2 * RSN pre-authentication (supplicant)
3 * Copyright (c) 2003-2010, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
20 #include "l2_packet/l2_packet.h"
21 #include "eapol_supp/eapol_supp_sm.h"
23 #include "pmksa_cache.h"
27 #if defined(IEEE8021X_EAPOL) && !defined(CONFIG_NO_WPA2)
29 #define PMKID_CANDIDATE_PRIO_SCAN 1000
32 struct rsn_pmksa_candidate
{
40 * pmksa_candidate_free - Free all entries in PMKSA candidate list
41 * @sm: Pointer to WPA state machine data from wpa_sm_init()
43 void pmksa_candidate_free(struct wpa_sm
*sm
)
45 struct rsn_pmksa_candidate
*entry
, *n
;
50 dl_list_for_each_safe(entry
, n
, &sm
->pmksa_candidates
,
51 struct rsn_pmksa_candidate
, list
) {
52 dl_list_del(&entry
->list
);
58 static void rsn_preauth_receive(void *ctx
, const u8
*src_addr
,
59 const u8
*buf
, size_t len
)
61 struct wpa_sm
*sm
= ctx
;
63 wpa_printf(MSG_DEBUG
, "RX pre-auth from " MACSTR
, MAC2STR(src_addr
));
64 wpa_hexdump(MSG_MSGDUMP
, "RX pre-auth", buf
, len
);
66 if (sm
->preauth_eapol
== NULL
||
67 is_zero_ether_addr(sm
->preauth_bssid
) ||
68 os_memcmp(sm
->preauth_bssid
, src_addr
, ETH_ALEN
) != 0) {
69 wpa_printf(MSG_WARNING
, "RSN pre-auth frame received from "
70 "unexpected source " MACSTR
" - dropped",
75 eapol_sm_rx_eapol(sm
->preauth_eapol
, src_addr
, buf
, len
);
79 static void rsn_preauth_eapol_cb(struct eapol_sm
*eapol
, int success
,
82 struct wpa_sm
*sm
= ctx
;
88 res
= eapol_sm_get_key(eapol
, pmk
, PMK_LEN
);
91 * EAP-LEAP is an exception from other EAP methods: it
92 * uses only 16-byte PMK.
94 res
= eapol_sm_get_key(eapol
, pmk
, 16);
98 wpa_hexdump_key(MSG_DEBUG
, "RSN: PMK from pre-auth",
100 sm
->pmk_len
= pmk_len
;
101 pmksa_cache_add(sm
->pmksa
, pmk
, pmk_len
,
102 sm
->preauth_bssid
, sm
->own_addr
,
104 WPA_KEY_MGMT_IEEE8021X
);
106 wpa_msg(sm
->ctx
->msg_ctx
, MSG_INFO
,
107 "RSN: failed to get master session key from "
108 "pre-auth EAPOL state machines");
113 wpa_msg(sm
->ctx
->msg_ctx
, MSG_INFO
, "RSN: pre-authentication with "
114 MACSTR
" %s", MAC2STR(sm
->preauth_bssid
),
115 success
? "completed successfully" : "failed");
117 rsn_preauth_deinit(sm
);
118 rsn_preauth_candidate_process(sm
);
122 static void rsn_preauth_timeout(void *eloop_ctx
, void *timeout_ctx
)
124 struct wpa_sm
*sm
= eloop_ctx
;
126 wpa_msg(sm
->ctx
->msg_ctx
, MSG_INFO
, "RSN: pre-authentication with "
127 MACSTR
" timed out", MAC2STR(sm
->preauth_bssid
));
128 rsn_preauth_deinit(sm
);
129 rsn_preauth_candidate_process(sm
);
133 static int rsn_preauth_eapol_send(void *ctx
, int type
, const u8
*buf
,
136 struct wpa_sm
*sm
= ctx
;
141 /* TODO: could add l2_packet_sendmsg that allows fragments to avoid
144 if (sm
->l2_preauth
== NULL
)
147 msg
= wpa_sm_alloc_eapol(sm
, type
, buf
, len
, &msglen
, NULL
);
151 wpa_hexdump(MSG_MSGDUMP
, "TX EAPOL (preauth)", msg
, msglen
);
152 res
= l2_packet_send(sm
->l2_preauth
, sm
->preauth_bssid
,
153 ETH_P_RSN_PREAUTH
, msg
, msglen
);
160 * rsn_preauth_init - Start new RSN pre-authentication
161 * @sm: Pointer to WPA state machine data from wpa_sm_init()
162 * @dst: Authenticator address (BSSID) with which to preauthenticate
163 * @eap_conf: Current EAP configuration
164 * Returns: 0 on success, -1 on another pre-authentication is in progress,
165 * -2 on layer 2 packet initialization failure, -3 on EAPOL state machine
166 * initialization failure, -4 on memory allocation failure
168 * This function request an RSN pre-authentication with a given destination
169 * address. This is usually called for PMKSA candidates found from scan results
170 * or from driver reports. In addition, ctrl_iface PREAUTH command can trigger
171 * pre-authentication.
173 int rsn_preauth_init(struct wpa_sm
*sm
, const u8
*dst
,
174 struct eap_peer_config
*eap_conf
)
176 struct eapol_config eapol_conf
;
177 struct eapol_ctx
*ctx
;
179 if (sm
->preauth_eapol
)
182 wpa_msg(sm
->ctx
->msg_ctx
, MSG_DEBUG
,
183 "RSN: starting pre-authentication with " MACSTR
, MAC2STR(dst
));
185 sm
->l2_preauth
= l2_packet_init(sm
->ifname
, sm
->own_addr
,
187 rsn_preauth_receive
, sm
, 0);
188 if (sm
->l2_preauth
== NULL
) {
189 wpa_printf(MSG_WARNING
, "RSN: Failed to initialize L2 packet "
190 "processing for pre-authentication");
194 if (sm
->bridge_ifname
) {
195 sm
->l2_preauth_br
= l2_packet_init(sm
->bridge_ifname
,
198 rsn_preauth_receive
, sm
, 0);
199 if (sm
->l2_preauth_br
== NULL
) {
200 wpa_printf(MSG_WARNING
, "RSN: Failed to initialize L2 "
201 "packet processing (bridge) for "
202 "pre-authentication");
207 ctx
= os_zalloc(sizeof(*ctx
));
209 wpa_printf(MSG_WARNING
, "Failed to allocate EAPOL context.");
212 ctx
->ctx
= sm
->ctx
->ctx
;
213 ctx
->msg_ctx
= sm
->ctx
->ctx
;
215 ctx
->cb
= rsn_preauth_eapol_cb
;
217 ctx
->scard_ctx
= sm
->scard_ctx
;
218 ctx
->eapol_send
= rsn_preauth_eapol_send
;
219 ctx
->eapol_send_ctx
= sm
;
220 ctx
->set_config_blob
= sm
->ctx
->set_config_blob
;
221 ctx
->get_config_blob
= sm
->ctx
->get_config_blob
;
223 sm
->preauth_eapol
= eapol_sm_init(ctx
);
224 if (sm
->preauth_eapol
== NULL
) {
226 wpa_printf(MSG_WARNING
, "RSN: Failed to initialize EAPOL "
227 "state machines for pre-authentication");
230 os_memset(&eapol_conf
, 0, sizeof(eapol_conf
));
231 eapol_conf
.accept_802_1x_keys
= 0;
232 eapol_conf
.required_keys
= 0;
233 eapol_conf
.fast_reauth
= sm
->fast_reauth
;
234 eapol_conf
.workaround
= sm
->eap_workaround
;
235 eapol_sm_notify_config(sm
->preauth_eapol
, eap_conf
, &eapol_conf
);
237 * Use a shorter startPeriod with preauthentication since the first
238 * preauth EAPOL-Start frame may end up being dropped due to race
239 * condition in the AP between the data receive and key configuration
240 * after the 4-Way Handshake.
242 eapol_sm_configure(sm
->preauth_eapol
, -1, -1, 5, 6);
243 os_memcpy(sm
->preauth_bssid
, dst
, ETH_ALEN
);
245 eapol_sm_notify_portValid(sm
->preauth_eapol
, TRUE
);
246 /* 802.1X::portControl = Auto */
247 eapol_sm_notify_portEnabled(sm
->preauth_eapol
, TRUE
);
249 eloop_register_timeout(sm
->dot11RSNAConfigSATimeout
, 0,
250 rsn_preauth_timeout
, sm
, NULL
);
257 * rsn_preauth_deinit - Abort RSN pre-authentication
258 * @sm: Pointer to WPA state machine data from wpa_sm_init()
260 * This function aborts the current RSN pre-authentication (if one is started)
261 * and frees resources allocated for it.
263 void rsn_preauth_deinit(struct wpa_sm
*sm
)
265 if (sm
== NULL
|| !sm
->preauth_eapol
)
268 eloop_cancel_timeout(rsn_preauth_timeout
, sm
, NULL
);
269 eapol_sm_deinit(sm
->preauth_eapol
);
270 sm
->preauth_eapol
= NULL
;
271 os_memset(sm
->preauth_bssid
, 0, ETH_ALEN
);
273 l2_packet_deinit(sm
->l2_preauth
);
274 sm
->l2_preauth
= NULL
;
275 if (sm
->l2_preauth_br
) {
276 l2_packet_deinit(sm
->l2_preauth_br
);
277 sm
->l2_preauth_br
= NULL
;
283 * rsn_preauth_candidate_process - Process PMKSA candidates
284 * @sm: Pointer to WPA state machine data from wpa_sm_init()
286 * Go through the PMKSA candidates and start pre-authentication if a candidate
287 * without an existing PMKSA cache entry is found. Processed candidates will be
288 * removed from the list.
290 void rsn_preauth_candidate_process(struct wpa_sm
*sm
)
292 struct rsn_pmksa_candidate
*candidate
, *n
;
294 if (dl_list_empty(&sm
->pmksa_candidates
))
297 /* TODO: drop priority for old candidate entries */
299 wpa_msg(sm
->ctx
->msg_ctx
, MSG_DEBUG
, "RSN: processing PMKSA candidate "
301 if (sm
->preauth_eapol
||
302 sm
->proto
!= WPA_PROTO_RSN
||
303 wpa_sm_get_state(sm
) != WPA_COMPLETED
||
304 (sm
->key_mgmt
!= WPA_KEY_MGMT_IEEE8021X
&&
305 sm
->key_mgmt
!= WPA_KEY_MGMT_IEEE8021X_SHA256
)) {
306 wpa_msg(sm
->ctx
->msg_ctx
, MSG_DEBUG
, "RSN: not in suitable "
307 "state for new pre-authentication");
308 return; /* invalid state for new pre-auth */
311 dl_list_for_each_safe(candidate
, n
, &sm
->pmksa_candidates
,
312 struct rsn_pmksa_candidate
, list
) {
313 struct rsn_pmksa_cache_entry
*p
= NULL
;
314 p
= pmksa_cache_get(sm
->pmksa
, candidate
->bssid
, NULL
);
315 if (os_memcmp(sm
->bssid
, candidate
->bssid
, ETH_ALEN
) != 0 &&
316 (p
== NULL
|| p
->opportunistic
)) {
317 wpa_msg(sm
->ctx
->msg_ctx
, MSG_DEBUG
, "RSN: PMKSA "
319 " selected for pre-authentication",
320 MAC2STR(candidate
->bssid
));
321 dl_list_del(&candidate
->list
);
322 rsn_preauth_init(sm
, candidate
->bssid
,
327 wpa_msg(sm
->ctx
->msg_ctx
, MSG_DEBUG
, "RSN: PMKSA candidate "
328 MACSTR
" does not need pre-authentication anymore",
329 MAC2STR(candidate
->bssid
));
330 /* Some drivers (e.g., NDIS) expect to get notified about the
331 * PMKIDs again, so report the existing data now. */
333 wpa_sm_add_pmkid(sm
, candidate
->bssid
, p
->pmkid
);
336 dl_list_del(&candidate
->list
);
339 wpa_msg(sm
->ctx
->msg_ctx
, MSG_DEBUG
, "RSN: no more pending PMKSA "
345 * pmksa_candidate_add - Add a new PMKSA candidate
346 * @sm: Pointer to WPA state machine data from wpa_sm_init()
347 * @bssid: BSSID (authenticator address) of the candidate
348 * @prio: Priority (the smaller number, the higher priority)
349 * @preauth: Whether the candidate AP advertises support for pre-authentication
351 * This function is used to add PMKSA candidates for RSN pre-authentication. It
352 * is called from scan result processing and from driver events for PMKSA
353 * candidates, i.e., EVENT_PMKID_CANDIDATE events to wpa_supplicant_event().
355 void pmksa_candidate_add(struct wpa_sm
*sm
, const u8
*bssid
,
356 int prio
, int preauth
)
358 struct rsn_pmksa_candidate
*cand
, *pos
;
360 if (sm
->network_ctx
&& sm
->proactive_key_caching
)
361 pmksa_cache_get_opportunistic(sm
->pmksa
, sm
->network_ctx
,
365 wpa_printf(MSG_DEBUG
, "RSN: Ignored PMKID candidate without "
370 /* If BSSID already on candidate list, update the priority of the old
371 * entry. Do not override priority based on normal scan results. */
373 dl_list_for_each(pos
, &sm
->pmksa_candidates
,
374 struct rsn_pmksa_candidate
, list
) {
375 if (os_memcmp(pos
->bssid
, bssid
, ETH_ALEN
) == 0) {
382 dl_list_del(&cand
->list
);
383 if (prio
< PMKID_CANDIDATE_PRIO_SCAN
)
384 cand
->priority
= prio
;
386 cand
= os_zalloc(sizeof(*cand
));
389 os_memcpy(cand
->bssid
, bssid
, ETH_ALEN
);
390 cand
->priority
= prio
;
393 /* Add candidate to the list; order by increasing priority value. i.e.,
394 * highest priority (smallest value) first. */
395 dl_list_for_each(pos
, &sm
->pmksa_candidates
,
396 struct rsn_pmksa_candidate
, list
) {
397 if (cand
->priority
<= pos
->priority
) {
398 dl_list_add(pos
->list
.prev
, &cand
->list
);
404 dl_list_add_tail(&sm
->pmksa_candidates
, &cand
->list
);
406 wpa_msg(sm
->ctx
->msg_ctx
, MSG_DEBUG
, "RSN: added PMKSA cache "
407 "candidate " MACSTR
" prio %d", MAC2STR(bssid
), prio
);
408 rsn_preauth_candidate_process(sm
);
412 /* TODO: schedule periodic scans if current AP supports preauth */
415 * rsn_preauth_scan_results - Start processing scan results for canditates
416 * @sm: Pointer to WPA state machine data from wpa_sm_init()
417 * Returns: 0 if ready to process results or -1 to skip processing
419 * This functions is used to notify RSN code about start of new scan results
420 * processing. The actual scan results will be provided by calling
421 * rsn_preauth_scan_result() for each BSS if this function returned 0.
423 int rsn_preauth_scan_results(struct wpa_sm
*sm
)
425 if (sm
->ssid_len
== 0)
429 * TODO: is it ok to free all candidates? What about the entries
430 * received from EVENT_PMKID_CANDIDATE?
432 pmksa_candidate_free(sm
);
439 * rsn_preauth_scan_result - Processing scan result for PMKSA canditates
440 * @sm: Pointer to WPA state machine data from wpa_sm_init()
442 * Add all suitable APs (Authenticators) from scan results into PMKSA
445 void rsn_preauth_scan_result(struct wpa_sm
*sm
, const u8
*bssid
,
446 const u8
*ssid
, const u8
*rsn
)
448 struct wpa_ie_data ie
;
449 struct rsn_pmksa_cache_entry
*pmksa
;
451 if (ssid
[1] != sm
->ssid_len
||
452 os_memcmp(ssid
+ 2, sm
->ssid
, sm
->ssid_len
) != 0)
453 return; /* Not for the current SSID */
455 if (os_memcmp(bssid
, sm
->bssid
, ETH_ALEN
) == 0)
456 return; /* Ignore current AP */
458 if (wpa_parse_wpa_ie(rsn
, 2 + rsn
[1], &ie
))
461 pmksa
= pmksa_cache_get(sm
->pmksa
, bssid
, NULL
);
462 if (pmksa
&& (!pmksa
->opportunistic
||
463 !(ie
.capabilities
& WPA_CAPABILITY_PREAUTH
)))
466 /* Give less priority to candidates found from normal scan results. */
467 pmksa_candidate_add(sm
, bssid
, PMKID_CANDIDATE_PRIO_SCAN
,
468 ie
.capabilities
& WPA_CAPABILITY_PREAUTH
);
472 #ifdef CONFIG_CTRL_IFACE
474 * rsn_preauth_get_status - Get pre-authentication status
475 * @sm: Pointer to WPA state machine data from wpa_sm_init()
476 * @buf: Buffer for status information
477 * @buflen: Maximum buffer length
478 * @verbose: Whether to include verbose status information
479 * Returns: Number of bytes written to buf.
481 * Query WPA2 pre-authentication for status information. This function fills in
482 * a text area with current status information. If the buffer (buf) is not
483 * large enough, status information will be truncated to fit the buffer.
485 int rsn_preauth_get_status(struct wpa_sm
*sm
, char *buf
, size_t buflen
,
488 char *pos
= buf
, *end
= buf
+ buflen
;
491 if (sm
->preauth_eapol
) {
492 ret
= os_snprintf(pos
, end
- pos
, "Pre-authentication "
493 "EAPOL state machines:\n");
494 if (ret
< 0 || ret
>= end
- pos
)
497 res
= eapol_sm_get_status(sm
->preauth_eapol
,
498 pos
, end
- pos
, verbose
);
505 #endif /* CONFIG_CTRL_IFACE */
509 * rsn_preauth_in_progress - Verify whether pre-authentication is in progress
510 * @sm: Pointer to WPA state machine data from wpa_sm_init()
512 int rsn_preauth_in_progress(struct wpa_sm
*sm
)
514 return sm
->preauth_eapol
!= NULL
;
517 #endif /* IEEE8021X_EAPOL and !CONFIG_NO_WPA2 */