diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c index 961ed9220..d57ca4604 100644 --- a/src/ap/ieee802_1x.c +++ b/src/ap/ieee802_1x.c @@ -1177,7 +1177,7 @@ void ieee802_1x_new_station(struct hostapd_data *hapd, struct sta_info *sta) sta->eapol_sm->portValid = TRUE; if (sta->eapol_sm->eap) eap_sm_notify_cached(sta->eapol_sm->eap); - /* TODO: get vlan_id from R0KH using RRB message */ + ap_sta_bind_vlan(hapd, sta); return; } #endif /* CONFIG_IEEE80211R_AP */ diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h index 666c65fe2..c31e4a548 100644 --- a/src/ap/wpa_auth.h +++ b/src/ap/wpa_auth.h @@ -81,6 +81,9 @@ struct ft_rrb_frame { #define FT_RRB_PAIRWISE 11 /* le16 */ #define FT_RRB_EXPIRES_IN 12 /* le16 seconds */ +#define FT_RRB_VLAN_UNTAGGED 13 /* le16 */ +#define FT_RRB_VLAN_TAGGED 14 /* n times le16 */ + struct ft_rrb_tlv { le16 type; le16 len; @@ -95,7 +98,7 @@ struct ft_rrb_seq { /* session TLVs: * required: PMK_R1, PMK_R1_NAME, PAIRWISE - * optional: EXPIRES_IN + * optional: VLAN_UNTAGGED, VLAN_TAGGED, EXPIRES_IN * * pull frame TLVs: * auth: diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c index a8646e19e..ed3360405 100644 --- a/src/ap/wpa_auth_ft.c +++ b/src/ap/wpa_auth_ft.c @@ -192,6 +192,98 @@ static void wpa_ft_rrb_dump(const u8 *plain, const size_t plain_len) } +static int cmp_int(const void *a, const void *b) +{ + int x, y; + + x = *((int *) a); + y = *((int *) b); + return x - y; +} + + +static int wpa_ft_rrb_get_tlv_vlan(const u8 *plain, const size_t plain_len, + struct vlan_description *vlan) +{ + struct ft_rrb_tlv *f; + size_t left; + size_t len; + int taggedidx; + int vlan_id; + int type; + + left = plain_len; + taggedidx = 0; + os_memset(vlan, 0, sizeof(*vlan)); + + while (left >= sizeof(*f)) { + f = (struct ft_rrb_tlv *) plain; + + left -= sizeof(*f); + plain += sizeof(*f); + + len = le_to_host16(f->len); + type = le_to_host16(f->type); + + if (left < len) { + wpa_printf(MSG_DEBUG, "FT: RRB message truncated"); + return -1; + } + + if (type != FT_RRB_VLAN_UNTAGGED && type != FT_RRB_VLAN_TAGGED) + goto skip; + + if (type == FT_RRB_VLAN_UNTAGGED && len != sizeof(le16)) { + wpa_printf(MSG_DEBUG, + "FT: RRB VLAN_UNTAGGED invalid length"); + return -1; + } + + if (type == FT_RRB_VLAN_TAGGED && len % sizeof(le16) != 0) { + wpa_printf(MSG_DEBUG, + "FT: RRB VLAN_TAGGED invalid length"); + return -1; + } + + while (len >= sizeof(le16)) { + vlan_id = WPA_GET_LE16(plain); + plain += sizeof(le16); + left -= sizeof(le16); + len -= sizeof(le16); + + if (vlan_id <= 0 || vlan_id > MAX_VLAN_ID) { + wpa_printf(MSG_DEBUG, + "FT: RRB VLAN ID invalid %d", + vlan_id); + continue; + } + + if (type == FT_RRB_VLAN_UNTAGGED) + vlan->untagged = vlan_id; + + if (type == FT_RRB_VLAN_TAGGED && + taggedidx < MAX_NUM_TAGGED_VLAN) { + vlan->tagged[taggedidx] = vlan_id; + taggedidx++; + } else if (type == FT_RRB_VLAN_TAGGED) { + wpa_printf(MSG_DEBUG, "FT: RRB too many VLANs"); + } + } + + skip: + left -= len; + plain += len; + } + + if (taggedidx) + qsort(vlan->tagged, taggedidx, sizeof(int), cmp_int); + + vlan->notempty = vlan->untagged || vlan->tagged[0]; + + return 0; +} + + static size_t wpa_ft_tlv_len(const struct tlv_list *tlvs) { size_t tlv_len = 0; @@ -242,8 +334,84 @@ static size_t wpa_ft_tlv_lin(const struct tlv_list *tlvs, u8 *start, } +static size_t wpa_ft_vlan_len(const struct vlan_description *vlan) +{ + size_t tlv_len = 0; + int i; + + if (!vlan || !vlan->notempty) + return 0; + + if (vlan->untagged) { + tlv_len += sizeof(struct ft_rrb_tlv); + tlv_len += sizeof(le16); + } + if (vlan->tagged[0]) + tlv_len += sizeof(struct ft_rrb_tlv); + for (i = 0; i < MAX_NUM_TAGGED_VLAN && vlan->tagged[i]; i++) + tlv_len += sizeof(le16); + + return tlv_len; +} + + +static size_t wpa_ft_vlan_lin(const struct vlan_description *vlan, + u8 *start, u8 *endpos) +{ + size_t tlv_len; + int i, len; + struct ft_rrb_tlv *hdr; + u8 *pos = start; + + if (!vlan || !vlan->notempty) + return 0; + + tlv_len = 0; + if (vlan->untagged) { + tlv_len += sizeof(*hdr); + if (start + tlv_len > endpos) + return tlv_len; + hdr = (struct ft_rrb_tlv *) pos; + hdr->type = host_to_le16(FT_RRB_VLAN_UNTAGGED); + hdr->len = host_to_le16(sizeof(le16)); + pos = start + tlv_len; + + tlv_len += sizeof(le16); + if (start + tlv_len > endpos) + return tlv_len; + WPA_PUT_LE16(pos, vlan->untagged); + pos = start + tlv_len; + } + + if (!vlan->tagged[0]) + return tlv_len; + + tlv_len += sizeof(*hdr); + if (start + tlv_len > endpos) + return tlv_len; + hdr = (struct ft_rrb_tlv *) pos; + hdr->type = host_to_le16(FT_RRB_VLAN_TAGGED); + len = 0; /* len is computed below */ + pos = start + tlv_len; + + for (i = 0; i < MAX_NUM_TAGGED_VLAN && vlan->tagged[i]; i++) { + tlv_len += sizeof(le16); + if (start + tlv_len > endpos) + break; + len += sizeof(le16); + WPA_PUT_LE16(pos, vlan->tagged[i]); + pos = start + tlv_len; + } + + hdr->len = host_to_le16(len); + + return tlv_len; +} + + static int wpa_ft_rrb_lin(const struct tlv_list *tlvs1, const struct tlv_list *tlvs2, + const struct vlan_description *vlan, u8 **plain, size_t *plain_len) { u8 *pos, *endpos; @@ -251,6 +419,7 @@ static int wpa_ft_rrb_lin(const struct tlv_list *tlvs1, tlv_len = wpa_ft_tlv_len(tlvs1); tlv_len += wpa_ft_tlv_len(tlvs2); + tlv_len += wpa_ft_vlan_len(vlan); *plain_len = tlv_len; *plain = os_zalloc(tlv_len); @@ -263,6 +432,7 @@ static int wpa_ft_rrb_lin(const struct tlv_list *tlvs1, endpos = *plain + tlv_len; pos += wpa_ft_tlv_lin(tlvs1, pos, endpos); pos += wpa_ft_tlv_lin(tlvs2, pos, endpos); + pos += wpa_ft_vlan_lin(vlan, pos, endpos); /* sanity check */ if (pos != endpos) { @@ -324,6 +494,7 @@ static int wpa_ft_rrb_build(const u8 *key, const size_t key_len, const struct tlv_list *tlvs_enc0, const struct tlv_list *tlvs_enc1, const struct tlv_list *tlvs_auth, + const struct vlan_description *vlan, const u8 *src_addr, u8 type, u8 **packet, size_t *packet_len) { @@ -331,10 +502,10 @@ static int wpa_ft_rrb_build(const u8 *key, const size_t key_len, size_t plain_len = 0, auth_len = 0; int ret = -1; - if (wpa_ft_rrb_lin(tlvs_enc0, tlvs_enc1, &plain, &plain_len) < 0) + if (wpa_ft_rrb_lin(tlvs_enc0, tlvs_enc1, vlan, &plain, &plain_len) < 0) goto out; - if (wpa_ft_rrb_lin(tlvs_auth, NULL, &auth, &auth_len) < 0) + if (wpa_ft_rrb_lin(tlvs_auth, NULL, NULL, &auth, &auth_len) < 0) goto out; *packet_len = sizeof(u16) + auth_len + plain_len; @@ -456,6 +627,24 @@ wpa_ft_add_sta(struct wpa_authenticator *wpa_auth, const u8 *sta_addr) } +static int wpa_ft_set_vlan(struct wpa_authenticator *wpa_auth, + const u8 *sta_addr, struct vlan_description *vlan) +{ + if (!wpa_auth->cb->set_vlan) + return -1; + return wpa_auth->cb->set_vlan(wpa_auth->cb_ctx, sta_addr, vlan); +} + + +static int wpa_ft_get_vlan(struct wpa_authenticator *wpa_auth, + const u8 *sta_addr, struct vlan_description *vlan) +{ + if (!wpa_auth->cb->get_vlan) + return -1; + return wpa_auth->cb->get_vlan(wpa_auth->cb_ctx, sta_addr, vlan); +} + + static int wpa_ft_add_tspec(struct wpa_authenticator *wpa_auth, const u8 *sta_addr, u8 *tspec_ie, size_t tspec_ielen) @@ -656,7 +845,7 @@ wpa_ft_rrb_seq_req(struct wpa_authenticator *wpa_auth, seq_req_auth[0].data = item->nonce; - if (wpa_ft_rrb_build(key, key_len, NULL, NULL, seq_req_auth, + if (wpa_ft_rrb_build(key, key_len, NULL, NULL, seq_req_auth, NULL, wpa_auth->addr, FT_PACKET_R0KH_R1KH_SEQ_REQ, &packet, &packet_len) < 0) { item = NULL; /* some other seq resp might still accept this */ @@ -839,6 +1028,7 @@ struct wpa_ft_pmk_r0_sa { u8 pmk_r0_name[WPA_PMK_NAME_LEN]; u8 spa[ETH_ALEN]; int pairwise; /* Pairwise cipher suite, WPA_CIPHER_* */ + struct vlan_description *vlan; os_time_t expiration; /* 0 for no expiration */ /* TODO: identity, radius_class, EAP type */ int pmk_r1_pushed; @@ -850,7 +1040,8 @@ struct wpa_ft_pmk_r1_sa { u8 pmk_r1_name[WPA_PMK_NAME_LEN]; u8 spa[ETH_ALEN]; int pairwise; /* Pairwise cipher suite, WPA_CIPHER_* */ - /* TODO: expiration, identity, radius_class, EAP type, VLAN ID */ + struct vlan_description *vlan; + /* TODO: expiration, identity, radius_class, EAP type */ }; struct wpa_ft_pmk_cache { @@ -872,6 +1063,7 @@ static void wpa_ft_free_pmk_r0(struct wpa_ft_pmk_r0_sa *r0) eloop_cancel_timeout(wpa_ft_expire_pmk_r0, r0, NULL); os_memset(r0->pmk_r0, 0, PMK_LEN); + os_free(r0->vlan); os_free(r0); } @@ -911,6 +1103,7 @@ static void wpa_ft_free_pmk_r1(struct wpa_ft_pmk_r1_sa *r1) eloop_cancel_timeout(wpa_ft_expire_pmk_r1, r1, NULL); os_memset(r1->pmk_r1, 0, PMK_LEN); + os_free(r1->vlan); os_free(r1); } @@ -957,6 +1150,7 @@ void wpa_ft_pmk_cache_deinit(struct wpa_ft_pmk_cache *cache) static int wpa_ft_store_pmk_r0(struct wpa_authenticator *wpa_auth, const u8 *spa, const u8 *pmk_r0, const u8 *pmk_r0_name, int pairwise, + const struct vlan_description *vlan, int expires_in) { struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache; @@ -976,6 +1170,14 @@ static int wpa_ft_store_pmk_r0(struct wpa_authenticator *wpa_auth, r0->pairwise = pairwise; if (expires_in > 0) r0->expiration = now.sec + expires_in; + if (vlan && vlan->notempty) { + r0->vlan = os_zalloc(sizeof(*vlan)); + if (!r0->vlan) { + bin_clear_free(r0, sizeof(*r0)); + return -1; + } + *r0->vlan = *vlan; + } dl_list_add(&cache->pmk_r0, &r0->list); if (expires_in > 0) @@ -1012,6 +1214,7 @@ static int wpa_ft_fetch_pmk_r0(struct wpa_authenticator *wpa_auth, static int wpa_ft_store_pmk_r1(struct wpa_authenticator *wpa_auth, const u8 *spa, const u8 *pmk_r1, const u8 *pmk_r1_name, int pairwise, + const struct vlan_description *vlan, int expires_in) { struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache; @@ -1031,6 +1234,14 @@ static int wpa_ft_store_pmk_r1(struct wpa_authenticator *wpa_auth, os_memcpy(r1->pmk_r1_name, pmk_r1_name, WPA_PMK_NAME_LEN); os_memcpy(r1->spa, spa, ETH_ALEN); r1->pairwise = pairwise; + if (vlan && vlan->notempty) { + r1->vlan = os_zalloc(sizeof(*vlan)); + if (!r1->vlan) { + bin_clear_free(r1, sizeof(*r1)); + return -1; + } + *r1->vlan = *vlan; + } dl_list_add(&cache->pmk_r1, &r1->list); @@ -1044,7 +1255,8 @@ static int wpa_ft_store_pmk_r1(struct wpa_authenticator *wpa_auth, static int wpa_ft_fetch_pmk_r1(struct wpa_authenticator *wpa_auth, const u8 *spa, const u8 *pmk_r1_name, - u8 *pmk_r1, int *pairwise) + u8 *pmk_r1, int *pairwise, + struct vlan_description *vlan) { struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache; struct wpa_ft_pmk_r1_sa *r1; @@ -1056,6 +1268,10 @@ static int wpa_ft_fetch_pmk_r1(struct wpa_authenticator *wpa_auth, os_memcpy(pmk_r1, r1->pmk_r1, PMK_LEN); if (pairwise) *pairwise = r1->pairwise; + if (vlan && r1->vlan) + *vlan = *r1->vlan; + if (vlan && !r1->vlan) + os_memset(vlan, 0, sizeof(*vlan)); return 0; } } @@ -1564,7 +1780,7 @@ static int wpa_ft_pull_pmk_r1(struct wpa_state_machine *sm, return -1; } - if (wpa_ft_rrb_build(key, key_len, req_enc, NULL, req_auth, + if (wpa_ft_rrb_build(key, key_len, req_enc, NULL, req_auth, NULL, sm->wpa_auth->addr, FT_PACKET_R0KH_R1KH_PULL, &packet, &packet_len) < 0) return -1; @@ -1594,9 +1810,16 @@ int wpa_ft_store_pmk_fils(struct wpa_state_machine *sm, const u8 *pmk_r0, const u8 *pmk_r0_name) { int expires_in = sm->wpa_auth->conf.r0_key_lifetime; + struct vlan_description vlan; + + if (wpa_ft_get_vlan(sm->wpa_auth, sm->addr, &vlan) < 0) { + wpa_printf(MSG_DEBUG, "FT: vlan not available for STA " MACSTR, + MAC2STR(sm->addr)); + return -1; + } return wpa_ft_store_pmk_r0(sm->wpa_auth, sm->addr, pmk_r0, pmk_r0_name, - sm->pairwise, expires_in); + sm->pairwise, &vlan, expires_in); } @@ -1614,6 +1837,7 @@ int wpa_auth_derive_ptk_ft(struct wpa_state_machine *sm, const u8 *pmk, size_t ssid_len = sm->wpa_auth->conf.ssid_len; int psk_local = sm->wpa_auth->conf.ft_psk_generate_local; int expires_in = sm->wpa_auth->conf.r0_key_lifetime; + struct vlan_description vlan; if (sm->xxkey_len == 0) { wpa_printf(MSG_DEBUG, "FT: XXKey not available for key " @@ -1621,6 +1845,12 @@ int wpa_auth_derive_ptk_ft(struct wpa_state_machine *sm, const u8 *pmk, return -1; } + if (wpa_ft_get_vlan(sm->wpa_auth, sm->addr, &vlan) < 0) { + wpa_printf(MSG_DEBUG, "FT: vlan not available for STA " MACSTR, + MAC2STR(sm->addr)); + return -1; + } + if (wpa_derive_pmk_r0(sm->xxkey, sm->xxkey_len, ssid, ssid_len, mdid, r0kh, r0kh_len, sm->addr, pmk_r0, pmk_r0_name) < 0) @@ -1629,7 +1859,7 @@ int wpa_auth_derive_ptk_ft(struct wpa_state_machine *sm, const u8 *pmk, wpa_hexdump(MSG_DEBUG, "FT: PMKR0Name", pmk_r0_name, WPA_PMK_NAME_LEN); if (!psk_local || !wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt)) wpa_ft_store_pmk_r0(sm->wpa_auth, sm->addr, pmk_r0, pmk_r0_name, - sm->pairwise, expires_in); + sm->pairwise, &vlan, expires_in); if (wpa_derive_pmk_r1(pmk_r0, pmk_r0_name, r1kh, sm->addr, pmk_r1, sm->pmk_r1_name) < 0) @@ -1639,7 +1869,7 @@ int wpa_auth_derive_ptk_ft(struct wpa_state_machine *sm, const u8 *pmk, WPA_PMK_NAME_LEN); if (!psk_local || !wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt)) wpa_ft_store_pmk_r1(sm->wpa_auth, sm->addr, pmk_r1, - sm->pmk_r1_name, sm->pairwise, + sm->pmk_r1_name, sm->pairwise, &vlan, expires_in); return wpa_pmk_r1_to_ptk(pmk_r1, sm->SNonce, sm->ANonce, sm->addr, @@ -2062,7 +2292,8 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm) /* Derive PMK-R1 from PSK, check all available PSK */ static int wpa_ft_psk_pmk_r1(struct wpa_state_machine *sm, const u8 *req_pmk_r1_name, - u8 *out_pmk_r1, int *out_pairwise) + u8 *out_pmk_r1, int *out_pairwise, + struct vlan_description *out_vlan) { const u8 *pmk = NULL; u8 pmk_r0[PMK_LEN], pmk_r0_name[WPA_PMK_NAME_LEN]; @@ -2099,6 +2330,13 @@ static int wpa_ft_psk_pmk_r1(struct wpa_state_machine *sm, os_memcpy(out_pmk_r1, pmk_r1, PMK_LEN); if (out_pairwise) *out_pairwise = pairwise; + if (out_vlan && + wpa_ft_get_vlan(sm->wpa_auth, sm->addr, out_vlan) < 0) { + wpa_printf(MSG_DEBUG, "FT: vlan not available for STA " + MACSTR, MAC2STR(sm->addr)); + return -1; + } + return 0; } @@ -2153,7 +2391,8 @@ static int wpa_ft_local_derive_pmk_r1(struct wpa_authenticator *wpa_auth, const u8 *r0kh_id, size_t r0kh_id_len, const u8 *req_pmk_r0_name, const u8 *req_pmk_r1_name, - u8 *out_pmk_r1, int *out_pairwise) + u8 *out_pmk_r1, int *out_pairwise, + struct vlan_description *vlan) { struct wpa_auth_config *conf = &wpa_auth->conf; const struct wpa_ft_pmk_r0_sa *r0; @@ -2186,9 +2425,15 @@ static int wpa_ft_local_derive_pmk_r1(struct wpa_authenticator *wpa_auth, } wpa_ft_store_pmk_r1(wpa_auth, sm->addr, out_pmk_r1, pmk_r1_name, - sm->pairwise, expires_in); + sm->pairwise, r0->vlan, expires_in); *out_pairwise = sm->pairwise; + if (vlan) { + if (r0->vlan) + *vlan = *r0->vlan; + else + os_memset(vlan, 0, sizeof(*vlan)); + } return 0; } @@ -2207,6 +2452,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm, int ret; u8 *pos, *end; int pairwise; + struct vlan_description vlan; *resp_ies = NULL; *resp_ies_len = 0; @@ -2268,19 +2514,20 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm, if (conf->ft_psk_generate_local && wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt)) { - if (wpa_ft_psk_pmk_r1(sm, pmk_r1_name, pmk_r1, &pairwise) < 0) + if (wpa_ft_psk_pmk_r1(sm, pmk_r1_name, pmk_r1, &pairwise, + &vlan) < 0) return WLAN_STATUS_INVALID_PMKID; wpa_printf(MSG_DEBUG, "FT: Generated PMK-R1 for FT-PSK locally"); } else if (wpa_ft_fetch_pmk_r1(sm->wpa_auth, sm->addr, pmk_r1_name, - pmk_r1, &pairwise) < 0) { + pmk_r1, &pairwise, &vlan) < 0) { wpa_printf(MSG_DEBUG, "FT: No PMK-R1 available in local cache for the requested PMKR1Name"); if (wpa_ft_local_derive_pmk_r1(sm->wpa_auth, sm, parse.r0kh_id, parse.r0kh_id_len, parse.rsn_pmkid, - pmk_r1_name, pmk_r1, &pairwise) - == 0) { + pmk_r1_name, pmk_r1, &pairwise, + &vlan) == 0) { wpa_printf(MSG_DEBUG, "FT: Generated PMK-R1 based on local PMK-R0"); goto pmk_r1_derived; @@ -2324,6 +2571,11 @@ pmk_r1_derived: sm->tk_already_set = FALSE; wpa_ft_install_ptk(sm); + if (wpa_ft_set_vlan(sm->wpa_auth, sm->addr, &vlan) < 0) { + wpa_printf(MSG_DEBUG, "FT: Failed to configure VLAN"); + return WLAN_STATUS_UNSPECIFIED_FAILURE; + } + buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + 2 + FT_R1KH_ID_LEN + 200; *resp_ies = os_zalloc(buflen); @@ -2768,7 +3020,8 @@ static int wpa_ft_rrb_build_r0(const u8 *key, const size_t key_len, if (!pmk_r0) return wpa_ft_rrb_build(key, key_len, tlvs, NULL, tlv_auth, - src_addr, type, packet, packet_len); + NULL, src_addr, type, + packet, packet_len); if (wpa_derive_pmk_r1(pmk_r0->pmk_r0, pmk_r0->pmk_r0_name, r1kh_id, s1kh_id, pmk_r1, pmk_r1_name) < 0) @@ -2787,7 +3040,8 @@ static int wpa_ft_rrb_build_r0(const u8 *key, const size_t key_len, WPA_PUT_LE16(f_expires_in, expires_in); ret = wpa_ft_rrb_build(key, key_len, tlvs, sess_tlv, tlv_auth, - src_addr, type, packet, packet_len); + pmk_r0->vlan, src_addr, type, + packet, packet_len); os_memset(pmk_r1, 0, sizeof(pmk_r1)); @@ -2969,6 +3223,7 @@ static int wpa_ft_rrb_rx_r1(struct wpa_authenticator *wpa_auth, int pairwise; int ret = -1; int expires_in; + struct vlan_description vlan; RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, msgtype, -1); wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID", f_r0kh_id, f_r0kh_id_len); @@ -3062,8 +3317,17 @@ static int wpa_ft_rrb_rx_r1(struct wpa_authenticator *wpa_auth, wpa_printf(MSG_DEBUG, "FT: PMK-R1 %s - expires_in=%d", msgtype, expires_in); + if (wpa_ft_rrb_get_tlv_vlan(plain, plain_len, &vlan) < 0) { + wpa_printf(MSG_DEBUG, "FT: Cannot parse vlan"); + wpa_ft_rrb_dump(plain, plain_len); + goto out; + } + + wpa_printf(MSG_DEBUG, "FT: vlan %d%s", + le_to_host16(vlan.untagged), vlan.tagged[0] ? "+" : ""); + if (wpa_ft_store_pmk_r1(wpa_auth, f_s1kh_id, f_pmk_r1, f_pmk_r1_name, - pairwise, expires_in) < 0) + pairwise, &vlan, expires_in) < 0) goto out; ret = 0; @@ -3373,7 +3637,7 @@ static int wpa_ft_rrb_rx_seq_req(struct wpa_authenticator *wpa_auth, seq_resp_auth[4].len = 0; seq_resp_auth[4].data = NULL; - if (wpa_ft_rrb_build(key, key_len, NULL, NULL, seq_resp_auth, + if (wpa_ft_rrb_build(key, key_len, NULL, NULL, seq_resp_auth, NULL, wpa_auth->addr, FT_PACKET_R0KH_R1KH_SEQ_RESP, &packet, &packet_len) < 0) goto out;