Lines Matching refs:sm
28 static int eap_sm_calculateTimeout(struct eap_sm *sm, int retransCount,
31 static void eap_sm_parseEapResp(struct eap_sm *sm, const struct wpabuf *resp);
33 static struct wpabuf * eap_sm_buildSuccess(struct eap_sm *sm, u8 id);
34 static struct wpabuf * eap_sm_buildFailure(struct eap_sm *sm, u8 id);
35 static int eap_sm_nextId(struct eap_sm *sm, int id);
36 static void eap_sm_Policy_update(struct eap_sm *sm, const u8 *nak_list,
38 static enum eap_type eap_sm_Policy_getNextMethod(struct eap_sm *sm,
40 static int eap_sm_Policy_getDecision(struct eap_sm *sm);
41 static bool eap_sm_Policy_doPickUp(struct eap_sm *sm, enum eap_type method);
44 static int eap_get_erp_send_reauth_start(struct eap_sm *sm) in eap_get_erp_send_reauth_start() argument
46 if (sm->eapol_cb->get_erp_send_reauth_start) in eap_get_erp_send_reauth_start()
47 return sm->eapol_cb->get_erp_send_reauth_start(sm->eapol_ctx); in eap_get_erp_send_reauth_start()
52 static const char * eap_get_erp_domain(struct eap_sm *sm) in eap_get_erp_domain() argument
54 if (sm->eapol_cb->get_erp_domain) in eap_get_erp_domain()
55 return sm->eapol_cb->get_erp_domain(sm->eapol_ctx); in eap_get_erp_domain()
62 static struct eap_server_erp_key * eap_erp_get_key(struct eap_sm *sm, in eap_erp_get_key() argument
65 if (sm->eapol_cb->erp_get_key) in eap_erp_get_key()
66 return sm->eapol_cb->erp_get_key(sm->eapol_ctx, keyname); in eap_erp_get_key()
71 static int eap_erp_add_key(struct eap_sm *sm, struct eap_server_erp_key *erp) in eap_erp_add_key() argument
73 if (sm->eapol_cb->erp_add_key) in eap_erp_add_key()
74 return sm->eapol_cb->erp_add_key(sm->eapol_ctx, erp); in eap_erp_add_key()
81 static struct wpabuf * eap_sm_buildInitiateReauthStart(struct eap_sm *sm, in eap_sm_buildInitiateReauthStart() argument
89 domain = eap_get_erp_domain(sm); in eap_sm_buildInitiateReauthStart()
158 int eap_user_get(struct eap_sm *sm, const u8 *identity, size_t identity_len, in eap_user_get() argument
163 if (sm == NULL || sm->eapol_cb == NULL || in eap_user_get()
164 sm->eapol_cb->get_eap_user == NULL) in eap_user_get()
167 eap_user_free(sm->user); in eap_user_get()
168 sm->user = NULL; in eap_user_get()
174 if (sm->eapol_cb->get_eap_user(sm->eapol_ctx, identity, in eap_user_get()
180 sm->user = user; in eap_user_get()
181 sm->user_eap_method_index = 0; in eap_user_get()
187 void eap_log_msg(struct eap_sm *sm, const char *fmt, ...) in eap_log_msg() argument
193 if (sm == NULL || sm->eapol_cb == NULL || sm->eapol_cb->log_msg == NULL) in eap_log_msg()
207 sm->eapol_cb->log_msg(sm->eapol_ctx, buf); in eap_log_msg()
216 sm->num_rounds = 0; in SM_STATE()
217 sm->num_rounds_short = 0; in SM_STATE()
225 if (sm->eap_if.eapRestart && !sm->cfg->eap_server && sm->identity) { in SM_STATE()
230 eap_server_clear_identity(sm); in SM_STATE()
233 sm->try_initiate_reauth = false; in SM_STATE()
234 sm->currentId = -1; in SM_STATE()
235 sm->eap_if.eapSuccess = false; in SM_STATE()
236 sm->eap_if.eapFail = false; in SM_STATE()
237 sm->eap_if.eapTimeout = false; in SM_STATE()
238 bin_clear_free(sm->eap_if.eapKeyData, sm->eap_if.eapKeyDataLen); in SM_STATE()
239 sm->eap_if.eapKeyData = NULL; in SM_STATE()
240 sm->eap_if.eapKeyDataLen = 0; in SM_STATE()
241 os_free(sm->eap_if.eapSessionId); in SM_STATE()
242 sm->eap_if.eapSessionId = NULL; in SM_STATE()
243 sm->eap_if.eapSessionIdLen = 0; in SM_STATE()
244 sm->eap_if.eapKeyAvailable = false; in SM_STATE()
245 sm->eap_if.eapRestart = false; in SM_STATE()
252 if (sm->m && sm->eap_method_priv) { in SM_STATE()
253 sm->m->reset(sm, sm->eap_method_priv); in SM_STATE()
254 sm->eap_method_priv = NULL; in SM_STATE()
256 sm->m = NULL; in SM_STATE()
257 sm->user_eap_method_index = 0; in SM_STATE()
259 if (sm->cfg->backend_auth) { in SM_STATE()
260 sm->currentMethod = EAP_TYPE_NONE; in SM_STATE()
262 eap_sm_parseEapResp(sm, sm->eap_if.eapRespData); in SM_STATE()
263 if (sm->rxResp) { in SM_STATE()
264 sm->currentId = sm->respId; in SM_STATE()
267 sm->num_rounds = 0; in SM_STATE()
268 sm->num_rounds_short = 0; in SM_STATE()
269 sm->method_pending = METHOD_PENDING_NONE; in SM_STATE()
271 wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_STARTED in SM_STATE()
272 MACSTR, MAC2STR(sm->peer_addr)); in SM_STATE()
280 if (eap_sm_Policy_doPickUp(sm, sm->respMethod)) { in SM_STATE()
281 sm->currentMethod = sm->respMethod; in SM_STATE()
282 if (sm->m && sm->eap_method_priv) { in SM_STATE()
283 sm->m->reset(sm, sm->eap_method_priv); in SM_STATE()
284 sm->eap_method_priv = NULL; in SM_STATE()
286 sm->m = eap_server_get_eap_method(EAP_VENDOR_IETF, in SM_STATE()
287 sm->currentMethod); in SM_STATE()
288 if (sm->m && sm->m->initPickUp) { in SM_STATE()
289 sm->eap_method_priv = sm->m->initPickUp(sm); in SM_STATE()
290 if (sm->eap_method_priv == NULL) { in SM_STATE()
293 sm->currentMethod); in SM_STATE()
294 sm->m = NULL; in SM_STATE()
295 sm->currentMethod = EAP_TYPE_NONE; in SM_STATE()
298 sm->m = NULL; in SM_STATE()
299 sm->currentMethod = EAP_TYPE_NONE; in SM_STATE()
303 wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_PROPOSED_METHOD in SM_STATE()
304 "method=%u", sm->currentMethod); in SM_STATE()
312 sm->eap_if.retransWhile = eap_sm_calculateTimeout( in SM_STATE()
313 sm, sm->retransCount, sm->eap_if.eapSRTT, sm->eap_if.eapRTTVAR, in SM_STATE()
314 sm->methodTimeout); in SM_STATE()
322 sm->retransCount++; in SM_STATE()
323 if (sm->retransCount <= sm->MaxRetrans && sm->lastReqData) { in SM_STATE()
324 if (eap_copy_buf(&sm->eap_if.eapReqData, sm->lastReqData) == 0) in SM_STATE()
325 sm->eap_if.eapReq = true; in SM_STATE()
328 wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_RETRANSMIT MACSTR, in SM_STATE()
329 MAC2STR(sm->peer_addr)); in SM_STATE()
338 eap_sm_parseEapResp(sm, sm->eap_if.eapRespData); in SM_STATE()
339 sm->num_rounds++; in SM_STATE()
340 if (!sm->eap_if.eapRespData || wpabuf_len(sm->eap_if.eapRespData) < 20) in SM_STATE()
341 sm->num_rounds_short++; in SM_STATE()
343 sm->num_rounds_short = 0; in SM_STATE()
350 sm->eap_if.eapResp = false; in SM_STATE()
351 sm->eap_if.eapNoReq = true; in SM_STATE()
359 sm->retransCount = 0; in SM_STATE()
360 if (sm->eap_if.eapReqData) { in SM_STATE()
361 if (wpabuf_len(sm->eap_if.eapReqData) >= 20) in SM_STATE()
362 sm->num_rounds_short = 0; in SM_STATE()
363 if (eap_copy_buf(&sm->lastReqData, sm->eap_if.eapReqData) == 0) in SM_STATE()
365 sm->eap_if.eapResp = false; in SM_STATE()
366 sm->eap_if.eapReq = true; in SM_STATE()
368 sm->eap_if.eapResp = false; in SM_STATE()
369 sm->eap_if.eapReq = false; in SM_STATE()
373 sm->eap_if.eapResp = false; in SM_STATE()
374 sm->eap_if.eapReq = false; in SM_STATE()
375 sm->eap_if.eapNoReq = true; in SM_STATE()
384 if (!eap_hdr_len_valid(sm->eap_if.eapRespData, 1)) { in SM_STATE()
385 sm->ignore = true; in SM_STATE()
389 if (sm->m->check) { in SM_STATE()
390 sm->ignore = sm->m->check(sm, sm->eap_method_priv, in SM_STATE()
391 sm->eap_if.eapRespData); in SM_STATE()
400 if (sm->m == NULL) { in SM_STATE()
405 sm->currentId = eap_sm_nextId(sm, sm->currentId); in SM_STATE()
407 sm->currentId); in SM_STATE()
408 sm->lastId = sm->currentId; in SM_STATE()
409 wpabuf_free(sm->eap_if.eapReqData); in SM_STATE()
410 sm->eap_if.eapReqData = sm->m->buildReq(sm, sm->eap_method_priv, in SM_STATE()
411 sm->currentId); in SM_STATE()
412 if (sm->m->getTimeout) in SM_STATE()
413 sm->methodTimeout = sm->m->getTimeout(sm, sm->eap_method_priv); in SM_STATE()
415 sm->methodTimeout = 0; in SM_STATE()
419 static void eap_server_erp_init(struct eap_sm *sm) in eap_server_erp_init() argument
431 domain = eap_get_erp_domain(sm); in eap_server_erp_init()
453 emsk = sm->m->get_emsk(sm, sm->eap_method_priv, &emsk_len); in eap_server_erp_init()
463 if (hmac_sha256_kdf(sm->eap_if.eapSessionId, sm->eap_if.eapSessionIdLen, in eap_server_erp_init()
497 if (eap_erp_add_key(sm, erp) == 0) { in eap_server_erp_init()
514 if (!eap_hdr_len_valid(sm->eap_if.eapRespData, 1)) in SM_STATE()
517 sm->m->process(sm, sm->eap_method_priv, sm->eap_if.eapRespData); in SM_STATE()
518 if (sm->m->isDone(sm, sm->eap_method_priv)) { in SM_STATE()
519 eap_sm_Policy_update(sm, NULL, 0); in SM_STATE()
520 bin_clear_free(sm->eap_if.eapKeyData, sm->eap_if.eapKeyDataLen); in SM_STATE()
521 if (sm->m->getKey) { in SM_STATE()
522 sm->eap_if.eapKeyData = sm->m->getKey( in SM_STATE()
523 sm, sm->eap_method_priv, in SM_STATE()
524 &sm->eap_if.eapKeyDataLen); in SM_STATE()
526 sm->eap_if.eapKeyData = NULL; in SM_STATE()
527 sm->eap_if.eapKeyDataLen = 0; in SM_STATE()
529 os_free(sm->eap_if.eapSessionId); in SM_STATE()
530 sm->eap_if.eapSessionId = NULL; in SM_STATE()
531 if (sm->m->getSessionId) { in SM_STATE()
532 sm->eap_if.eapSessionId = sm->m->getSessionId( in SM_STATE()
533 sm, sm->eap_method_priv, in SM_STATE()
534 &sm->eap_if.eapSessionIdLen); in SM_STATE()
536 sm->eap_if.eapSessionId, in SM_STATE()
537 sm->eap_if.eapSessionIdLen); in SM_STATE()
539 if (sm->cfg->erp && sm->m->get_emsk && sm->eap_if.eapSessionId) in SM_STATE()
540 eap_server_erp_init(sm); in SM_STATE()
541 sm->methodState = METHOD_END; in SM_STATE()
543 sm->methodState = METHOD_CONTINUE; in SM_STATE()
555 sm->try_initiate_reauth = false; in SM_STATE()
557 type = eap_sm_Policy_getNextMethod(sm, &vendor); in SM_STATE()
559 sm->currentMethod = type; in SM_STATE()
561 sm->currentMethod = EAP_TYPE_EXPANDED; in SM_STATE()
562 if (sm->m && sm->eap_method_priv) { in SM_STATE()
563 sm->m->reset(sm, sm->eap_method_priv); in SM_STATE()
564 sm->eap_method_priv = NULL; in SM_STATE()
566 sm->m = eap_server_get_eap_method(vendor, type); in SM_STATE()
567 if (sm->m) { in SM_STATE()
568 sm->eap_method_priv = sm->m->init(sm); in SM_STATE()
569 if (sm->eap_method_priv == NULL) { in SM_STATE()
571 "method %d", sm->currentMethod); in SM_STATE()
572 sm->m = NULL; in SM_STATE()
573 sm->currentMethod = EAP_TYPE_NONE; in SM_STATE()
577 if (sm->m == NULL) { in SM_STATE()
579 eap_log_msg(sm, "Could not find suitable EAP method"); in SM_STATE()
580 sm->decision = DECISION_FAILURE; in SM_STATE()
583 if (sm->currentMethod == EAP_TYPE_IDENTITY || in SM_STATE()
584 sm->currentMethod == EAP_TYPE_NOTIFICATION) in SM_STATE()
585 sm->methodState = METHOD_CONTINUE; in SM_STATE()
587 sm->methodState = METHOD_PROPOSED; in SM_STATE()
589 wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_PROPOSED_METHOD in SM_STATE()
590 "vendor=%u method=%u", vendor, sm->currentMethod); in SM_STATE()
591 eap_log_msg(sm, "Propose EAP method vendor=%u method=%u", in SM_STATE()
592 vendor, sm->currentMethod); in SM_STATE()
605 if (sm->eap_method_priv) { in SM_STATE()
606 sm->m->reset(sm, sm->eap_method_priv); in SM_STATE()
607 sm->eap_method_priv = NULL; in SM_STATE()
609 sm->m = NULL; in SM_STATE()
611 if (!eap_hdr_len_valid(sm->eap_if.eapRespData, 1)) in SM_STATE()
614 nak = wpabuf_head(sm->eap_if.eapRespData); in SM_STATE()
615 if (nak && wpabuf_len(sm->eap_if.eapRespData) > sizeof(*nak)) { in SM_STATE()
617 if (len > wpabuf_len(sm->eap_if.eapRespData)) in SM_STATE()
618 len = wpabuf_len(sm->eap_if.eapRespData); in SM_STATE()
627 eap_sm_Policy_update(sm, nak_list, len); in SM_STATE()
635 sm->decision = eap_sm_Policy_getDecision(sm); in SM_STATE()
643 sm->eap_if.eapTimeout = true; in SM_STATE()
645 wpa_msg(sm->cfg->msg_ctx, MSG_INFO, in SM_STATE()
646 WPA_EVENT_EAP_TIMEOUT_FAILURE MACSTR, MAC2STR(sm->peer_addr)); in SM_STATE()
654 wpabuf_free(sm->eap_if.eapReqData); in SM_STATE()
655 sm->eap_if.eapReqData = eap_sm_buildFailure(sm, sm->currentId); in SM_STATE()
656 wpabuf_free(sm->lastReqData); in SM_STATE()
657 sm->lastReqData = NULL; in SM_STATE()
658 sm->eap_if.eapFail = true; in SM_STATE()
660 wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_FAILURE in SM_STATE()
661 MACSTR, MAC2STR(sm->peer_addr)); in SM_STATE()
669 wpabuf_free(sm->eap_if.eapReqData); in SM_STATE()
670 sm->eap_if.eapReqData = eap_sm_buildSuccess(sm, sm->currentId); in SM_STATE()
671 wpabuf_free(sm->lastReqData); in SM_STATE()
672 sm->lastReqData = NULL; in SM_STATE()
673 if (sm->eap_if.eapKeyData) in SM_STATE()
674 sm->eap_if.eapKeyAvailable = true; in SM_STATE()
675 sm->eap_if.eapSuccess = true; in SM_STATE()
677 wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_SUCCESS in SM_STATE()
678 MACSTR, MAC2STR(sm->peer_addr)); in SM_STATE()
686 sm->initiate_reauth_start_sent = true; in SM_STATE()
687 sm->try_initiate_reauth = true; in SM_STATE()
688 sm->currentId = eap_sm_nextId(sm, sm->currentId); in SM_STATE()
691 sm->currentId); in SM_STATE()
692 sm->lastId = sm->currentId; in SM_STATE()
693 wpabuf_free(sm->eap_if.eapReqData); in SM_STATE()
694 sm->eap_if.eapReqData = eap_sm_buildInitiateReauthStart(sm, in SM_STATE()
695 sm->currentId); in SM_STATE()
696 wpabuf_free(sm->lastReqData); in SM_STATE()
697 sm->lastReqData = NULL; in SM_STATE()
703 static void erp_send_finish_reauth(struct eap_sm *sm, in erp_send_finish_reauth() argument
755 sm->lastId = sm->currentId; in erp_send_finish_reauth()
756 sm->currentId = id; in erp_send_finish_reauth()
757 wpabuf_free(sm->eap_if.eapReqData); in erp_send_finish_reauth()
758 sm->eap_if.eapReqData = msg; in erp_send_finish_reauth()
759 wpabuf_free(sm->lastReqData); in erp_send_finish_reauth()
760 sm->lastReqData = NULL; in erp_send_finish_reauth()
763 sm->eap_if.eapFail = true; in erp_send_finish_reauth()
764 wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_FAILURE in erp_send_finish_reauth()
765 MACSTR, MAC2STR(sm->peer_addr)); in erp_send_finish_reauth()
769 bin_clear_free(sm->eap_if.eapKeyData, sm->eap_if.eapKeyDataLen); in erp_send_finish_reauth()
770 sm->eap_if.eapKeyDataLen = 0; in erp_send_finish_reauth()
771 sm->eap_if.eapKeyData = os_malloc(erp->rRK_len); in erp_send_finish_reauth()
772 if (!sm->eap_if.eapKeyData) in erp_send_finish_reauth()
780 sm->eap_if.eapKeyData, erp->rRK_len) < 0) { in erp_send_finish_reauth()
782 bin_clear_free(sm->eap_if.eapKeyData, erp->rRK_len); in erp_send_finish_reauth()
783 sm->eap_if.eapKeyData = NULL; in erp_send_finish_reauth()
786 sm->eap_if.eapKeyDataLen = erp->rRK_len; in erp_send_finish_reauth()
787 sm->eap_if.eapKeyAvailable = true; in erp_send_finish_reauth()
789 sm->eap_if.eapKeyData, sm->eap_if.eapKeyDataLen); in erp_send_finish_reauth()
790 sm->eap_if.eapSuccess = true; in erp_send_finish_reauth()
792 wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_SUCCESS in erp_send_finish_reauth()
793 MACSTR, MAC2STR(sm->peer_addr)); in erp_send_finish_reauth()
814 sm->rxInitiate = false; in SM_STATE()
818 sm->eap_if.eapRespData, &len); in SM_STATE()
823 hdr = wpabuf_head(sm->eap_if.eapRespData); in SM_STATE()
824 ehdr = wpabuf_head(sm->eap_if.eapRespData); in SM_STATE()
864 if (!sm->cfg->eap_server) { in SM_STATE()
873 eap_server_clear_identity(sm); in SM_STATE()
874 sm->identity = (u8 *) dup_binstr(parse.keyname, in SM_STATE()
876 if (!sm->identity) in SM_STATE()
878 sm->identity_len = parse.keyname_len; in SM_STATE()
882 erp = eap_erp_get_key(sm, nai); in SM_STATE()
987 erp_send_finish_reauth(sm, erp, ehdr->identifier, resp_flags, seq, nai); in SM_STATE()
991 sm->ignore = true; in SM_STATE()
1001 wpabuf_free(sm->eap_if.aaaEapRespData); in SM_STATE()
1002 sm->eap_if.aaaEapRespData = NULL; in SM_STATE()
1003 sm->try_initiate_reauth = false; in SM_STATE()
1011 sm->eap_if.retransWhile = eap_sm_calculateTimeout( in SM_STATE()
1012 sm, sm->retransCount, sm->eap_if.eapSRTT, sm->eap_if.eapRTTVAR, in SM_STATE()
1013 sm->methodTimeout); in SM_STATE()
1021 sm->retransCount++; in SM_STATE()
1022 if (sm->retransCount <= sm->MaxRetrans && sm->lastReqData) { in SM_STATE()
1023 if (eap_copy_buf(&sm->eap_if.eapReqData, sm->lastReqData) == 0) in SM_STATE()
1024 sm->eap_if.eapReq = true; in SM_STATE()
1027 wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_RETRANSMIT2 MACSTR, in SM_STATE()
1028 MAC2STR(sm->peer_addr)); in SM_STATE()
1037 eap_sm_parseEapResp(sm, sm->eap_if.eapRespData); in SM_STATE()
1044 sm->eap_if.eapResp = false; in SM_STATE()
1045 sm->eap_if.eapNoReq = true; in SM_STATE()
1053 sm->retransCount = 0; in SM_STATE()
1054 if (sm->eap_if.eapReqData) { in SM_STATE()
1055 if (eap_copy_buf(&sm->lastReqData, sm->eap_if.eapReqData) == 0) in SM_STATE()
1057 sm->eap_if.eapResp = false; in SM_STATE()
1058 sm->eap_if.eapReq = true; in SM_STATE()
1060 sm->eap_if.eapResp = false; in SM_STATE()
1061 sm->eap_if.eapReq = false; in SM_STATE()
1065 sm->eap_if.eapResp = false; in SM_STATE()
1066 sm->eap_if.eapReq = false; in SM_STATE()
1067 sm->eap_if.eapNoReq = true; in SM_STATE()
1076 if (sm->eap_if.eapRespData == NULL) { in SM_STATE()
1088 eap_copy_buf(&sm->eap_if.aaaEapRespData, sm->eap_if.eapRespData); in SM_STATE()
1096 eap_copy_buf(&sm->eap_if.eapReqData, sm->eap_if.aaaEapReqData); in SM_STATE()
1097 sm->currentId = eap_sm_getId(sm->eap_if.eapReqData); in SM_STATE()
1098 sm->methodTimeout = sm->eap_if.aaaMethodTimeout; in SM_STATE()
1106 sm->eap_if.aaaFail = false; in SM_STATE()
1107 sm->eap_if.aaaSuccess = false; in SM_STATE()
1108 sm->eap_if.aaaEapReq = false; in SM_STATE()
1109 sm->eap_if.aaaEapNoReq = false; in SM_STATE()
1110 sm->eap_if.aaaEapResp = true; in SM_STATE()
1118 sm->eap_if.eapTimeout = true; in SM_STATE()
1120 wpa_msg(sm->cfg->msg_ctx, MSG_INFO, in SM_STATE()
1121 WPA_EVENT_EAP_TIMEOUT_FAILURE2 MACSTR, MAC2STR(sm->peer_addr)); in SM_STATE()
1129 eap_copy_buf(&sm->eap_if.eapReqData, sm->eap_if.aaaEapReqData); in SM_STATE()
1130 sm->eap_if.eapFail = true; in SM_STATE()
1132 wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_FAILURE2 MACSTR, in SM_STATE()
1133 MAC2STR(sm->peer_addr)); in SM_STATE()
1141 eap_copy_buf(&sm->eap_if.eapReqData, sm->eap_if.aaaEapReqData); in SM_STATE()
1143 sm->eap_if.eapKeyAvailable = sm->eap_if.aaaEapKeyAvailable; in SM_STATE()
1144 if (sm->eap_if.aaaEapKeyAvailable) { in SM_STATE()
1145 EAP_COPY(&sm->eap_if.eapKeyData, sm->eap_if.aaaEapKeyData); in SM_STATE()
1147 bin_clear_free(sm->eap_if.eapKeyData, sm->eap_if.eapKeyDataLen); in SM_STATE()
1148 sm->eap_if.eapKeyData = NULL; in SM_STATE()
1149 sm->eap_if.eapKeyDataLen = 0; in SM_STATE()
1152 sm->eap_if.eapSuccess = true; in SM_STATE()
1159 sm->start_reauth = true; in SM_STATE()
1161 wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_SUCCESS2 MACSTR, in SM_STATE()
1162 MAC2STR(sm->peer_addr)); in SM_STATE()
1168 if (sm->eap_if.eapRestart && sm->eap_if.portEnabled) in SM_STEP()
1170 else if (!sm->eap_if.portEnabled) in SM_STEP()
1172 else if (sm->num_rounds > sm->cfg->max_auth_rounds) { in SM_STEP()
1173 if (sm->num_rounds == sm->cfg->max_auth_rounds + 1) { in SM_STEP()
1176 sm->cfg->max_auth_rounds); in SM_STEP()
1177 sm->num_rounds++; in SM_STEP()
1180 } else if (sm->num_rounds_short > sm->cfg->max_auth_rounds_short) { in SM_STEP()
1181 if (sm->num_rounds_short == in SM_STEP()
1182 sm->cfg->max_auth_rounds_short + 1) { in SM_STEP()
1185 sm->cfg->max_auth_rounds_short); in SM_STEP()
1186 sm->num_rounds_short++; in SM_STEP()
1189 } else switch (sm->EAP_state) { in SM_STEP()
1191 if (sm->cfg->backend_auth) { in SM_STEP()
1192 if (!sm->rxResp) in SM_STEP()
1194 else if (sm->rxResp && in SM_STEP()
1195 (sm->respMethod == EAP_TYPE_NAK || in SM_STEP()
1196 (sm->respMethod == EAP_TYPE_EXPANDED && in SM_STEP()
1197 sm->respVendor == EAP_VENDOR_IETF && in SM_STEP()
1198 sm->respVendorMethod == EAP_TYPE_NAK))) in SM_STEP()
1207 if (sm->currentMethod == EAP_TYPE_NONE) { in SM_STEP()
1214 if (sm->eap_if.portEnabled) in SM_STEP()
1218 if (sm->eap_if.retransWhile == 0) { in SM_STEP()
1219 if (sm->try_initiate_reauth) { in SM_STEP()
1220 sm->try_initiate_reauth = false; in SM_STEP()
1225 } else if (sm->eap_if.eapResp) in SM_STEP()
1229 if (sm->retransCount > sm->MaxRetrans) in SM_STEP()
1235 if (sm->rxResp && (sm->respId == sm->currentId) && in SM_STEP()
1236 (sm->respMethod == EAP_TYPE_NAK || in SM_STEP()
1237 (sm->respMethod == EAP_TYPE_EXPANDED && in SM_STEP()
1238 sm->respVendor == EAP_VENDOR_IETF && in SM_STEP()
1239 sm->respVendorMethod == EAP_TYPE_NAK)) in SM_STEP()
1240 && (sm->methodState == METHOD_PROPOSED)) in SM_STEP()
1242 else if (sm->rxResp && (sm->respId == sm->currentId) && in SM_STEP()
1243 ((sm->respMethod == sm->currentMethod) || in SM_STEP()
1244 (sm->respMethod == EAP_TYPE_EXPANDED && in SM_STEP()
1245 sm->respVendor == EAP_VENDOR_IETF && in SM_STEP()
1246 sm->respVendorMethod == sm->currentMethod))) in SM_STEP()
1249 else if (sm->rxInitiate) in SM_STEP()
1256 sm->rxResp, sm->respId, sm->currentId, in SM_STEP()
1257 sm->respMethod, sm->currentMethod); in SM_STEP()
1258 eap_log_msg(sm, "Discard received EAP message"); in SM_STEP()
1269 if (sm->ignore) in SM_STEP()
1275 if (sm->m == NULL) { in SM_STEP()
1285 if (sm->eap_if.eapNoReq && !sm->eap_if.eapReq) { in SM_STEP()
1304 if (sm->methodState == METHOD_END) in SM_STEP()
1306 else if (sm->method_pending == METHOD_PENDING_WAIT) { in SM_STEP()
1310 } else if (sm->method_pending == METHOD_PENDING_CONT) { in SM_STEP()
1314 sm->method_pending = METHOD_PENDING_NONE; in SM_STEP()
1326 if (sm->method_pending == METHOD_PENDING_WAIT) { in SM_STEP()
1330 if (sm->user_eap_method_index > 0) in SM_STEP()
1331 sm->user_eap_method_index--; in SM_STEP()
1332 } else if (sm->method_pending == METHOD_PENDING_CONT) { in SM_STEP()
1336 sm->method_pending = METHOD_PENDING_NONE; in SM_STEP()
1345 if (sm->decision == DECISION_FAILURE) in SM_STEP()
1347 else if (sm->decision == DECISION_SUCCESS) in SM_STEP()
1349 else if (sm->decision == DECISION_PASSTHROUGH) in SM_STEP()
1351 else if (sm->decision == DECISION_INITIATE_REAUTH_START) in SM_STEP()
1354 else if (sm->cfg->eap_server && sm->cfg->erp && sm->rxInitiate) in SM_STEP()
1364 if (!sm->cfg->eap_server) in SM_STEP()
1375 if (sm->currentId == -1) in SM_STEP()
1381 if (sm->eap_if.eapResp) in SM_STEP()
1383 else if (sm->eap_if.retransWhile == 0) in SM_STEP()
1387 if (sm->retransCount > sm->MaxRetrans) in SM_STEP()
1393 if (sm->rxResp && (sm->respId == sm->currentId)) in SM_STEP()
1411 if (sm->eap_if.aaaFail) in SM_STEP()
1413 else if (sm->eap_if.aaaSuccess) in SM_STEP()
1415 else if (sm->eap_if.aaaEapReq) in SM_STEP()
1417 else if (sm->eap_if.aaaTimeout) in SM_STEP()
1430 static int eap_sm_calculateTimeout(struct eap_sm *sm, int retransCount, in eap_sm_calculateTimeout() argument
1436 if (sm->try_initiate_reauth) { in eap_sm_calculateTimeout()
1488 static void eap_sm_parseEapResp(struct eap_sm *sm, const struct wpabuf *resp) in eap_sm_parseEapResp() argument
1494 sm->rxResp = false; in eap_sm_parseEapResp()
1495 sm->rxInitiate = false; in eap_sm_parseEapResp()
1496 sm->respId = -1; in eap_sm_parseEapResp()
1497 sm->respMethod = EAP_TYPE_NONE; in eap_sm_parseEapResp()
1498 sm->respVendor = EAP_VENDOR_IETF; in eap_sm_parseEapResp()
1499 sm->respVendorMethod = EAP_TYPE_NONE; in eap_sm_parseEapResp()
1518 sm->respId = hdr->identifier; in eap_sm_parseEapResp()
1521 sm->rxResp = true; in eap_sm_parseEapResp()
1523 sm->rxInitiate = true; in eap_sm_parseEapResp()
1527 sm->respMethod = *pos++; in eap_sm_parseEapResp()
1528 if (sm->respMethod == EAP_TYPE_EXPANDED) { in eap_sm_parseEapResp()
1535 sm->respVendor = WPA_GET_BE24(pos); in eap_sm_parseEapResp()
1537 sm->respVendorMethod = WPA_GET_BE32(pos); in eap_sm_parseEapResp()
1543 sm->rxResp, sm->rxInitiate, sm->respId, sm->respMethod, in eap_sm_parseEapResp()
1544 sm->respVendor, sm->respVendorMethod); in eap_sm_parseEapResp()
1561 static struct wpabuf * eap_sm_buildSuccess(struct eap_sm *sm, u8 id) in eap_sm_buildSuccess() argument
1579 static struct wpabuf * eap_sm_buildFailure(struct eap_sm *sm, u8 id) in eap_sm_buildFailure() argument
1597 static int eap_sm_nextId(struct eap_sm *sm, int id) in eap_sm_nextId() argument
1603 if (id != sm->lastId) in eap_sm_nextId()
1619 void eap_sm_process_nak(struct eap_sm *sm, const u8 *nak_list, size_t len) in eap_sm_process_nak() argument
1624 if (sm->user == NULL) in eap_sm_process_nak()
1628 "index %d)", sm->user_eap_method_index); in eap_sm_process_nak()
1631 (u8 *) sm->user->methods, in eap_sm_process_nak()
1632 EAP_MAX_METHODS * sizeof(sm->user->methods[0])); in eap_sm_process_nak()
1636 i = sm->user_eap_method_index; in eap_sm_process_nak()
1638 (sm->user->methods[i].vendor != EAP_VENDOR_IETF || in eap_sm_process_nak()
1639 sm->user->methods[i].method != EAP_TYPE_NONE)) { in eap_sm_process_nak()
1640 if (sm->user->methods[i].vendor != EAP_VENDOR_IETF) in eap_sm_process_nak()
1643 if (nak_list[j] == sm->user->methods[i].method) { in eap_sm_process_nak()
1657 os_memmove(&sm->user->methods[i], in eap_sm_process_nak()
1658 &sm->user->methods[i + 1], in eap_sm_process_nak()
1660 sizeof(sm->user->methods[0])); in eap_sm_process_nak()
1662 sm->user->methods[EAP_MAX_METHODS - 1].vendor = in eap_sm_process_nak()
1664 sm->user->methods[EAP_MAX_METHODS - 1].method = EAP_TYPE_NONE; in eap_sm_process_nak()
1668 (u8 *) sm->user->methods, EAP_MAX_METHODS * in eap_sm_process_nak()
1669 sizeof(sm->user->methods[0])); in eap_sm_process_nak()
1673 static void eap_sm_Policy_update(struct eap_sm *sm, const u8 *nak_list, in eap_sm_Policy_update() argument
1676 if (nak_list == NULL || sm == NULL || sm->user == NULL) in eap_sm_Policy_update()
1679 if (sm->user->phase2) { in eap_sm_Policy_update()
1682 sm->decision = DECISION_FAILURE; in eap_sm_Policy_update()
1686 eap_sm_process_nak(sm, nak_list, len); in eap_sm_Policy_update()
1690 static enum eap_type eap_sm_Policy_getNextMethod(struct eap_sm *sm, int *vendor) in eap_sm_Policy_getNextMethod() argument
1693 int idx = sm->user_eap_method_index; in eap_sm_Policy_getNextMethod()
1702 if (sm->identity == NULL || sm->currentId == -1) { in eap_sm_Policy_getNextMethod()
1705 sm->update_user = true; in eap_sm_Policy_getNextMethod()
1706 } else if (sm->user && idx < EAP_MAX_METHODS && in eap_sm_Policy_getNextMethod()
1707 (sm->user->methods[idx].vendor != EAP_VENDOR_IETF || in eap_sm_Policy_getNextMethod()
1708 sm->user->methods[idx].method != EAP_TYPE_NONE)) { in eap_sm_Policy_getNextMethod()
1709 *vendor = sm->user->methods[idx].vendor; in eap_sm_Policy_getNextMethod()
1710 next = sm->user->methods[idx].method; in eap_sm_Policy_getNextMethod()
1711 sm->user_eap_method_index++; in eap_sm_Policy_getNextMethod()
1722 static int eap_sm_Policy_getDecision(struct eap_sm *sm) in eap_sm_Policy_getDecision() argument
1724 if (!sm->cfg->eap_server && sm->identity && !sm->start_reauth) { in eap_sm_Policy_getDecision()
1729 if (sm->m && sm->currentMethod != EAP_TYPE_IDENTITY && in eap_sm_Policy_getDecision()
1730 sm->m->isSuccess(sm, sm->eap_method_priv)) { in eap_sm_Policy_getDecision()
1733 sm->update_user = true; in eap_sm_Policy_getDecision()
1737 if (sm->m && sm->m->isDone(sm, sm->eap_method_priv) && in eap_sm_Policy_getDecision()
1738 !sm->m->isSuccess(sm, sm->eap_method_priv)) { in eap_sm_Policy_getDecision()
1741 sm->update_user = true; in eap_sm_Policy_getDecision()
1745 if ((sm->user == NULL || sm->update_user) && sm->identity && in eap_sm_Policy_getDecision()
1746 !sm->start_reauth) { in eap_sm_Policy_getDecision()
1754 if (sm->user && sm->currentMethod == EAP_TYPE_IDENTITY && in eap_sm_Policy_getDecision()
1755 sm->user->methods[0].vendor == EAP_VENDOR_IETF && in eap_sm_Policy_getDecision()
1756 sm->user->methods[0].method == EAP_TYPE_IDENTITY) in eap_sm_Policy_getDecision()
1758 if (eap_user_get(sm, sm->identity, sm->identity_len, 0) != 0) { in eap_sm_Policy_getDecision()
1763 if (id_req && sm->user && in eap_sm_Policy_getDecision()
1764 sm->user->methods[0].vendor == EAP_VENDOR_IETF && in eap_sm_Policy_getDecision()
1765 sm->user->methods[0].method == EAP_TYPE_IDENTITY) { in eap_sm_Policy_getDecision()
1768 sm->update_user = true; in eap_sm_Policy_getDecision()
1771 sm->update_user = false; in eap_sm_Policy_getDecision()
1773 sm->start_reauth = false; in eap_sm_Policy_getDecision()
1775 if (sm->user && sm->user_eap_method_index < EAP_MAX_METHODS && in eap_sm_Policy_getDecision()
1776 (sm->user->methods[sm->user_eap_method_index].vendor != in eap_sm_Policy_getDecision()
1778 sm->user->methods[sm->user_eap_method_index].method != in eap_sm_Policy_getDecision()
1785 if (!sm->identity && eap_get_erp_send_reauth_start(sm) && in eap_sm_Policy_getDecision()
1786 !sm->initiate_reauth_start_sent) { in eap_sm_Policy_getDecision()
1792 if (sm->identity == NULL || sm->currentId == -1) { in eap_sm_Policy_getDecision()
1804 static bool eap_sm_Policy_doPickUp(struct eap_sm *sm, enum eap_type method) in eap_sm_Policy_doPickUp() argument
1819 int eap_server_sm_step(struct eap_sm *sm) in eap_server_sm_step() argument
1823 sm->changed = false; in eap_server_sm_step()
1825 if (sm->changed) in eap_server_sm_step()
1827 } while (sm->changed); in eap_server_sm_step()
1858 struct eap_sm *sm; in eap_server_sm_init() local
1860 sm = os_zalloc(sizeof(*sm)); in eap_server_sm_init()
1861 if (sm == NULL) in eap_server_sm_init()
1863 sm->eapol_ctx = eapol_ctx; in eap_server_sm_init()
1864 sm->eapol_cb = eapol_cb; in eap_server_sm_init()
1865 sm->MaxRetrans = 5; /* RFC 3748: max 3-5 retransmissions suggested */ in eap_server_sm_init()
1866 sm->cfg = conf; in eap_server_sm_init()
1868 sm->assoc_wps_ie = wpabuf_dup(sess->assoc_wps_ie); in eap_server_sm_init()
1870 sm->assoc_p2p_ie = wpabuf_dup(sess->assoc_p2p_ie); in eap_server_sm_init()
1872 os_memcpy(sm->peer_addr, sess->peer_addr, ETH_ALEN); in eap_server_sm_init()
1874 sm->tls_test_flags = sess->tls_test_flags; in eap_server_sm_init()
1879 return sm; in eap_server_sm_init()
1890 void eap_server_sm_deinit(struct eap_sm *sm) in eap_server_sm_deinit() argument
1892 if (sm == NULL) in eap_server_sm_deinit()
1895 if (sm->m && sm->eap_method_priv) in eap_server_sm_deinit()
1896 sm->m->reset(sm, sm->eap_method_priv); in eap_server_sm_deinit()
1897 wpabuf_free(sm->eap_if.eapReqData); in eap_server_sm_deinit()
1898 bin_clear_free(sm->eap_if.eapKeyData, sm->eap_if.eapKeyDataLen); in eap_server_sm_deinit()
1899 os_free(sm->eap_if.eapSessionId); in eap_server_sm_deinit()
1900 wpabuf_free(sm->lastReqData); in eap_server_sm_deinit()
1901 wpabuf_free(sm->eap_if.eapRespData); in eap_server_sm_deinit()
1902 os_free(sm->identity); in eap_server_sm_deinit()
1903 os_free(sm->serial_num); in eap_server_sm_deinit()
1904 wpabuf_free(sm->eap_if.aaaEapReqData); in eap_server_sm_deinit()
1905 wpabuf_free(sm->eap_if.aaaEapRespData); in eap_server_sm_deinit()
1906 bin_clear_free(sm->eap_if.aaaEapKeyData, sm->eap_if.aaaEapKeyDataLen); in eap_server_sm_deinit()
1907 eap_user_free(sm->user); in eap_server_sm_deinit()
1908 wpabuf_free(sm->assoc_wps_ie); in eap_server_sm_deinit()
1909 wpabuf_free(sm->assoc_p2p_ie); in eap_server_sm_deinit()
1910 os_free(sm); in eap_server_sm_deinit()
1921 void eap_sm_notify_cached(struct eap_sm *sm) in eap_sm_notify_cached() argument
1923 if (sm == NULL) in eap_sm_notify_cached()
1926 sm->EAP_state = EAP_SUCCESS; in eap_sm_notify_cached()
1936 void eap_sm_pending_cb(struct eap_sm *sm) in eap_sm_pending_cb() argument
1938 if (sm == NULL) in eap_sm_pending_cb()
1941 if (sm->method_pending == METHOD_PENDING_WAIT) in eap_sm_pending_cb()
1942 sm->method_pending = METHOD_PENDING_CONT; in eap_sm_pending_cb()
1951 int eap_sm_method_pending(struct eap_sm *sm) in eap_sm_method_pending() argument
1953 if (sm == NULL) in eap_sm_method_pending()
1955 return sm->method_pending == METHOD_PENDING_WAIT; in eap_sm_method_pending()
1965 const u8 * eap_get_identity(struct eap_sm *sm, size_t *len) in eap_get_identity() argument
1967 *len = sm->identity_len; in eap_get_identity()
1968 return sm->identity; in eap_get_identity()
1977 const char * eap_get_serial_num(struct eap_sm *sm) in eap_get_serial_num() argument
1979 return sm->serial_num; in eap_get_serial_num()
1988 const char * eap_get_method(struct eap_sm *sm) in eap_get_method() argument
1990 if (!sm || !sm->m) in eap_get_method()
1992 return sm->m->name; in eap_get_method()
2001 const char * eap_get_imsi(struct eap_sm *sm) in eap_get_imsi() argument
2003 if (!sm || sm->imsi[0] == '\0') in eap_get_imsi()
2005 return sm->imsi; in eap_get_imsi()
2009 void eap_erp_update_identity(struct eap_sm *sm, const u8 *eap, size_t len) in eap_erp_update_identity() argument
2035 os_free(sm->identity); in eap_erp_update_identity()
2036 sm->identity = os_malloc(parse.keyname_len); in eap_erp_update_identity()
2037 if (sm->identity) { in eap_erp_update_identity()
2038 os_memcpy(sm->identity, parse.keyname, parse.keyname_len); in eap_erp_update_identity()
2039 sm->identity_len = parse.keyname_len; in eap_erp_update_identity()
2041 sm->identity_len = 0; in eap_erp_update_identity()
2052 struct eap_eapol_interface * eap_get_interface(struct eap_sm *sm) in eap_get_interface() argument
2054 return &sm->eap_if; in eap_get_interface()
2066 void eap_server_clear_identity(struct eap_sm *sm) in eap_server_clear_identity() argument
2068 os_free(sm->identity); in eap_server_clear_identity()
2069 sm->identity = NULL; in eap_server_clear_identity()
2074 void eap_server_mschap_rx_callback(struct eap_sm *sm, const char *source, in eap_server_mschap_rx_callback() argument