static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm, const unsigned char *src_addr, const struct wpa_eapol_key *key, int extra_len, u16 ver) { u16 key_info, keydatalen; int rekey, ret; struct wpa_gtk_data gd; os_memset(&gd, 0, sizeof(gd)); rekey = wpa_sm_get_state(sm) == WPA_COMPLETED; wpa_printf(MSG_DEBUG, "WPA: RX message 1 of Group Key Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver); key_info = WPA_GET_BE16(key->key_info); keydatalen = WPA_GET_BE16(key->key_data_length); if (sm->proto == WPA_PROTO_RSN) { ret = wpa_supplicant_process_1_of_2_rsn(sm, (const u8 *) (key + 1), keydatalen, key_info, &gd); } else { ret = wpa_supplicant_process_1_of_2_wpa(sm, key, keydatalen, key_info, extra_len, ver, &gd); } wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE); if (ret) goto failed; if (wpa_supplicant_install_gtk(sm, &gd, key->key_rsc) || wpa_supplicant_send_2_of_2(sm, key, ver, key_info)) goto failed; if (rekey) { wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Group rekeying " "completed with " MACSTR " [GTK=%s]", MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher)); wpa_sm_cancel_auth_timeout(sm); wpa_sm_set_state(sm, WPA_COMPLETED); } else { wpa_supplicant_key_neg_complete(sm, sm->bssid, key_info & WPA_KEY_INFO_SECURE); } return; failed: wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); }
/** * rsn_preauth_candidate_process - Process PMKSA candidates * @sm: Pointer to WPA state machine data from wpa_sm_init() * * Go through the PMKSA candidates and start pre-authentication if a candidate * without an existing PMKSA cache entry is found. Processed candidates will be * removed from the list. */ void rsn_preauth_candidate_process(struct wpa_sm *sm) { struct rsn_pmksa_candidate *candidate; if (sm->pmksa_candidates == NULL) return; /* TODO: drop priority for old candidate entries */ wpa_msg(sm->ctx->ctx, MSG_DEBUG, "RSN: processing PMKSA candidate " "list"); if (sm->preauth_eapol || sm->proto != WPA_PROTO_RSN || wpa_sm_get_state(sm) != WPA_COMPLETED || (sm->key_mgmt != WPA_KEY_MGMT_IEEE8021X && sm->key_mgmt != WPA_KEY_MGMT_IEEE8021X_SHA256)) { wpa_msg(sm->ctx->ctx, MSG_DEBUG, "RSN: not in suitable state " "for new pre-authentication"); return; /* invalid state for new pre-auth */ } while (sm->pmksa_candidates) { struct rsn_pmksa_cache_entry *p = NULL; candidate = sm->pmksa_candidates; p = pmksa_cache_get(sm->pmksa, candidate->bssid, NULL); if (os_memcmp(sm->bssid, candidate->bssid, ETH_ALEN) != 0 && (p == NULL || p->opportunistic)) { wpa_msg(sm->ctx->ctx, MSG_DEBUG, "RSN: PMKSA " "candidate " MACSTR " selected for pre-authentication", MAC2STR(candidate->bssid)); sm->pmksa_candidates = candidate->next; rsn_preauth_init(sm, candidate->bssid, sm->eap_conf_ctx); os_free(candidate); return; } wpa_msg(sm->ctx->ctx, MSG_DEBUG, "RSN: PMKSA candidate " MACSTR " does not need pre-authentication anymore", MAC2STR(candidate->bssid)); /* Some drivers (e.g., NDIS) expect to get notified about the * PMKIDs again, so report the existing data now. */ if (p) { wpa_sm_add_pmkid(sm, candidate->bssid, p->pmkid); } sm->pmksa_candidates = candidate->next; os_free(candidate); } wpa_msg(sm->ctx->ctx, MSG_DEBUG, "RSN: no more pending PMKSA " "candidates"); }