src/ap/pmksa_cache_auth.c - LeafOS-Project/android_external_wpa_supplicant_8 - Gitiles

 /*
  * hostapd - PMKSA cache for IEEE 802.11i RSN
  * Copyright (c) 2004-2008, 2012-2015, Jouni Malinen <j@w1.fi>
  *
  * This software may be distributed under the terms of the BSD license.
  * See README for more details.
  */

 #include "utils/includes.h"

 #include "utils/common.h"
 #include "utils/eloop.h"
 #include "eapol_auth/eapol_auth_sm.h"
 #include "eapol_auth/eapol_auth_sm_i.h"
 #include "radius/radius_das.h"
 #include "sta_info.h"
 #include "ap_config.h"
 #include "pmksa_cache_auth.h"


 static const int pmksa_cache_max_entries = 1024;
 static const int dot11RSNAConfigPMKLifetime = 43200;

 struct rsn_pmksa_cache {
 #define PMKID_HASH_SIZE 128
 #define PMKID_HASH(pmkid) (unsigned int) ((pmkid)[0] & 0x7f)
 	struct rsn_pmksa_cache_entry *pmkid[PMKID_HASH_SIZE];
 	struct rsn_pmksa_cache_entry *pmksa;
 	int pmksa_count;

 	void (*free_cb)(struct rsn_pmksa_cache_entry *entry, void *ctx);
 	void *ctx;
 };


 static void pmksa_cache_set_expiration(struct rsn_pmksa_cache *pmksa);


 static void _pmksa_cache_free_entry(struct rsn_pmksa_cache_entry *entry)
 {
 	os_free(entry->identity);
 	wpabuf_free(entry->cui);
 #ifndef CONFIG_NO_RADIUS
 	radius_free_class(&entry->radius_class);
 #endif /* CONFIG_NO_RADIUS */
 	bin_clear_free(entry, sizeof(*entry));
 }


 void pmksa_cache_free_entry(struct rsn_pmksa_cache *pmksa,
 			    struct rsn_pmksa_cache_entry *entry)
 {
 	struct rsn_pmksa_cache_entry *pos, *prev;
 	unsigned int hash;

 	pmksa->pmksa_count--;
 	pmksa->free_cb(entry, pmksa->ctx);

 	/* unlink from hash list */
 	hash = PMKID_HASH(entry->pmkid);
 	pos = pmksa->pmkid[hash];
 	prev = NULL;
 	while (pos) {
 		if (pos == entry) {
 			if (prev != NULL)
 				prev->hnext = entry->hnext;
 			else
 				pmksa->pmkid[hash] = entry->hnext;
 			break;
 		}
 		prev = pos;
 		pos = pos->hnext;
 	}

 	/* unlink from entry list */
 	pos = pmksa->pmksa;
 	prev = NULL;
 	while (pos) {
 		if (pos == entry) {
 			if (prev != NULL)
 				prev->next = entry->next;
 			else
 				pmksa->pmksa = entry->next;
 			break;
 		}
 		prev = pos;
 		pos = pos->next;
 	}

 	_pmksa_cache_free_entry(entry);
 }


 static void pmksa_cache_expire(void *eloop_ctx, void *timeout_ctx)
 {
 	struct rsn_pmksa_cache *pmksa = eloop_ctx;
 	struct os_reltime now;

 	os_get_reltime(&now);
 	while (pmksa->pmksa && pmksa->pmksa->expiration <= now.sec) {
 		wpa_printf(MSG_DEBUG, "RSN: expired PMKSA cache entry for "
 			   MACSTR, MAC2STR(pmksa->pmksa->spa));
 		pmksa_cache_free_entry(pmksa, pmksa->pmksa);
 	}

 	pmksa_cache_set_expiration(pmksa);
 }


 static void pmksa_cache_set_expiration(struct rsn_pmksa_cache *pmksa)
 {
 	int sec;
 	struct os_reltime now;

 	eloop_cancel_timeout(pmksa_cache_expire, pmksa, NULL);
 	if (pmksa->pmksa == NULL)
 		return;
 	os_get_reltime(&now);
 	sec = pmksa->pmksa->expiration - now.sec;
 	if (sec < 0)
 		sec = 0;
 	eloop_register_timeout(sec + 1, 0, pmksa_cache_expire, pmksa, NULL);
 }


 static void pmksa_cache_from_eapol_data(struct rsn_pmksa_cache_entry *entry,
 					struct eapol_state_machine *eapol)
 {
 	if (eapol == NULL)
 		return;

 	if (eapol->identity) {
 		entry->identity = os_malloc(eapol->identity_len);
 		if (entry->identity) {
 			entry->identity_len = eapol->identity_len;
 			os_memcpy(entry->identity, eapol->identity,
 				  eapol->identity_len);
 		}
 	}

 	if (eapol->radius_cui)
 		entry->cui = wpabuf_dup(eapol->radius_cui);

 #ifndef CONFIG_NO_RADIUS
 	radius_copy_class(&entry->radius_class, &eapol->radius_class);
 #endif /* CONFIG_NO_RADIUS */

 	entry->eap_type_authsrv = eapol->eap_type_authsrv;
 	entry->vlan_id = ((struct sta_info *) eapol->sta)->vlan_id;

 	entry->acct_multi_session_id_hi = eapol->acct_multi_session_id_hi;
 	entry->acct_multi_session_id_lo = eapol->acct_multi_session_id_lo;
 }


 void pmksa_cache_to_eapol_data(struct rsn_pmksa_cache_entry *entry,
 			       struct eapol_state_machine *eapol)
 {
 	if (entry == NULL || eapol == NULL)
 		return;

 	if (entry->identity) {
 		os_free(eapol->identity);
 		eapol->identity = os_malloc(entry->identity_len);
 		if (eapol->identity) {
 			eapol->identity_len = entry->identity_len;
 			os_memcpy(eapol->identity, entry->identity,
 				  entry->identity_len);
 		}
 		wpa_hexdump_ascii(MSG_DEBUG, "STA identity from PMKSA",
 				  eapol->identity, eapol->identity_len);
 	}

 	if (entry->cui) {
 		wpabuf_free(eapol->radius_cui);
 		eapol->radius_cui = wpabuf_dup(entry->cui);
 	}

 #ifndef CONFIG_NO_RADIUS
 	radius_free_class(&eapol->radius_class);
 	radius_copy_class(&eapol->radius_class, &entry->radius_class);
 #endif /* CONFIG_NO_RADIUS */
 	if (eapol->radius_class.attr) {
 		wpa_printf(MSG_DEBUG, "Copied %lu Class attribute(s) from "
 			   "PMKSA", (unsigned long) eapol->radius_class.count);
 	}

 	eapol->eap_type_authsrv = entry->eap_type_authsrv;
 	((struct sta_info *) eapol->sta)->vlan_id = entry->vlan_id;

 	eapol->acct_multi_session_id_hi = entry->acct_multi_session_id_hi;
 	eapol->acct_multi_session_id_lo = entry->acct_multi_session_id_lo;
 }


 static void pmksa_cache_link_entry(struct rsn_pmksa_cache *pmksa,
 				   struct rsn_pmksa_cache_entry *entry)
 {
 	struct rsn_pmksa_cache_entry *pos, *prev;
 	int hash;

 	/* Add the new entry; order by expiration time */
 	pos = pmksa->pmksa;
 	prev = NULL;
 	while (pos) {
 		if (pos->expiration > entry->expiration)
 			break;
 		prev = pos;
 		pos = pos->next;
 	}
 	if (prev == NULL) {
 		entry->next = pmksa->pmksa;
 		pmksa->pmksa = entry;
 	} else {
 		entry->next = prev->next;
 		prev->next = entry;
 	}

 	hash = PMKID_HASH(entry->pmkid);
 	entry->hnext = pmksa->pmkid[hash];
 	pmksa->pmkid[hash] = entry;

 	pmksa->pmksa_count++;
 	if (prev == NULL)
 		pmksa_cache_set_expiration(pmksa);
 	wpa_printf(MSG_DEBUG, "RSN: added PMKSA cache entry for " MACSTR,
 		   MAC2STR(entry->spa));
 	wpa_hexdump(MSG_DEBUG, "RSN: added PMKID", entry->pmkid, PMKID_LEN);
 }


 /**
  * pmksa_cache_auth_add - Add a PMKSA cache entry
  * @pmksa: Pointer to PMKSA cache data from pmksa_cache_auth_init()
  * @pmk: The new pairwise master key
  * @pmk_len: PMK length in bytes, usually PMK_LEN (32)
  * @kck: Key confirmation key or %NULL if not yet derived
  * @kck_len: KCK length in bytes
  * @aa: Authenticator address
  * @spa: Supplicant address
  * @session_timeout: Session timeout
  * @eapol: Pointer to EAPOL state machine data
  * @akmp: WPA_KEY_MGMT_* used in key derivation
  * Returns: Pointer to the added PMKSA cache entry or %NULL on error
  *
  * This function create a PMKSA entry for a new PMK and adds it to the PMKSA
  * cache. If an old entry is already in the cache for the same Supplicant,
  * this entry will be replaced with the new entry. PMKID will be calculated
  * based on the PMK.
  */
 struct rsn_pmksa_cache_entry *
 pmksa_cache_auth_add(struct rsn_pmksa_cache *pmksa,
 		     const u8 *pmk, size_t pmk_len,
 		     const u8 *kck, size_t kck_len,
 		     const u8 *aa, const u8 *spa, int session_timeout,
 		     struct eapol_state_machine *eapol, int akmp)
 {
 	struct rsn_pmksa_cache_entry *entry, *pos;
 	struct os_reltime now;

 	if (pmk_len > PMK_LEN_MAX)
 		return NULL;

 	if (wpa_key_mgmt_suite_b(akmp) && !kck)
 		return NULL;

 	entry = os_zalloc(sizeof(*entry));
 	if (entry == NULL)
 		return NULL;
 	os_memcpy(entry->pmk, pmk, pmk_len);
 	entry->pmk_len = pmk_len;
 	if (akmp == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
 		rsn_pmkid_suite_b_192(kck, kck_len, aa, spa, entry->pmkid);
 	else if (wpa_key_mgmt_suite_b(akmp))
 		rsn_pmkid_suite_b(kck, kck_len, aa, spa, entry->pmkid);
 	else
 		rsn_pmkid(pmk, pmk_len, aa, spa, entry->pmkid,
 			  wpa_key_mgmt_sha256(akmp));
 	os_get_reltime(&now);
 	entry->expiration = now.sec;
 	if (session_timeout > 0)
 		entry->expiration += session_timeout;
 	else
 		entry->expiration += dot11RSNAConfigPMKLifetime;
 	entry->akmp = akmp;
 	os_memcpy(entry->spa, spa, ETH_ALEN);
 	pmksa_cache_from_eapol_data(entry, eapol);

 	/* Replace an old entry for the same STA (if found) with the new entry
 	 */
 	pos = pmksa_cache_auth_get(pmksa, spa, NULL);
 	if (pos)
 		pmksa_cache_free_entry(pmksa, pos);

 	if (pmksa->pmksa_count >= pmksa_cache_max_entries && pmksa->pmksa) {
 		/* Remove the oldest entry to make room for the new entry */
 		wpa_printf(MSG_DEBUG, "RSN: removed the oldest PMKSA cache "
 			   "entry (for " MACSTR ") to make room for new one",
 			   MAC2STR(pmksa->pmksa->spa));
 		pmksa_cache_free_entry(pmksa, pmksa->pmksa);
 	}

 	pmksa_cache_link_entry(pmksa, entry);

 	return entry;
 }


 struct rsn_pmksa_cache_entry *
 pmksa_cache_add_okc(struct rsn_pmksa_cache *pmksa,
 		    const struct rsn_pmksa_cache_entry *old_entry,
 		    const u8 *aa, const u8 *pmkid)
 {
 	struct rsn_pmksa_cache_entry *entry;

 	entry = os_zalloc(sizeof(*entry));
 	if (entry == NULL)
 		return NULL;
 	os_memcpy(entry->pmkid, pmkid, PMKID_LEN);
 	os_memcpy(entry->pmk, old_entry->pmk, old_entry->pmk_len);
 	entry->pmk_len = old_entry->pmk_len;
 	entry->expiration = old_entry->expiration;
 	entry->akmp = old_entry->akmp;
 	os_memcpy(entry->spa, old_entry->spa, ETH_ALEN);
 	entry->opportunistic = 1;
 	if (old_entry->identity) {
 		entry->identity = os_malloc(old_entry->identity_len);
 		if (entry->identity) {
 			entry->identity_len = old_entry->identity_len;
 			os_memcpy(entry->identity, old_entry->identity,
 				  old_entry->identity_len);
 		}
 	}
 	if (old_entry->cui)
 		entry->cui = wpabuf_dup(old_entry->cui);
 #ifndef CONFIG_NO_RADIUS
 	radius_copy_class(&entry->radius_class, &old_entry->radius_class);
 #endif /* CONFIG_NO_RADIUS */
 	entry->eap_type_authsrv = old_entry->eap_type_authsrv;
 	entry->vlan_id = old_entry->vlan_id;
 	entry->opportunistic = 1;

 	pmksa_cache_link_entry(pmksa, entry);

 	return entry;
 }


 /**
  * pmksa_cache_auth_deinit - Free all entries in PMKSA cache
  * @pmksa: Pointer to PMKSA cache data from pmksa_cache_auth_init()
  */
 void pmksa_cache_auth_deinit(struct rsn_pmksa_cache *pmksa)
 {
 	struct rsn_pmksa_cache_entry *entry, *prev;
 	int i;

 	if (pmksa == NULL)
 		return;

 	entry = pmksa->pmksa;
 	while (entry) {
 		prev = entry;
 		entry = entry->next;
 		_pmksa_cache_free_entry(prev);
 	}
 	eloop_cancel_timeout(pmksa_cache_expire, pmksa, NULL);
 	pmksa->pmksa_count = 0;
 	pmksa->pmksa = NULL;
 	for (i = 0; i < PMKID_HASH_SIZE; i++)
 		pmksa->pmkid[i] = NULL;
 	os_free(pmksa);
 }


 /**
  * pmksa_cache_auth_get - Fetch a PMKSA cache entry
  * @pmksa: Pointer to PMKSA cache data from pmksa_cache_auth_init()
  * @spa: Supplicant address or %NULL to match any
  * @pmkid: PMKID or %NULL to match any
  * Returns: Pointer to PMKSA cache entry or %NULL if no match was found
  */
 struct rsn_pmksa_cache_entry *
 pmksa_cache_auth_get(struct rsn_pmksa_cache *pmksa,
 		     const u8 *spa, const u8 *pmkid)
 {
 	struct rsn_pmksa_cache_entry *entry;

 	if (pmkid) {
 		for (entry = pmksa->pmkid[PMKID_HASH(pmkid)]; entry;
 		     entry = entry->hnext) {
 			if ((spa == NULL ||
 			     os_memcmp(entry->spa, spa, ETH_ALEN) == 0) &&
 			    os_memcmp(entry->pmkid, pmkid, PMKID_LEN) == 0)
 				return entry;
 		}
 	} else {
 		for (entry = pmksa->pmksa; entry; entry = entry->next) {
 			if (spa == NULL ||
 			    os_memcmp(entry->spa, spa, ETH_ALEN) == 0)
 				return entry;
 		}
 	}

 	return NULL;
 }


 /**
  * pmksa_cache_get_okc - Fetch a PMKSA cache entry using OKC
  * @pmksa: Pointer to PMKSA cache data from pmksa_cache_auth_init()
  * @aa: Authenticator address
  * @spa: Supplicant address
  * @pmkid: PMKID
  * Returns: Pointer to PMKSA cache entry or %NULL if no match was found
  *
  * Use opportunistic key caching (OKC) to find a PMK for a supplicant.
  */
 struct rsn_pmksa_cache_entry * pmksa_cache_get_okc(
 	struct rsn_pmksa_cache *pmksa, const u8 *aa, const u8 *spa,
 	const u8 *pmkid)
 {
 	struct rsn_pmksa_cache_entry *entry;
 	u8 new_pmkid[PMKID_LEN];

 	for (entry = pmksa->pmksa; entry; entry = entry->next) {
 		if (os_memcmp(entry->spa, spa, ETH_ALEN) != 0)
 			continue;
 		rsn_pmkid(entry->pmk, entry->pmk_len, aa, spa, new_pmkid,
 			  wpa_key_mgmt_sha256(entry->akmp));
 		if (os_memcmp(new_pmkid, pmkid, PMKID_LEN) == 0)
 			return entry;
 	}
 	return NULL;
 }


 /**
  * pmksa_cache_auth_init - Initialize PMKSA cache
  * @free_cb: Callback function to be called when a PMKSA cache entry is freed
  * @ctx: Context pointer for free_cb function
  * Returns: Pointer to PMKSA cache data or %NULL on failure
  */
 struct rsn_pmksa_cache *
 pmksa_cache_auth_init(void (*free_cb)(struct rsn_pmksa_cache_entry *entry,
 				      void *ctx), void *ctx)
 {
 	struct rsn_pmksa_cache *pmksa;

 	pmksa = os_zalloc(sizeof(*pmksa));
 	if (pmksa) {
 		pmksa->free_cb = free_cb;
 		pmksa->ctx = ctx;
 	}

 	return pmksa;
 }


 static int das_attr_match(struct rsn_pmksa_cache_entry *entry,
 			  struct radius_das_attrs *attr)
 {
 	int match = 0;

 	if (attr->sta_addr) {
 		if (os_memcmp(attr->sta_addr, entry->spa, ETH_ALEN) != 0)
 			return 0;
 		match++;
 	}

 	if (attr->acct_multi_session_id) {
 		char buf[20];

 		if (attr->acct_multi_session_id_len != 17)
 			return 0;
 		os_snprintf(buf, sizeof(buf), "%08X+%08X",
 			    entry->acct_multi_session_id_hi,
 			    entry->acct_multi_session_id_lo);
 		if (os_memcmp(attr->acct_multi_session_id, buf, 17) != 0)
 			return 0;
 		match++;
 	}

 	if (attr->cui) {
 		if (!entry->cui ||
 		    attr->cui_len != wpabuf_len(entry->cui) ||
 		    os_memcmp(attr->cui, wpabuf_head(entry->cui),
 			      attr->cui_len) != 0)
 			return 0;
 		match++;
 	}

 	if (attr->user_name) {
 		if (!entry->identity ||
 		    attr->user_name_len != entry->identity_len ||
 		    os_memcmp(attr->user_name, entry->identity,
 			      attr->user_name_len) != 0)
 			return 0;
 		match++;
 	}

 	return match;
 }


 int pmksa_cache_auth_radius_das_disconnect(struct rsn_pmksa_cache *pmksa,
 					   struct radius_das_attrs *attr)
 {
 	int found = 0;
 	struct rsn_pmksa_cache_entry *entry, *prev;

 	if (attr->acct_session_id)
 		return -1;

 	entry = pmksa->pmksa;
 	while (entry) {
 		if (das_attr_match(entry, attr)) {
 			found++;
 			prev = entry;
 			entry = entry->next;
 			pmksa_cache_free_entry(pmksa, prev);
 			continue;
 		}
 		entry = entry->next;
 	}

 	return found ? 0 : -1;
 }
	/*
	* hostapd - PMKSA cache for IEEE 802.11i RSN
	* Copyright (c) 2004-2008, 2012-2015, Jouni Malinen <j@w1.fi>
	*
	* This software may be distributed under the terms of the BSD license.
	* See README for more details.
	*/

	#include "utils/includes.h"

	#include "utils/common.h"
	#include "utils/eloop.h"
	#include "eapol_auth/eapol_auth_sm.h"
	#include "eapol_auth/eapol_auth_sm_i.h"
	#include "radius/radius_das.h"
	#include "sta_info.h"
	#include "ap_config.h"
	#include "pmksa_cache_auth.h"


	static const int pmksa_cache_max_entries = 1024;
	static const int dot11RSNAConfigPMKLifetime = 43200;

	struct rsn_pmksa_cache {
	#define PMKID_HASH_SIZE 128
	#define PMKID_HASH(pmkid) (unsigned int) ((pmkid)[0] & 0x7f)
	struct rsn_pmksa_cache_entry *pmkid[PMKID_HASH_SIZE];
	struct rsn_pmksa_cache_entry *pmksa;
	int pmksa_count;

	void (free_cb)(struct rsn_pmksa_cache_entry entry, void *ctx);
	void *ctx;
	};


	static void pmksa_cache_set_expiration(struct rsn_pmksa_cache *pmksa);


	static void _pmksa_cache_free_entry(struct rsn_pmksa_cache_entry *entry)
	{
	os_free(entry->identity);
	wpabuf_free(entry->cui);
	#ifndef CONFIG_NO_RADIUS
	radius_free_class(&entry->radius_class);
	#endif /* CONFIG_NO_RADIUS */
	bin_clear_free(entry, sizeof(*entry));
	}


	void pmksa_cache_free_entry(struct rsn_pmksa_cache *pmksa,
	struct rsn_pmksa_cache_entry *entry)
	{
	struct rsn_pmksa_cache_entry pos, prev;
	unsigned int hash;

	pmksa->pmksa_count--;
	pmksa->free_cb(entry, pmksa->ctx);

	/* unlink from hash list */
	hash = PMKID_HASH(entry->pmkid);
	pos = pmksa->pmkid[hash];
	prev = NULL;
	while (pos) {
	if (pos == entry) {
	if (prev != NULL)
	prev->hnext = entry->hnext;
	else
	pmksa->pmkid[hash] = entry->hnext;
	break;
	}
	prev = pos;
	pos = pos->hnext;
	}

	/* unlink from entry list */
	pos = pmksa->pmksa;
	prev = NULL;
	while (pos) {
	if (pos == entry) {
	if (prev != NULL)
	prev->next = entry->next;
	else
	pmksa->pmksa = entry->next;
	break;
	}
	prev = pos;
	pos = pos->next;
	}

	_pmksa_cache_free_entry(entry);
	}


	static void pmksa_cache_expire(void eloop_ctx, void timeout_ctx)
	{
	struct rsn_pmksa_cache *pmksa = eloop_ctx;
	struct os_reltime now;

	os_get_reltime(&now);
	while (pmksa->pmksa && pmksa->pmksa->expiration <= now.sec) {
	wpa_printf(MSG_DEBUG, "RSN: expired PMKSA cache entry for "
	MACSTR, MAC2STR(pmksa->pmksa->spa));
	pmksa_cache_free_entry(pmksa, pmksa->pmksa);
	}

	pmksa_cache_set_expiration(pmksa);
	}


	static void pmksa_cache_set_expiration(struct rsn_pmksa_cache *pmksa)
	{
	int sec;
	struct os_reltime now;

	eloop_cancel_timeout(pmksa_cache_expire, pmksa, NULL);
	if (pmksa->pmksa == NULL)
	return;
	os_get_reltime(&now);
	sec = pmksa->pmksa->expiration - now.sec;
	if (sec < 0)
	sec = 0;
	eloop_register_timeout(sec + 1, 0, pmksa_cache_expire, pmksa, NULL);
	}


	static void pmksa_cache_from_eapol_data(struct rsn_pmksa_cache_entry *entry,
	struct eapol_state_machine *eapol)
	{
	if (eapol == NULL)
	return;

	if (eapol->identity) {
	entry->identity = os_malloc(eapol->identity_len);
	if (entry->identity) {
	entry->identity_len = eapol->identity_len;
	os_memcpy(entry->identity, eapol->identity,
	eapol->identity_len);
	}
	}

	if (eapol->radius_cui)
	entry->cui = wpabuf_dup(eapol->radius_cui);

	#ifndef CONFIG_NO_RADIUS
	radius_copy_class(&entry->radius_class, &eapol->radius_class);
	#endif /* CONFIG_NO_RADIUS */

	entry->eap_type_authsrv = eapol->eap_type_authsrv;
	entry->vlan_id = ((struct sta_info *) eapol->sta)->vlan_id;

	entry->acct_multi_session_id_hi = eapol->acct_multi_session_id_hi;
	entry->acct_multi_session_id_lo = eapol->acct_multi_session_id_lo;
	}


	void pmksa_cache_to_eapol_data(struct rsn_pmksa_cache_entry *entry,
	struct eapol_state_machine *eapol)
	{
	if (entry == NULL \|\| eapol == NULL)
	return;

	if (entry->identity) {
	os_free(eapol->identity);
	eapol->identity = os_malloc(entry->identity_len);
	if (eapol->identity) {
	eapol->identity_len = entry->identity_len;
	os_memcpy(eapol->identity, entry->identity,
	entry->identity_len);
	}
	wpa_hexdump_ascii(MSG_DEBUG, "STA identity from PMKSA",
	eapol->identity, eapol->identity_len);
	}

	if (entry->cui) {
	wpabuf_free(eapol->radius_cui);
	eapol->radius_cui = wpabuf_dup(entry->cui);
	}

	#ifndef CONFIG_NO_RADIUS
	radius_free_class(&eapol->radius_class);
	radius_copy_class(&eapol->radius_class, &entry->radius_class);
	#endif /* CONFIG_NO_RADIUS */
	if (eapol->radius_class.attr) {
	wpa_printf(MSG_DEBUG, "Copied %lu Class attribute(s) from "
	"PMKSA", (unsigned long) eapol->radius_class.count);
	}

	eapol->eap_type_authsrv = entry->eap_type_authsrv;
	((struct sta_info *) eapol->sta)->vlan_id = entry->vlan_id;

	eapol->acct_multi_session_id_hi = entry->acct_multi_session_id_hi;
	eapol->acct_multi_session_id_lo = entry->acct_multi_session_id_lo;
	}


	static void pmksa_cache_link_entry(struct rsn_pmksa_cache *pmksa,
	struct rsn_pmksa_cache_entry *entry)
	{
	struct rsn_pmksa_cache_entry pos, prev;
	int hash;

	/* Add the new entry; order by expiration time */
	pos = pmksa->pmksa;
	prev = NULL;
	while (pos) {
	if (pos->expiration > entry->expiration)
	break;
	prev = pos;
	pos = pos->next;
	}
	if (prev == NULL) {
	entry->next = pmksa->pmksa;
	pmksa->pmksa = entry;
	} else {
	entry->next = prev->next;
	prev->next = entry;
	}

	hash = PMKID_HASH(entry->pmkid);
	entry->hnext = pmksa->pmkid[hash];
	pmksa->pmkid[hash] = entry;

	pmksa->pmksa_count++;
	if (prev == NULL)
	pmksa_cache_set_expiration(pmksa);
	wpa_printf(MSG_DEBUG, "RSN: added PMKSA cache entry for " MACSTR,
	MAC2STR(entry->spa));
	wpa_hexdump(MSG_DEBUG, "RSN: added PMKID", entry->pmkid, PMKID_LEN);
	}


	/**
	* pmksa_cache_auth_add - Add a PMKSA cache entry
	* @pmksa: Pointer to PMKSA cache data from pmksa_cache_auth_init()
	* @pmk: The new pairwise master key
	* @pmk_len: PMK length in bytes, usually PMK_LEN (32)
	* @kck: Key confirmation key or %NULL if not yet derived
	* @kck_len: KCK length in bytes
	* @aa: Authenticator address
	* @spa: Supplicant address
	* @session_timeout: Session timeout
	* @eapol: Pointer to EAPOL state machine data
	* @akmp: WPA_KEY_MGMT_* used in key derivation
	* Returns: Pointer to the added PMKSA cache entry or %NULL on error
	*
	* This function create a PMKSA entry for a new PMK and adds it to the PMKSA
	* cache. If an old entry is already in the cache for the same Supplicant,
	* this entry will be replaced with the new entry. PMKID will be calculated
	* based on the PMK.
	*/
	struct rsn_pmksa_cache_entry *
	pmksa_cache_auth_add(struct rsn_pmksa_cache *pmksa,
	const u8 *pmk, size_t pmk_len,
	const u8 *kck, size_t kck_len,
	const u8 aa, const u8 spa, int session_timeout,
	struct eapol_state_machine *eapol, int akmp)
	{
	struct rsn_pmksa_cache_entry entry, pos;
	struct os_reltime now;

	if (pmk_len > PMK_LEN_MAX)
	return NULL;

	if (wpa_key_mgmt_suite_b(akmp) && !kck)
	return NULL;

	entry = os_zalloc(sizeof(*entry));
	if (entry == NULL)
	return NULL;
	os_memcpy(entry->pmk, pmk, pmk_len);
	entry->pmk_len = pmk_len;
	if (akmp == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
	rsn_pmkid_suite_b_192(kck, kck_len, aa, spa, entry->pmkid);
	else if (wpa_key_mgmt_suite_b(akmp))
	rsn_pmkid_suite_b(kck, kck_len, aa, spa, entry->pmkid);
	else
	rsn_pmkid(pmk, pmk_len, aa, spa, entry->pmkid,
	wpa_key_mgmt_sha256(akmp));
	os_get_reltime(&now);
	entry->expiration = now.sec;
	if (session_timeout > 0)
	entry->expiration += session_timeout;
	else
	entry->expiration += dot11RSNAConfigPMKLifetime;
	entry->akmp = akmp;
	os_memcpy(entry->spa, spa, ETH_ALEN);
	pmksa_cache_from_eapol_data(entry, eapol);

	/* Replace an old entry for the same STA (if found) with the new entry
	*/
	pos = pmksa_cache_auth_get(pmksa, spa, NULL);
	if (pos)
	pmksa_cache_free_entry(pmksa, pos);

	if (pmksa->pmksa_count >= pmksa_cache_max_entries && pmksa->pmksa) {
	/* Remove the oldest entry to make room for the new entry */
	wpa_printf(MSG_DEBUG, "RSN: removed the oldest PMKSA cache "
	"entry (for " MACSTR ") to make room for new one",
	MAC2STR(pmksa->pmksa->spa));
	pmksa_cache_free_entry(pmksa, pmksa->pmksa);
	}

	pmksa_cache_link_entry(pmksa, entry);

	return entry;
	}


	struct rsn_pmksa_cache_entry *
	pmksa_cache_add_okc(struct rsn_pmksa_cache *pmksa,
	const struct rsn_pmksa_cache_entry *old_entry,
	const u8 aa, const u8 pmkid)
	{
	struct rsn_pmksa_cache_entry *entry;

	entry = os_zalloc(sizeof(*entry));
	if (entry == NULL)
	return NULL;
	os_memcpy(entry->pmkid, pmkid, PMKID_LEN);
	os_memcpy(entry->pmk, old_entry->pmk, old_entry->pmk_len);
	entry->pmk_len = old_entry->pmk_len;
	entry->expiration = old_entry->expiration;
	entry->akmp = old_entry->akmp;
	os_memcpy(entry->spa, old_entry->spa, ETH_ALEN);
	entry->opportunistic = 1;
	if (old_entry->identity) {
	entry->identity = os_malloc(old_entry->identity_len);
	if (entry->identity) {
	entry->identity_len = old_entry->identity_len;
	os_memcpy(entry->identity, old_entry->identity,
	old_entry->identity_len);
	}
	}
	if (old_entry->cui)
	entry->cui = wpabuf_dup(old_entry->cui);
	#ifndef CONFIG_NO_RADIUS
	radius_copy_class(&entry->radius_class, &old_entry->radius_class);
	#endif /* CONFIG_NO_RADIUS */
	entry->eap_type_authsrv = old_entry->eap_type_authsrv;
	entry->vlan_id = old_entry->vlan_id;
	entry->opportunistic = 1;

	pmksa_cache_link_entry(pmksa, entry);

	return entry;
	}


	/**
	* pmksa_cache_auth_deinit - Free all entries in PMKSA cache
	* @pmksa: Pointer to PMKSA cache data from pmksa_cache_auth_init()
	*/
	void pmksa_cache_auth_deinit(struct rsn_pmksa_cache *pmksa)
	{
	struct rsn_pmksa_cache_entry entry, prev;
	int i;

	if (pmksa == NULL)
	return;

	entry = pmksa->pmksa;
	while (entry) {
	prev = entry;
	entry = entry->next;
	_pmksa_cache_free_entry(prev);
	}
	eloop_cancel_timeout(pmksa_cache_expire, pmksa, NULL);
	pmksa->pmksa_count = 0;
	pmksa->pmksa = NULL;
	for (i = 0; i < PMKID_HASH_SIZE; i++)
	pmksa->pmkid[i] = NULL;
	os_free(pmksa);
	}


	/**
	* pmksa_cache_auth_get - Fetch a PMKSA cache entry
	* @pmksa: Pointer to PMKSA cache data from pmksa_cache_auth_init()
	* @spa: Supplicant address or %NULL to match any
	* @pmkid: PMKID or %NULL to match any
	* Returns: Pointer to PMKSA cache entry or %NULL if no match was found
	*/
	struct rsn_pmksa_cache_entry *
	pmksa_cache_auth_get(struct rsn_pmksa_cache *pmksa,
	const u8 spa, const u8 pmkid)
	{
	struct rsn_pmksa_cache_entry *entry;

	if (pmkid) {
	for (entry = pmksa->pmkid[PMKID_HASH(pmkid)]; entry;
	entry = entry->hnext) {
	if ((spa == NULL \|\|
	os_memcmp(entry->spa, spa, ETH_ALEN) == 0) &&
	os_memcmp(entry->pmkid, pmkid, PMKID_LEN) == 0)
	return entry;
	}
	} else {
	for (entry = pmksa->pmksa; entry; entry = entry->next) {
	if (spa == NULL \|\|
	os_memcmp(entry->spa, spa, ETH_ALEN) == 0)
	return entry;
	}
	}

	return NULL;
	}


	/**
	* pmksa_cache_get_okc - Fetch a PMKSA cache entry using OKC
	* @pmksa: Pointer to PMKSA cache data from pmksa_cache_auth_init()
	* @aa: Authenticator address
	* @spa: Supplicant address
	* @pmkid: PMKID
	* Returns: Pointer to PMKSA cache entry or %NULL if no match was found
	*
	* Use opportunistic key caching (OKC) to find a PMK for a supplicant.
	*/
	struct rsn_pmksa_cache_entry * pmksa_cache_get_okc(
	struct rsn_pmksa_cache pmksa, const u8 aa, const u8 *spa,
	const u8 *pmkid)
	{
	struct rsn_pmksa_cache_entry *entry;
	u8 new_pmkid[PMKID_LEN];

	for (entry = pmksa->pmksa; entry; entry = entry->next) {
	if (os_memcmp(entry->spa, spa, ETH_ALEN) != 0)
	continue;
	rsn_pmkid(entry->pmk, entry->pmk_len, aa, spa, new_pmkid,
	wpa_key_mgmt_sha256(entry->akmp));
	if (os_memcmp(new_pmkid, pmkid, PMKID_LEN) == 0)
	return entry;
	}
	return NULL;
	}


	/**
	* pmksa_cache_auth_init - Initialize PMKSA cache
	* @free_cb: Callback function to be called when a PMKSA cache entry is freed
	* @ctx: Context pointer for free_cb function
	* Returns: Pointer to PMKSA cache data or %NULL on failure
	*/
	struct rsn_pmksa_cache *
	pmksa_cache_auth_init(void (free_cb)(struct rsn_pmksa_cache_entry entry,
	void ctx), void ctx)
	{
	struct rsn_pmksa_cache *pmksa;

	pmksa = os_zalloc(sizeof(*pmksa));
	if (pmksa) {
	pmksa->free_cb = free_cb;
	pmksa->ctx = ctx;
	}

	return pmksa;
	}


	static int das_attr_match(struct rsn_pmksa_cache_entry *entry,
	struct radius_das_attrs *attr)
	{
	int match = 0;

	if (attr->sta_addr) {
	if (os_memcmp(attr->sta_addr, entry->spa, ETH_ALEN) != 0)
	return 0;
	match++;
	}

	if (attr->acct_multi_session_id) {
	char buf[20];

	if (attr->acct_multi_session_id_len != 17)
	return 0;
	os_snprintf(buf, sizeof(buf), "%08X+%08X",
	entry->acct_multi_session_id_hi,
	entry->acct_multi_session_id_lo);
	if (os_memcmp(attr->acct_multi_session_id, buf, 17) != 0)
	return 0;
	match++;
	}

	if (attr->cui) {
	if (!entry->cui \|\|
	attr->cui_len != wpabuf_len(entry->cui) \|\|
	os_memcmp(attr->cui, wpabuf_head(entry->cui),
	attr->cui_len) != 0)
	return 0;
	match++;
	}

	if (attr->user_name) {
	if (!entry->identity \|\|
	attr->user_name_len != entry->identity_len \|\|
	os_memcmp(attr->user_name, entry->identity,
	attr->user_name_len) != 0)
	return 0;
	match++;
	}

	return match;
	}


	int pmksa_cache_auth_radius_das_disconnect(struct rsn_pmksa_cache *pmksa,
	struct radius_das_attrs *attr)
	{
	int found = 0;
	struct rsn_pmksa_cache_entry entry, prev;

	if (attr->acct_session_id)
	return -1;

	entry = pmksa->pmksa;
	while (entry) {
	if (das_attr_match(entry, attr)) {
	found++;
	prev = entry;
	entry = entry->next;
	pmksa_cache_free_entry(pmksa, prev);
	continue;
	}
	entry = entry->next;
	}

	return found ? 0 : -1;
	}