol->identity);
156 eapol->identity = os_malloc(entry->identity_len);
157 if (eapol->identity) {
158 eapol->identity_len = entry->identity_len;
159 os_memcpy(eapol->identity, entry->identity,
160 entry->identity_len);
161 }
162 wpa_hexdump_ascii(MSG_DEBUG, "STA identity from PMKSA",
163 eapol->identity, eapol->identity_len);
164 }
165
166 #ifndef CONFIG_NO_RADIUS
167 radius_free_class(&eapol->radius_class);
168 radius_copy_class(&eapol->radius_class, &entry->radius_class);
169 #endif /* CONFIG_NO_RADIUS */
170 if (eapol->radius_class.attr) {
171 wpa_printf(MSG_DEBUG, "Copied %lu Class attribute(s) from "
172 "PMKSA", (unsigned long) eapol->radius_class.count);
173 }
174
175 eapol->eap_type_authsrv = entry->eap_type_authsrv;
176 ((struct sta_info *) eapol->sta)->vlan_id = entry->vlan_id;
177 }
178
179
pmksa_cache_link_entry(struct rsn_pmksa_cache * pmksa,struct rsn_pmksa_cache_entry * entry)180 static void pmksa_cache_link_entry(struct rsn_pmksa_cache *pmksa,
181 struct rsn_pmksa_cache_entry *entry)
182 {
183 struct rsn_pmksa_cache_entry *pos, *prev;
184
185 /* Add the new entry; order by expiration time */
186 pos = pmksa->pmksa;
187 prev = NULL;
188 while (pos) {
189 if (pos->expiration > entry->expiration)
190 break;
191 prev = pos;
192 pos = pos->next;
193 }
194 if (prev == NULL) {
195 entry->next = pmksa->pmksa;
196 pmksa->pmksa = entry;
197 } else {
198 entry->next = prev->next;
199 prev->next = entry;
200 }
201 entry->hnext = pmksa->pmkid[PMKID_HASH(entry->pmkid)];
202 pmksa->pmkid[PMKID_HASH(entry->pmkid)] = entry;
203
204 pmksa->pmksa_count++;
205 wpa_printf(MSG_DEBUG, "RSN: added PMKSA cache entry for " MACSTR,
206 MAC2STR(entry->spa));
207 wpa_hexdump(MSG_DEBUG, "RSN: added PMKID", entry->pmkid, PMKID_LEN);
208 }
209
210
211 /**
212 * pmksa_cache_auth_add - Add a PMKSA cache entry
213 * @pmksa: Pointer to PMKSA cache data from pmksa_cache_auth_init()
214 * @pmk: The new pairwise master key
215 * @pmk_len: PMK length in bytes, usually PMK_LEN (32)
216 * @aa: Authenticator address
217 * @spa: Supplicant address
218 * @session_timeout: Session timeout
219 * @eapol: Pointer to EAPOL state machine data
220 * @akmp: WPA_KEY_MGMT_* used in key derivation
221 * Returns: Pointer to the added PMKSA cache entry or %NULL on error
222 *
223 * This function create a PMKSA entry for a new PMK and adds it to the PMKSA
224 * cache. If an old entry is already in the cache for the same Supplicant,
225 * this entry will be replaced with the new entry. PMKID will be calculated
226 * based on the PMK.
227 */
228 struct rsn_pmksa_cache_entry *
pmksa_cache_auth_add(struct rsn_pmksa_cache * pmksa,const u8 * pmk,size_t pmk_len,const u8 * aa,const u8 * spa,int session_timeout,struct eapol_state_machine * eapol,int akmp)229 pmksa_cache_auth_add(struct rsn_pmksa_cache *pmksa,
230 const u8 *pmk, size_t pmk_len,
231 const u8 *aa, const u8 *spa, int session_timeout,
232 struct eapol_state_machine *eapol, int akmp)
233 {
234 struct rsn_pmksa_cache_entry *entry, *pos;
235 struct os_time now;
236
237 if (pmk_len > PMK_LEN)
238 return NULL;
239
240 entry = os_zalloc(sizeof(*entry));
241 if (entry == NULL)
242 return NULL;
243 os_memcpy(entry->pmk, pmk, pmk_len);
244 entry->pmk_len = pmk_len;
245 rsn_pmkid(pmk, pmk_len, aa, spa, entry->pmkid,
246 wpa_key_mgmt_sha256(akmp));
247 os_get_time(&now);
248 entry->expiration = now.sec;
249 if (session_timeout > 0)
250 entry->expiration += session_timeout;
251 else
252 entry->expiration += dot11RSNAConfigPMKLifetime;
253 entry->akmp = akmp;
254 os_memcpy(entry->spa, spa, ETH_ALEN);
255 pmksa_cache_from_eapol_data(entry, eapol);
256
257 /* Replace an old entry for the same STA (if found) with the new entry
258 */
259 pos = pmksa_cache_auth_get(pmksa, spa, NULL);
260 if (pos)
261 pmksa_cache_free_entry(pmksa, pos);
262
263 if (pmksa->pmksa_count >= pmksa_cache_max_entries && pmksa->pmksa) {
264 /* Remove the oldest entry to make room for the new entry */
265 wpa_printf(MSG_DEBUG, "RSN: removed the oldest PMKSA cache "
266 "entry (for " MACSTR ") to make room for new one",
267 MAC2STR(pmksa->pmksa->spa));
268 pmksa_cache_free_entry(pmksa, pmksa->pmksa);
269 }
270
271 pmksa_cache_link_entry(pmksa, entry);
272
273 return entry;
274 }
275
276
277 struct rsn_pmksa_cache_entry *
pmksa_cache_add_okc(struct rsn_pmksa_cache * pmksa,const struct rsn_pmksa_cache_entry * old_entry,const u8 * aa,const u8 * pmkid)278 pmksa_cache_add_okc(struct rsn_pmksa_cache *pmksa,
279 const struct rsn_pmksa_cache_entry *old_entry,
280 const u8 *aa, const u8 *pmkid)
281 {
282 struct rsn_pmksa_cache_entry *entry;
283
284 entry = os_zalloc(sizeof(*entry));
285 if (entry == NULL)
286 return NULL;
287 os_memcpy(entry->pmkid, pmkid, PMKID_LEN);
288 os_memcpy(entry->pmk, old_entry->pmk, old_entry->pmk_len);
289 entry->pmk_len = old_entry->pmk_len;
290 entry->expiration = old_entry->expiration;
291 entry->akmp = old_entry->akmp;
292 os_memcpy(entry->spa, old_entry->spa, ETH_ALEN);
293 entry->opportunistic = 1;
294 if (old_entry->identity) {
295 entry->identity = os_malloc(old_entry->identity_len);
296 if (entry->identity) {
297 entry->identity_len = old_entry->identity_len;
298 os_memcpy(entry->identity, old_entry->identity,
299 old_entry->identity_len);
300 }
301 }
302 #ifndef CONFIG_NO_RADIUS
303 radius_copy_class(&entry->radius_class, &old_entry->radius_class);
304 #endif /* CONFIG_NO_RADIUS */
305 entry->eap_type_authsrv = old_entry->eap_type_authsrv;
306 entry->vlan_id = old_entry->vlan_id;
307 entry->opportunistic = 1;
308
309 pmksa_cache_link_entry(pmksa, entry);
310
311 return entry;
312 }
313
314
315 /**
316 * pmksa_cache_auth_deinit - Free all entries in PMKSA cache
317 * @pmksa: Pointer to PMKSA cache data from pmksa_cache_auth_init()
318 */
pmksa_cache_auth_deinit(struct rsn_pmksa_cache * pmksa)319 void pmksa_cache_auth_deinit(struct rsn_pmksa_cache *pmksa)
320 {
321 struct rsn_pmksa_cache_entry *entry, *prev;
322 int i;
323
324 if (pmksa == NULL)
325 return;
326
327 entry = pmksa->pmksa;
328 while (entry) {
329 prev = entry;
330 entry = entry->next;
331 _pmksa_cache_free_entry(prev);
332 }
333 eloop_cancel_timeout(pmksa_cache_expire, pmksa, NULL);
334 for (i = 0; i < PMKID_HASH_SIZE; i++)
335 pmksa->pmkid[i] = NULL;
336 os_free(pmksa);
337 }
338
339
340 /**
341 * pmksa_cache_auth_get - Fetch a PMKSA cache entry
342 * @pmksa: Pointer to PMKSA cache data from pmksa_cache_auth_init()
343 * @spa: Supplicant address or %NULL to match any
344 * @pmkid: PMKID or %NULL to match any
345 * Returns: Pointer to PMKSA cache entry or %NULL if no match was found
346 */
347 struct rsn_pmksa_cache_entry *
pmksa_cache_auth_get(struct rsn_pmksa_cache * pmksa,const u8 * spa,const u8 * pmkid)348 pmksa_cache_auth_get(struct rsn_pmksa_cache *pmksa,
349 const u8 *spa, const u8 *pmkid)
350 {
351 struct rsn_pmksa_cache_entry *entry;
352
353 if (pmkid)
354 entry = pmksa->pmkid[PMKID_HASH(pmkid)];
355 else
356 entry = pmksa->pmksa;
357 while (entry) {
358 if ((spa == NULL ||
359 os_memcmp(entry->spa, spa, ETH_ALEN) == 0) &&
360 (pmkid == NULL ||
361 os_memcmp(entry->pmkid, pmkid, PMKID_LEN) == 0))
362 return entry;
363 entry = pmkid ? entry->hnext : entry->next;
364 }
365 return NULL;
366 }
367
368
369 /**
370 * pmksa_cache_get_okc - Fetch a PMKSA cache entry using OKC
371 * @pmksa: Pointer to PMKSA cache data from pmksa_cache_auth_init()
372 * @aa: Authenticator address
373 * @spa: Supplicant address
374 * @pmkid: PMKID
375 * Returns: Pointer to PMKSA cache entry or %NULL if no match was found
376 *
377 * Use opportunistic key caching (OKC) to find a PMK for a supplicant.
378 */
pmksa_cache_get_okc(struct rsn_pmksa_cache * pmksa,const u8 * aa,const u8 * spa,const u8 * pmkid)379 struct rsn_pmksa_cache_entry * pmksa_cache_get_okc(
380 struct rsn_pmksa_cache *pmksa, const u8 *aa, const u8 *spa,
381 const u8 *pmkid)
382 {
383 struct rsn_pmksa_cache_entry *entry;
384 u8 new_pmkid[PMKID_LEN];
385
386 entry = pmksa->pmksa;
387 while (entry) {
388 if (os_memcmp(entry->spa, spa, ETH_ALEN) != 0)
389 continue;
390 rsn_pmkid(entry->pmk, entry->pmk_len, aa, spa, new_pmkid,
391 wpa_key_mgmt_sha256(entry->akmp));
392 if (os_memcmp(new_pmkid, pmkid, PMKID_LEN) == 0)
393 return entry;
394 entry = entry->next;
395 }
396 return NULL;
397 }
398
399
400 /**
401 * pmksa_cache_auth_init - Initialize PMKSA cache
402 * @free_cb: Callback function to be called when a PMKSA cache entry is freed
403 * @ctx: Context pointer for free_cb function
404 * Returns: Pointer to PMKSA cache data or %NULL on failure
405 */
406 struct rsn_pmksa_cache *
pmksa_cache_auth_init(void (* free_cb)(struct rsn_pmksa_cache_entry * entry,void * ctx),void * ctx)407 pmksa_cache_auth_init(void (*free_cb)(struct rsn_pmksa_cache_entry *entry,
408 void *ctx), void *ctx)
409 {
410 struct rsn_pmksa_cache *pmksa;
411
412 pmksa = os_zalloc(sizeof(*pmksa));
413 if (pmksa) {
414 pmksa->free_cb = free_cb;
415 pmksa->ctx = ctx;
416 }
417
418 return pmksa;
419 }
420