pmksa_cache_auth.c 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430
  1. /*
  2. * hostapd - PMKSA cache for IEEE 802.11i RSN
  3. * Copyright (c) 2004-2008, 2012, Jouni Malinen <j@w1.fi>
  4. *
  5. * This software may be distributed under the terms of the BSD license.
  6. * See README for more details.
  7. */
  8. #include "utils/includes.h"
  9. #include "utils/common.h"
  10. #include "utils/eloop.h"
  11. #include "eapol_auth/eapol_auth_sm.h"
  12. #include "eapol_auth/eapol_auth_sm_i.h"
  13. #include "sta_info.h"
  14. #include "ap_config.h"
  15. #include "pmksa_cache_auth.h"
  16. static const int pmksa_cache_max_entries = 1024;
  17. static const int dot11RSNAConfigPMKLifetime = 43200;
  18. struct rsn_pmksa_cache {
  19. #define PMKID_HASH_SIZE 128
  20. #define PMKID_HASH(pmkid) (unsigned int) ((pmkid)[0] & 0x7f)
  21. struct rsn_pmksa_cache_entry *pmkid[PMKID_HASH_SIZE];
  22. struct rsn_pmksa_cache_entry *pmksa;
  23. int pmksa_count;
  24. void (*free_cb)(struct rsn_pmksa_cache_entry *entry, void *ctx);
  25. void *ctx;
  26. };
  27. static void pmksa_cache_set_expiration(struct rsn_pmksa_cache *pmksa);
  28. static void _pmksa_cache_free_entry(struct rsn_pmksa_cache_entry *entry)
  29. {
  30. if (entry == NULL)
  31. return;
  32. os_free(entry->identity);
  33. wpabuf_free(entry->cui);
  34. #ifndef CONFIG_NO_RADIUS
  35. radius_free_class(&entry->radius_class);
  36. #endif /* CONFIG_NO_RADIUS */
  37. os_free(entry);
  38. }
  39. void pmksa_cache_free_entry(struct rsn_pmksa_cache *pmksa,
  40. struct rsn_pmksa_cache_entry *entry)
  41. {
  42. struct rsn_pmksa_cache_entry *pos, *prev;
  43. pmksa->pmksa_count--;
  44. pmksa->free_cb(entry, pmksa->ctx);
  45. pos = pmksa->pmkid[PMKID_HASH(entry->pmkid)];
  46. prev = NULL;
  47. while (pos) {
  48. if (pos == entry) {
  49. if (prev != NULL) {
  50. prev->hnext = pos->hnext;
  51. } else {
  52. pmksa->pmkid[PMKID_HASH(entry->pmkid)] =
  53. pos->hnext;
  54. }
  55. break;
  56. }
  57. prev = pos;
  58. pos = pos->hnext;
  59. }
  60. pos = pmksa->pmksa;
  61. prev = NULL;
  62. while (pos) {
  63. if (pos == entry) {
  64. if (prev != NULL)
  65. prev->next = pos->next;
  66. else
  67. pmksa->pmksa = pos->next;
  68. break;
  69. }
  70. prev = pos;
  71. pos = pos->next;
  72. }
  73. _pmksa_cache_free_entry(entry);
  74. }
  75. static void pmksa_cache_expire(void *eloop_ctx, void *timeout_ctx)
  76. {
  77. struct rsn_pmksa_cache *pmksa = eloop_ctx;
  78. struct os_reltime now;
  79. os_get_reltime(&now);
  80. while (pmksa->pmksa && pmksa->pmksa->expiration <= now.sec) {
  81. wpa_printf(MSG_DEBUG, "RSN: expired PMKSA cache entry for "
  82. MACSTR, MAC2STR(pmksa->pmksa->spa));
  83. pmksa_cache_free_entry(pmksa, pmksa->pmksa);
  84. }
  85. pmksa_cache_set_expiration(pmksa);
  86. }
  87. static void pmksa_cache_set_expiration(struct rsn_pmksa_cache *pmksa)
  88. {
  89. int sec;
  90. struct os_reltime now;
  91. eloop_cancel_timeout(pmksa_cache_expire, pmksa, NULL);
  92. if (pmksa->pmksa == NULL)
  93. return;
  94. os_get_reltime(&now);
  95. sec = pmksa->pmksa->expiration - now.sec;
  96. if (sec < 0)
  97. sec = 0;
  98. eloop_register_timeout(sec + 1, 0, pmksa_cache_expire, pmksa, NULL);
  99. }
  100. static void pmksa_cache_from_eapol_data(struct rsn_pmksa_cache_entry *entry,
  101. struct eapol_state_machine *eapol)
  102. {
  103. if (eapol == NULL)
  104. return;
  105. if (eapol->identity) {
  106. entry->identity = os_malloc(eapol->identity_len);
  107. if (entry->identity) {
  108. entry->identity_len = eapol->identity_len;
  109. os_memcpy(entry->identity, eapol->identity,
  110. eapol->identity_len);
  111. }
  112. }
  113. if (eapol->radius_cui)
  114. entry->cui = wpabuf_dup(eapol->radius_cui);
  115. #ifndef CONFIG_NO_RADIUS
  116. radius_copy_class(&entry->radius_class, &eapol->radius_class);
  117. #endif /* CONFIG_NO_RADIUS */
  118. entry->eap_type_authsrv = eapol->eap_type_authsrv;
  119. entry->vlan_id = ((struct sta_info *) eapol->sta)->vlan_id;
  120. }
  121. void pmksa_cache_to_eapol_data(struct rsn_pmksa_cache_entry *entry,
  122. struct eapol_state_machine *eapol)
  123. {
  124. if (entry == NULL || eapol == NULL)
  125. return;
  126. if (entry->identity) {
  127. os_free(eapol->identity);
  128. eapol->identity = os_malloc(entry->identity_len);
  129. if (eapol->identity) {
  130. eapol->identity_len = entry->identity_len;
  131. os_memcpy(eapol->identity, entry->identity,
  132. entry->identity_len);
  133. }
  134. wpa_hexdump_ascii(MSG_DEBUG, "STA identity from PMKSA",
  135. eapol->identity, eapol->identity_len);
  136. }
  137. if (entry->cui) {
  138. wpabuf_free(eapol->radius_cui);
  139. eapol->radius_cui = wpabuf_dup(entry->cui);
  140. }
  141. #ifndef CONFIG_NO_RADIUS
  142. radius_free_class(&eapol->radius_class);
  143. radius_copy_class(&eapol->radius_class, &entry->radius_class);
  144. #endif /* CONFIG_NO_RADIUS */
  145. if (eapol->radius_class.attr) {
  146. wpa_printf(MSG_DEBUG, "Copied %lu Class attribute(s) from "
  147. "PMKSA", (unsigned long) eapol->radius_class.count);
  148. }
  149. eapol->eap_type_authsrv = entry->eap_type_authsrv;
  150. ((struct sta_info *) eapol->sta)->vlan_id = entry->vlan_id;
  151. }
  152. static void pmksa_cache_link_entry(struct rsn_pmksa_cache *pmksa,
  153. struct rsn_pmksa_cache_entry *entry)
  154. {
  155. struct rsn_pmksa_cache_entry *pos, *prev;
  156. /* Add the new entry; order by expiration time */
  157. pos = pmksa->pmksa;
  158. prev = NULL;
  159. while (pos) {
  160. if (pos->expiration > entry->expiration)
  161. break;
  162. prev = pos;
  163. pos = pos->next;
  164. }
  165. if (prev == NULL) {
  166. entry->next = pmksa->pmksa;
  167. pmksa->pmksa = entry;
  168. } else {
  169. entry->next = prev->next;
  170. prev->next = entry;
  171. }
  172. entry->hnext = pmksa->pmkid[PMKID_HASH(entry->pmkid)];
  173. pmksa->pmkid[PMKID_HASH(entry->pmkid)] = entry;
  174. pmksa->pmksa_count++;
  175. if (prev == NULL)
  176. pmksa_cache_set_expiration(pmksa);
  177. wpa_printf(MSG_DEBUG, "RSN: added PMKSA cache entry for " MACSTR,
  178. MAC2STR(entry->spa));
  179. wpa_hexdump(MSG_DEBUG, "RSN: added PMKID", entry->pmkid, PMKID_LEN);
  180. }
  181. /**
  182. * pmksa_cache_auth_add - Add a PMKSA cache entry
  183. * @pmksa: Pointer to PMKSA cache data from pmksa_cache_auth_init()
  184. * @pmk: The new pairwise master key
  185. * @pmk_len: PMK length in bytes, usually PMK_LEN (32)
  186. * @aa: Authenticator address
  187. * @spa: Supplicant address
  188. * @session_timeout: Session timeout
  189. * @eapol: Pointer to EAPOL state machine data
  190. * @akmp: WPA_KEY_MGMT_* used in key derivation
  191. * Returns: Pointer to the added PMKSA cache entry or %NULL on error
  192. *
  193. * This function create a PMKSA entry for a new PMK and adds it to the PMKSA
  194. * cache. If an old entry is already in the cache for the same Supplicant,
  195. * this entry will be replaced with the new entry. PMKID will be calculated
  196. * based on the PMK.
  197. */
  198. struct rsn_pmksa_cache_entry *
  199. pmksa_cache_auth_add(struct rsn_pmksa_cache *pmksa,
  200. const u8 *pmk, size_t pmk_len,
  201. const u8 *aa, const u8 *spa, int session_timeout,
  202. struct eapol_state_machine *eapol, int akmp)
  203. {
  204. struct rsn_pmksa_cache_entry *entry, *pos;
  205. struct os_reltime now;
  206. if (pmk_len > PMK_LEN)
  207. return NULL;
  208. entry = os_zalloc(sizeof(*entry));
  209. if (entry == NULL)
  210. return NULL;
  211. os_memcpy(entry->pmk, pmk, pmk_len);
  212. entry->pmk_len = pmk_len;
  213. rsn_pmkid(pmk, pmk_len, aa, spa, entry->pmkid,
  214. wpa_key_mgmt_sha256(akmp));
  215. os_get_reltime(&now);
  216. entry->expiration = now.sec;
  217. if (session_timeout > 0)
  218. entry->expiration += session_timeout;
  219. else
  220. entry->expiration += dot11RSNAConfigPMKLifetime;
  221. entry->akmp = akmp;
  222. os_memcpy(entry->spa, spa, ETH_ALEN);
  223. pmksa_cache_from_eapol_data(entry, eapol);
  224. /* Replace an old entry for the same STA (if found) with the new entry
  225. */
  226. pos = pmksa_cache_auth_get(pmksa, spa, NULL);
  227. if (pos)
  228. pmksa_cache_free_entry(pmksa, pos);
  229. if (pmksa->pmksa_count >= pmksa_cache_max_entries && pmksa->pmksa) {
  230. /* Remove the oldest entry to make room for the new entry */
  231. wpa_printf(MSG_DEBUG, "RSN: removed the oldest PMKSA cache "
  232. "entry (for " MACSTR ") to make room for new one",
  233. MAC2STR(pmksa->pmksa->spa));
  234. pmksa_cache_free_entry(pmksa, pmksa->pmksa);
  235. }
  236. pmksa_cache_link_entry(pmksa, entry);
  237. return entry;
  238. }
  239. struct rsn_pmksa_cache_entry *
  240. pmksa_cache_add_okc(struct rsn_pmksa_cache *pmksa,
  241. const struct rsn_pmksa_cache_entry *old_entry,
  242. const u8 *aa, const u8 *pmkid)
  243. {
  244. struct rsn_pmksa_cache_entry *entry;
  245. entry = os_zalloc(sizeof(*entry));
  246. if (entry == NULL)
  247. return NULL;
  248. os_memcpy(entry->pmkid, pmkid, PMKID_LEN);
  249. os_memcpy(entry->pmk, old_entry->pmk, old_entry->pmk_len);
  250. entry->pmk_len = old_entry->pmk_len;
  251. entry->expiration = old_entry->expiration;
  252. entry->akmp = old_entry->akmp;
  253. os_memcpy(entry->spa, old_entry->spa, ETH_ALEN);
  254. entry->opportunistic = 1;
  255. if (old_entry->identity) {
  256. entry->identity = os_malloc(old_entry->identity_len);
  257. if (entry->identity) {
  258. entry->identity_len = old_entry->identity_len;
  259. os_memcpy(entry->identity, old_entry->identity,
  260. old_entry->identity_len);
  261. }
  262. }
  263. if (old_entry->cui)
  264. entry->cui = wpabuf_dup(old_entry->cui);
  265. #ifndef CONFIG_NO_RADIUS
  266. radius_copy_class(&entry->radius_class, &old_entry->radius_class);
  267. #endif /* CONFIG_NO_RADIUS */
  268. entry->eap_type_authsrv = old_entry->eap_type_authsrv;
  269. entry->vlan_id = old_entry->vlan_id;
  270. entry->opportunistic = 1;
  271. pmksa_cache_link_entry(pmksa, entry);
  272. return entry;
  273. }
  274. /**
  275. * pmksa_cache_auth_deinit - Free all entries in PMKSA cache
  276. * @pmksa: Pointer to PMKSA cache data from pmksa_cache_auth_init()
  277. */
  278. void pmksa_cache_auth_deinit(struct rsn_pmksa_cache *pmksa)
  279. {
  280. struct rsn_pmksa_cache_entry *entry, *prev;
  281. int i;
  282. if (pmksa == NULL)
  283. return;
  284. entry = pmksa->pmksa;
  285. while (entry) {
  286. prev = entry;
  287. entry = entry->next;
  288. _pmksa_cache_free_entry(prev);
  289. }
  290. eloop_cancel_timeout(pmksa_cache_expire, pmksa, NULL);
  291. for (i = 0; i < PMKID_HASH_SIZE; i++)
  292. pmksa->pmkid[i] = NULL;
  293. os_free(pmksa);
  294. }
  295. /**
  296. * pmksa_cache_auth_get - Fetch a PMKSA cache entry
  297. * @pmksa: Pointer to PMKSA cache data from pmksa_cache_auth_init()
  298. * @spa: Supplicant address or %NULL to match any
  299. * @pmkid: PMKID or %NULL to match any
  300. * Returns: Pointer to PMKSA cache entry or %NULL if no match was found
  301. */
  302. struct rsn_pmksa_cache_entry *
  303. pmksa_cache_auth_get(struct rsn_pmksa_cache *pmksa,
  304. const u8 *spa, const u8 *pmkid)
  305. {
  306. struct rsn_pmksa_cache_entry *entry;
  307. if (pmkid)
  308. entry = pmksa->pmkid[PMKID_HASH(pmkid)];
  309. else
  310. entry = pmksa->pmksa;
  311. while (entry) {
  312. if ((spa == NULL ||
  313. os_memcmp(entry->spa, spa, ETH_ALEN) == 0) &&
  314. (pmkid == NULL ||
  315. os_memcmp(entry->pmkid, pmkid, PMKID_LEN) == 0))
  316. return entry;
  317. entry = pmkid ? entry->hnext : entry->next;
  318. }
  319. return NULL;
  320. }
  321. /**
  322. * pmksa_cache_get_okc - Fetch a PMKSA cache entry using OKC
  323. * @pmksa: Pointer to PMKSA cache data from pmksa_cache_auth_init()
  324. * @aa: Authenticator address
  325. * @spa: Supplicant address
  326. * @pmkid: PMKID
  327. * Returns: Pointer to PMKSA cache entry or %NULL if no match was found
  328. *
  329. * Use opportunistic key caching (OKC) to find a PMK for a supplicant.
  330. */
  331. struct rsn_pmksa_cache_entry * pmksa_cache_get_okc(
  332. struct rsn_pmksa_cache *pmksa, const u8 *aa, const u8 *spa,
  333. const u8 *pmkid)
  334. {
  335. struct rsn_pmksa_cache_entry *entry;
  336. u8 new_pmkid[PMKID_LEN];
  337. entry = pmksa->pmksa;
  338. while (entry) {
  339. if (os_memcmp(entry->spa, spa, ETH_ALEN) != 0)
  340. continue;
  341. rsn_pmkid(entry->pmk, entry->pmk_len, aa, spa, new_pmkid,
  342. wpa_key_mgmt_sha256(entry->akmp));
  343. if (os_memcmp(new_pmkid, pmkid, PMKID_LEN) == 0)
  344. return entry;
  345. entry = entry->next;
  346. }
  347. return NULL;
  348. }
  349. /**
  350. * pmksa_cache_auth_init - Initialize PMKSA cache
  351. * @free_cb: Callback function to be called when a PMKSA cache entry is freed
  352. * @ctx: Context pointer for free_cb function
  353. * Returns: Pointer to PMKSA cache data or %NULL on failure
  354. */
  355. struct rsn_pmksa_cache *
  356. pmksa_cache_auth_init(void (*free_cb)(struct rsn_pmksa_cache_entry *entry,
  357. void *ctx), void *ctx)
  358. {
  359. struct rsn_pmksa_cache *pmksa;
  360. pmksa = os_zalloc(sizeof(*pmksa));
  361. if (pmksa) {
  362. pmksa->free_cb = free_cb;
  363. pmksa->ctx = ctx;
  364. }
  365. return pmksa;
  366. }