Lines Matching +full:pre +full:- +full:processing
2 * RSN pre-authentication (supplicant)
3 * Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi>
34 * pmksa_candidate_free - Free all entries in PMKSA candidate list
44 dl_list_for_each_safe(entry, n, &sm->pmksa_candidates, in pmksa_candidate_free()
46 dl_list_del(&entry->list); in pmksa_candidate_free()
67 wpa_printf(MSG_DEBUG, "RX pre-auth from " MACSTR, MAC2STR(src_addr)); in rsn_preauth_receive()
68 wpa_hexdump(MSG_MSGDUMP, "RX pre-auth", buf, len); in rsn_preauth_receive()
70 if (sm->preauth_eapol == NULL || in rsn_preauth_receive()
71 is_zero_ether_addr(sm->preauth_bssid) || in rsn_preauth_receive()
72 !ether_addr_equal(sm->preauth_bssid, src_addr)) { in rsn_preauth_receive()
73 wpa_printf(MSG_WARNING, "RSN pre-auth frame received from " in rsn_preauth_receive()
74 "unexpected source " MACSTR " - dropped", in rsn_preauth_receive()
79 eapol_sm_rx_eapol(sm->preauth_eapol, src_addr, buf, len, in rsn_preauth_receive()
97 * EAP-LEAP is an exception from other EAP methods: it in rsn_preauth_eapol_cb()
98 * uses only 16-byte PMK. in rsn_preauth_eapol_cb()
104 wpa_hexdump_key(MSG_DEBUG, "RSN: PMK from pre-auth", in rsn_preauth_eapol_cb()
106 sm->pmk_len = pmk_len; in rsn_preauth_eapol_cb()
107 pmksa_cache_add(sm->pmksa, pmk, pmk_len, NULL, in rsn_preauth_eapol_cb()
109 sm->preauth_bssid, sm->own_addr, in rsn_preauth_eapol_cb()
110 sm->network_ctx, in rsn_preauth_eapol_cb()
113 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in rsn_preauth_eapol_cb()
115 "pre-auth EAPOL state machines"); in rsn_preauth_eapol_cb()
120 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "RSN: pre-authentication with " in rsn_preauth_eapol_cb()
121 MACSTR " %s", MAC2STR(sm->preauth_bssid), in rsn_preauth_eapol_cb()
134 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "RSN: pre-authentication with " in rsn_preauth_timeout()
135 MACSTR " timed out", MAC2STR(sm->preauth_bssid)); in rsn_preauth_timeout()
152 if (sm->l2_preauth == NULL) in rsn_preauth_eapol_send()
153 return -1; in rsn_preauth_eapol_send()
157 return -1; in rsn_preauth_eapol_send()
160 res = l2_packet_send(sm->l2_preauth, sm->preauth_bssid, in rsn_preauth_eapol_send()
168 * rsn_preauth_init - Start new RSN pre-authentication
172 * Returns: 0 on success, -1 on another pre-authentication is in progress,
173 * -2 on layer 2 packet initialization failure, -3 on EAPOL state machine
174 * initialization failure, -4 on memory allocation failure
176 * This function request an RSN pre-authentication with a given destination
179 * pre-authentication.
188 if (sm->preauth_eapol) in rsn_preauth_init()
189 return -1; in rsn_preauth_init()
191 wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG, in rsn_preauth_init()
192 "RSN: starting pre-authentication with " MACSTR, MAC2STR(dst)); in rsn_preauth_init()
194 sm->l2_preauth = l2_packet_init(sm->ifname, sm->own_addr, in rsn_preauth_init()
197 if (sm->l2_preauth == NULL) { in rsn_preauth_init()
199 "processing for pre-authentication"); in rsn_preauth_init()
200 return -2; in rsn_preauth_init()
203 if (sm->bridge_ifname) { in rsn_preauth_init()
204 sm->l2_preauth_br = l2_packet_init(sm->bridge_ifname, in rsn_preauth_init()
205 sm->own_addr, in rsn_preauth_init()
208 if (sm->l2_preauth_br == NULL) { in rsn_preauth_init()
210 "packet processing (bridge) for " in rsn_preauth_init()
211 "pre-authentication"); in rsn_preauth_init()
212 ret = -2; in rsn_preauth_init()
220 ret = -4; in rsn_preauth_init()
223 ctx->ctx = sm->ctx->ctx; in rsn_preauth_init()
224 ctx->msg_ctx = sm->ctx->ctx; in rsn_preauth_init()
225 ctx->preauth = 1; in rsn_preauth_init()
226 ctx->cb = rsn_preauth_eapol_cb; in rsn_preauth_init()
227 ctx->cb_ctx = sm; in rsn_preauth_init()
228 ctx->scard_ctx = sm->scard_ctx; in rsn_preauth_init()
229 ctx->eapol_send = rsn_preauth_eapol_send; in rsn_preauth_init()
230 ctx->eapol_send_ctx = sm; in rsn_preauth_init()
231 ctx->set_config_blob = sm->ctx->set_config_blob; in rsn_preauth_init()
232 ctx->get_config_blob = sm->ctx->get_config_blob; in rsn_preauth_init()
234 sm->preauth_eapol = eapol_sm_init(ctx); in rsn_preauth_init()
235 if (sm->preauth_eapol == NULL) { in rsn_preauth_init()
238 "state machines for pre-authentication"); in rsn_preauth_init()
239 ret = -3; in rsn_preauth_init()
245 eapol_conf.fast_reauth = sm->fast_reauth; in rsn_preauth_init()
246 eapol_conf.workaround = sm->eap_workaround; in rsn_preauth_init()
247 eapol_sm_notify_config(sm->preauth_eapol, eap_conf, &eapol_conf); in rsn_preauth_init()
250 * preauth EAPOL-Start frame may end up being dropped due to race in rsn_preauth_init()
252 * after the 4-Way Handshake. in rsn_preauth_init()
254 eapol_sm_configure(sm->preauth_eapol, -1, -1, 5, 6); in rsn_preauth_init()
255 os_memcpy(sm->preauth_bssid, dst, ETH_ALEN); in rsn_preauth_init()
257 eapol_sm_notify_portValid(sm->preauth_eapol, true); in rsn_preauth_init()
259 eapol_sm_notify_portEnabled(sm->preauth_eapol, true); in rsn_preauth_init()
261 eloop_register_timeout(sm->dot11RSNAConfigSATimeout, 0, in rsn_preauth_init()
267 if (sm->l2_preauth_br) { in rsn_preauth_init()
268 l2_packet_deinit(sm->l2_preauth_br); in rsn_preauth_init()
269 sm->l2_preauth_br = NULL; in rsn_preauth_init()
271 l2_packet_deinit(sm->l2_preauth); in rsn_preauth_init()
272 sm->l2_preauth = NULL; in rsn_preauth_init()
278 * rsn_preauth_deinit - Abort RSN pre-authentication
281 * This function aborts the current RSN pre-authentication (if one is started)
286 if (sm == NULL || !sm->preauth_eapol) in rsn_preauth_deinit()
290 eapol_sm_deinit(sm->preauth_eapol); in rsn_preauth_deinit()
291 sm->preauth_eapol = NULL; in rsn_preauth_deinit()
292 os_memset(sm->preauth_bssid, 0, ETH_ALEN); in rsn_preauth_deinit()
294 l2_packet_deinit(sm->l2_preauth); in rsn_preauth_deinit()
295 sm->l2_preauth = NULL; in rsn_preauth_deinit()
296 if (sm->l2_preauth_br) { in rsn_preauth_deinit()
297 l2_packet_deinit(sm->l2_preauth_br); in rsn_preauth_deinit()
298 sm->l2_preauth_br = NULL; in rsn_preauth_deinit()
304 * rsn_preauth_candidate_process - Process PMKSA candidates
307 * Go through the PMKSA candidates and start pre-authentication if a candidate
315 if (dl_list_empty(&sm->pmksa_candidates)) in rsn_preauth_candidate_process()
320 wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: processing PMKSA candidate " in rsn_preauth_candidate_process()
322 if (sm->preauth_eapol || in rsn_preauth_candidate_process()
323 sm->proto != WPA_PROTO_RSN || in rsn_preauth_candidate_process()
325 !rsn_preauth_key_mgmt(sm->key_mgmt)) { in rsn_preauth_candidate_process()
326 wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: not in suitable " in rsn_preauth_candidate_process()
327 "state for new pre-authentication"); in rsn_preauth_candidate_process()
328 return; /* invalid state for new pre-auth */ in rsn_preauth_candidate_process()
331 dl_list_for_each_safe(candidate, n, &sm->pmksa_candidates, in rsn_preauth_candidate_process()
334 p = pmksa_cache_get(sm->pmksa, candidate->bssid, sm->own_addr, in rsn_preauth_candidate_process()
336 if (!ether_addr_equal(sm->bssid, candidate->bssid) && in rsn_preauth_candidate_process()
337 (p == NULL || p->opportunistic)) { in rsn_preauth_candidate_process()
338 wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: PMKSA " in rsn_preauth_candidate_process()
340 " selected for pre-authentication", in rsn_preauth_candidate_process()
341 MAC2STR(candidate->bssid)); in rsn_preauth_candidate_process()
342 dl_list_del(&candidate->list); in rsn_preauth_candidate_process()
343 rsn_preauth_init(sm, candidate->bssid, in rsn_preauth_candidate_process()
344 sm->eap_conf_ctx); in rsn_preauth_candidate_process()
348 wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: PMKSA candidate " in rsn_preauth_candidate_process()
349 MACSTR " does not need pre-authentication anymore", in rsn_preauth_candidate_process()
350 MAC2STR(candidate->bssid)); in rsn_preauth_candidate_process()
354 wpa_sm_add_pmkid(sm, NULL, candidate->bssid, p->pmkid, in rsn_preauth_candidate_process()
355 NULL, p->pmk, p->pmk_len, 0, 0, in rsn_preauth_candidate_process()
356 p->akmp); in rsn_preauth_candidate_process()
359 dl_list_del(&candidate->list); in rsn_preauth_candidate_process()
362 wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: no more pending PMKSA " in rsn_preauth_candidate_process()
368 * pmksa_candidate_add - Add a new PMKSA candidate
372 * @preauth: Whether the candidate AP advertises support for pre-authentication
374 * This function is used to add PMKSA candidates for RSN pre-authentication. It
375 * is called from scan result processing and from driver events for PMKSA
383 if (sm->network_ctx && sm->proactive_key_caching) in pmksa_candidate_add()
384 pmksa_cache_get_opportunistic(sm->pmksa, sm->network_ctx, in pmksa_candidate_add()
396 dl_list_for_each(pos, &sm->pmksa_candidates, in pmksa_candidate_add()
398 if (ether_addr_equal(pos->bssid, bssid)) { in pmksa_candidate_add()
405 dl_list_del(&cand->list); in pmksa_candidate_add()
407 cand->priority = prio; in pmksa_candidate_add()
412 os_memcpy(cand->bssid, bssid, ETH_ALEN); in pmksa_candidate_add()
413 cand->priority = prio; in pmksa_candidate_add()
418 dl_list_for_each(pos, &sm->pmksa_candidates, in pmksa_candidate_add()
420 if (cand->priority <= pos->priority) { in pmksa_candidate_add()
421 if (!pos->list.prev) { in pmksa_candidate_add()
427 * dl_list_del(&cand->list) call above and ends in pmksa_candidate_add()
428 * up assuming pos->list.prev could be NULL. in pmksa_candidate_add()
433 dl_list_add(pos->list.prev, &cand->list); in pmksa_candidate_add()
439 dl_list_add_tail(&sm->pmksa_candidates, &cand->list); in pmksa_candidate_add()
441 wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: added PMKSA cache " in pmksa_candidate_add()
450 * rsn_preauth_scan_results - Start processing scan results for canditates
452 * Returns: 0 if ready to process results or -1 to skip processing
455 * processing. The actual scan results will be provided by calling
460 if (sm->ssid_len == 0) in rsn_preauth_scan_results()
461 return -1; in rsn_preauth_scan_results()
474 * rsn_preauth_scan_result - Processing scan result for PMKSA canditates
486 if (ssid[1] != sm->ssid_len || in rsn_preauth_scan_result()
487 os_memcmp(ssid + 2, sm->ssid, sm->ssid_len) != 0) in rsn_preauth_scan_result()
490 if (ether_addr_equal(bssid, sm->bssid)) in rsn_preauth_scan_result()
496 pmksa = pmksa_cache_get(sm->pmksa, bssid, sm->own_addr, NULL, NULL, 0); in rsn_preauth_scan_result()
497 if (pmksa && (!pmksa->opportunistic || in rsn_preauth_scan_result()
512 * rsn_preauth_get_status - Get pre-authentication status
519 * Query WPA2 pre-authentication for status information. This function fills in
529 if (sm->preauth_eapol) { in rsn_preauth_get_status()
530 ret = os_snprintf(pos, end - pos, "Pre-authentication " in rsn_preauth_get_status()
532 if (os_snprintf_error(end - pos, ret)) in rsn_preauth_get_status()
533 return pos - buf; in rsn_preauth_get_status()
535 res = eapol_sm_get_status(sm->preauth_eapol, in rsn_preauth_get_status()
536 pos, end - pos, verbose); in rsn_preauth_get_status()
541 return pos - buf; in rsn_preauth_get_status()
547 * rsn_preauth_in_progress - Verify whether pre-authentication is in progress
552 return sm->preauth_eapol != NULL; in rsn_preauth_in_progress()