1 /*
2 * hostapd / EAP Full Authenticator state machine (RFC 4137)
3 * Copyright (c) 2004-2014, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 *
8 * This state machine is based on the full authenticator state machine defined
9 * in RFC 4137. However, to support backend authentication in RADIUS
10 * authentication server functionality, parts of backend authenticator (also
11 * from RFC 4137) are mixed in. This functionality is enabled by setting
12 * backend_auth configuration variable to true.
13 */
14
15 #include "includes.h"
16
17 #include "common.h"
18 #include "crypto/sha256.h"
19 #include "eap_i.h"
20 #include "state_machine.h"
21 #include "common/wpa_ctrl.h"
22
23 #define STATE_MACHINE_DATA struct eap_sm
24 #define STATE_MACHINE_DEBUG_PREFIX "EAP"
25
26 /* EAP state machines are described in RFC 4137 */
27
28 static int eap_sm_calculateTimeout(struct eap_sm *sm, int retransCount,
29 int eapSRTT, int eapRTTVAR,
30 int methodTimeout);
31 static void eap_sm_parseEapResp(struct eap_sm *sm, const struct wpabuf *resp);
32 #ifndef ESP_SUPPLICANT
33 static int eap_sm_getId(const struct wpabuf *data);
34 #endif
35 static struct wpabuf * eap_sm_buildSuccess(struct eap_sm *sm, u8 id);
36 static struct wpabuf * eap_sm_buildFailure(struct eap_sm *sm, u8 id);
37 static int eap_sm_nextId(struct eap_sm *sm, int id);
38 static void eap_sm_Policy_update(struct eap_sm *sm, const u8 *nak_list,
39 size_t len);
40 static enum eap_type eap_sm_Policy_getNextMethod(struct eap_sm *sm,
41 int *vendor);
42 static int eap_sm_Policy_getDecision(struct eap_sm *sm);
43 static bool eap_sm_Policy_doPickUp(struct eap_sm *sm, enum eap_type method);
44
45
eap_get_erp_send_reauth_start(struct eap_sm * sm)46 static int eap_get_erp_send_reauth_start(struct eap_sm *sm)
47 {
48 return 0;
49 }
50
51
eap_get_erp_domain(struct eap_sm * sm)52 static const char * eap_get_erp_domain(struct eap_sm *sm)
53 {
54 if (sm->eapol_cb->get_erp_domain)
55 return sm->eapol_cb->get_erp_domain(sm->eapol_ctx);
56 return NULL;
57 }
58
59
60 #ifdef CONFIG_ERP
61
eap_erp_get_key(struct eap_sm * sm,const char * keyname)62 static struct eap_server_erp_key * eap_erp_get_key(struct eap_sm *sm,
63 const char *keyname)
64 {
65 if (sm->eapol_cb->erp_get_key)
66 return sm->eapol_cb->erp_get_key(sm->eapol_ctx, keyname);
67 return NULL;
68 }
69
70
eap_erp_add_key(struct eap_sm * sm,struct eap_server_erp_key * erp)71 static int eap_erp_add_key(struct eap_sm *sm, struct eap_server_erp_key *erp)
72 {
73 if (sm->eapol_cb->erp_add_key)
74 return sm->eapol_cb->erp_add_key(sm->eapol_ctx, erp);
75 return -1;
76 }
77
78 #endif /* CONFIG_ERP */
79
80
eap_sm_buildInitiateReauthStart(struct eap_sm * sm,u8 id)81 static struct wpabuf * eap_sm_buildInitiateReauthStart(struct eap_sm *sm,
82 u8 id)
83 {
84 const char *domain;
85 size_t plen = 1;
86 struct wpabuf *msg;
87 size_t domain_len = 0;
88
89 domain = eap_get_erp_domain(sm);
90 if (domain) {
91 domain_len = os_strlen(domain);
92 plen += 2 + domain_len;
93 }
94
95 msg = eap_msg_alloc(EAP_VENDOR_IETF,
96 (enum eap_type) EAP_ERP_TYPE_REAUTH_START, plen,
97 EAP_CODE_INITIATE, id);
98 if (msg == NULL)
99 return NULL;
100 wpabuf_put_u8(msg, 0); /* Reserved */
101 if (domain) {
102 /* Domain name TLV */
103 wpabuf_put_u8(msg, EAP_ERP_TLV_DOMAIN_NAME);
104 wpabuf_put_u8(msg, domain_len);
105 wpabuf_put_data(msg, domain, domain_len);
106 }
107
108 return msg;
109 }
110
111
eap_copy_buf(struct wpabuf ** dst,const struct wpabuf * src)112 static int eap_copy_buf(struct wpabuf **dst, const struct wpabuf *src)
113 {
114 if (src == NULL)
115 return -1;
116
117 wpabuf_free(*dst);
118 *dst = wpabuf_dup(src);
119 return *dst ? 0 : -1;
120 }
121
122
123 #ifndef ESP_SUPPLICANT
eap_copy_data(u8 ** dst,size_t * dst_len,const u8 * src,size_t src_len)124 static int eap_copy_data(u8 **dst, size_t *dst_len,
125 const u8 *src, size_t src_len)
126 {
127 if (src == NULL)
128 return -1;
129
130 os_free(*dst);
131 *dst = os_malloc(src_len);
132 if (*dst) {
133 os_memcpy(*dst, src, src_len);
134 *dst_len = src_len;
135 return 0;
136 } else {
137 *dst_len = 0;
138 return -1;
139 }
140 }
141 #endif
142
143 #define EAP_COPY(dst, src) \
144 eap_copy_data((dst), (dst ## Len), (src), (src ## Len))
145
146
147 /**
148 * eap_user_get - Fetch user information from the database
149 * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
150 * @identity: Identity (User-Name) of the user
151 * @identity_len: Length of identity in bytes
152 * @phase2: 0 = EAP phase1 user, 1 = EAP phase2 (tunneled) user
153 * Returns: 0 on success, or -1 on failure
154 *
155 * This function is used to fetch user information for EAP. The user will be
156 * selected based on the specified identity. sm->user and
157 * sm->user_eap_method_index are updated for the new user when a matching user
158 * is found. sm->user can be used to get user information (e.g., password).
159 */
eap_user_get(struct eap_sm * sm,const u8 * identity,size_t identity_len,int phase2)160 int eap_user_get(struct eap_sm *sm, const u8 *identity, size_t identity_len,
161 int phase2)
162 {
163 struct eap_user *user;
164
165 if (sm == NULL || sm->eapol_cb == NULL ||
166 sm->eapol_cb->get_eap_user == NULL)
167 return -1;
168
169 eap_user_free(sm->user);
170 sm->user = NULL;
171
172 user = os_zalloc(sizeof(*user));
173 if (user == NULL)
174 return -1;
175
176 if (sm->eapol_cb->get_eap_user(sm->eapol_ctx, identity,
177 identity_len, phase2, user) != 0) {
178 eap_user_free(user);
179 return -1;
180 }
181
182 sm->user = user;
183 sm->user_eap_method_index = 0;
184
185 return 0;
186 }
187
188
eap_log_msg(struct eap_sm * sm,const char * fmt,...)189 void eap_log_msg(struct eap_sm *sm, const char *fmt, ...)
190 {
191 va_list ap;
192 char *buf;
193 int buflen;
194
195 if (sm == NULL || sm->eapol_cb == NULL || sm->eapol_cb->log_msg == NULL)
196 return;
197
198 va_start(ap, fmt);
199 buflen = vsnprintf(NULL, 0, fmt, ap) + 1;
200 va_end(ap);
201
202 buf = os_malloc(buflen);
203 if (buf == NULL)
204 return;
205 va_start(ap, fmt);
206 vsnprintf(buf, buflen, fmt, ap);
207 va_end(ap);
208
209 sm->eapol_cb->log_msg(sm->eapol_ctx, buf);
210
211 os_free(buf);
212 }
213
214
SM_STATE(EAP,DISABLED)215 SM_STATE(EAP, DISABLED)
216 {
217 SM_ENTRY(EAP, DISABLED);
218 sm->num_rounds = 0;
219 sm->num_rounds_short = 0;
220 }
221
222
SM_STATE(EAP,INITIALIZE)223 SM_STATE(EAP, INITIALIZE)
224 {
225 SM_ENTRY(EAP, INITIALIZE);
226
227 if (sm->eap_if.eapRestart && !sm->cfg->eap_server && sm->identity) {
228 /*
229 * Need to allow internal Identity method to be used instead
230 * of passthrough at the beginning of reauthentication.
231 */
232 eap_server_clear_identity(sm);
233 }
234
235 sm->try_initiate_reauth = false;
236 sm->currentId = -1;
237 sm->eap_if.eapSuccess = false;
238 sm->eap_if.eapFail = false;
239 sm->eap_if.eapTimeout = false;
240 bin_clear_free(sm->eap_if.eapKeyData, sm->eap_if.eapKeyDataLen);
241 sm->eap_if.eapKeyData = NULL;
242 sm->eap_if.eapKeyDataLen = 0;
243 os_free(sm->eap_if.eapSessionId);
244 sm->eap_if.eapSessionId = NULL;
245 sm->eap_if.eapSessionIdLen = 0;
246 sm->eap_if.eapKeyAvailable = false;
247 sm->eap_if.eapRestart = false;
248
249 /*
250 * This is not defined in RFC 4137, but method state needs to be
251 * reseted here so that it does not remain in success state when
252 * re-authentication starts.
253 */
254 if (sm->m && sm->eap_method_priv) {
255 sm->m->reset(sm, sm->eap_method_priv);
256 sm->eap_method_priv = NULL;
257 }
258 sm->m = NULL;
259 sm->user_eap_method_index = 0;
260
261 if (sm->cfg->backend_auth) {
262 sm->currentMethod = EAP_TYPE_NONE;
263 /* parse rxResp, respId, respMethod */
264 eap_sm_parseEapResp(sm, sm->eap_if.eapRespData);
265 if (sm->rxResp) {
266 sm->currentId = sm->respId;
267 }
268 }
269 sm->num_rounds = 0;
270 sm->num_rounds_short = 0;
271 sm->method_pending = METHOD_PENDING_NONE;
272
273 wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_STARTED
274 MACSTR, MAC2STR(sm->peer_addr));
275 }
276
277
SM_STATE(EAP,PICK_UP_METHOD)278 SM_STATE(EAP, PICK_UP_METHOD)
279 {
280 SM_ENTRY(EAP, PICK_UP_METHOD);
281
282 if (eap_sm_Policy_doPickUp(sm, sm->respMethod)) {
283 sm->currentMethod = sm->respMethod;
284 if (sm->m && sm->eap_method_priv) {
285 sm->m->reset(sm, sm->eap_method_priv);
286 sm->eap_method_priv = NULL;
287 }
288 sm->m = eap_server_get_eap_method(EAP_VENDOR_IETF,
289 sm->currentMethod);
290 if (sm->m && sm->m->initPickUp) {
291 sm->eap_method_priv = sm->m->initPickUp(sm);
292 if (sm->eap_method_priv == NULL) {
293 wpa_printf(MSG_DEBUG, "EAP: Failed to "
294 "initialize EAP method %d",
295 sm->currentMethod);
296 sm->m = NULL;
297 sm->currentMethod = EAP_TYPE_NONE;
298 }
299 } else {
300 sm->m = NULL;
301 sm->currentMethod = EAP_TYPE_NONE;
302 }
303 }
304
305 wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_PROPOSED_METHOD
306 "method=%u", sm->currentMethod);
307 }
308
309
SM_STATE(EAP,IDLE)310 SM_STATE(EAP, IDLE)
311 {
312 SM_ENTRY(EAP, IDLE);
313
314 sm->eap_if.retransWhile = eap_sm_calculateTimeout(
315 sm, sm->retransCount, sm->eap_if.eapSRTT, sm->eap_if.eapRTTVAR,
316 sm->methodTimeout);
317 }
318
319
SM_STATE(EAP,RETRANSMIT)320 SM_STATE(EAP, RETRANSMIT)
321 {
322 SM_ENTRY(EAP, RETRANSMIT);
323
324 sm->retransCount++;
325 if (sm->retransCount <= sm->MaxRetrans && sm->lastReqData) {
326 if (eap_copy_buf(&sm->eap_if.eapReqData, sm->lastReqData) == 0)
327 sm->eap_if.eapReq = true;
328 }
329
330 wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_RETRANSMIT MACSTR,
331 MAC2STR(sm->peer_addr));
332 }
333
334
SM_STATE(EAP,RECEIVED)335 SM_STATE(EAP, RECEIVED)
336 {
337 SM_ENTRY(EAP, RECEIVED);
338
339 /* parse rxResp, respId, respMethod */
340 eap_sm_parseEapResp(sm, sm->eap_if.eapRespData);
341 sm->num_rounds++;
342 if (!sm->eap_if.eapRespData || wpabuf_len(sm->eap_if.eapRespData) < 20)
343 sm->num_rounds_short++;
344 else
345 sm->num_rounds_short = 0;
346 }
347
348
SM_STATE(EAP,DISCARD)349 SM_STATE(EAP, DISCARD)
350 {
351 SM_ENTRY(EAP, DISCARD);
352 sm->eap_if.eapResp = false;
353 sm->eap_if.eapNoReq = true;
354 }
355
356
SM_STATE(EAP,SEND_REQUEST)357 SM_STATE(EAP, SEND_REQUEST)
358 {
359 SM_ENTRY(EAP, SEND_REQUEST);
360
361 sm->retransCount = 0;
362 if (sm->eap_if.eapReqData) {
363 if (wpabuf_len(sm->eap_if.eapReqData) >= 20)
364 sm->num_rounds_short = 0;
365 if (eap_copy_buf(&sm->lastReqData, sm->eap_if.eapReqData) == 0)
366 {
367 sm->eap_if.eapResp = false;
368 sm->eap_if.eapReq = true;
369 } else {
370 sm->eap_if.eapResp = false;
371 sm->eap_if.eapReq = false;
372 }
373 } else {
374 wpa_printf(MSG_INFO, "EAP: SEND_REQUEST - no eapReqData");
375 sm->eap_if.eapResp = false;
376 sm->eap_if.eapReq = false;
377 sm->eap_if.eapNoReq = true;
378 }
379 }
380
381
SM_STATE(EAP,INTEGRITY_CHECK)382 SM_STATE(EAP, INTEGRITY_CHECK)
383 {
384 SM_ENTRY(EAP, INTEGRITY_CHECK);
385
386 if (!eap_hdr_len_valid(sm->eap_if.eapRespData, 1)) {
387 sm->ignore = true;
388 return;
389 }
390
391 if (sm->m->check) {
392 sm->ignore = sm->m->check(sm, sm->eap_method_priv,
393 sm->eap_if.eapRespData);
394 }
395 }
396
397
SM_STATE(EAP,METHOD_REQUEST)398 SM_STATE(EAP, METHOD_REQUEST)
399 {
400 SM_ENTRY(EAP, METHOD_REQUEST);
401
402 if (sm->m == NULL) {
403 wpa_printf(MSG_DEBUG, "EAP: method not initialized");
404 return;
405 }
406
407 sm->currentId = eap_sm_nextId(sm, sm->currentId);
408 wpa_printf(MSG_DEBUG, "EAP: building EAP-Request: Identifier %d",
409 sm->currentId);
410 sm->lastId = sm->currentId;
411 wpabuf_free(sm->eap_if.eapReqData);
412 sm->eap_if.eapReqData = sm->m->buildReq(sm, sm->eap_method_priv,
413 sm->currentId);
414 if (sm->m->getTimeout)
415 sm->methodTimeout = sm->m->getTimeout(sm, sm->eap_method_priv);
416 else
417 sm->methodTimeout = 0;
418 }
419
420
eap_server_erp_init(struct eap_sm * sm)421 static void eap_server_erp_init(struct eap_sm *sm)
422 {
423 #ifdef CONFIG_ERP
424 u8 *emsk = NULL;
425 size_t emsk_len = 0;
426 u8 EMSKname[EAP_EMSK_NAME_LEN];
427 u8 len[2], ctx[3];
428 const char *domain;
429 size_t domain_len, nai_buf_len;
430 struct eap_server_erp_key *erp = NULL;
431 int pos;
432
433 domain = eap_get_erp_domain(sm);
434 if (!domain)
435 return;
436
437 domain_len = os_strlen(domain);
438
439 nai_buf_len = 2 * EAP_EMSK_NAME_LEN + 1 + domain_len;
440 if (nai_buf_len > 253) {
441 /*
442 * keyName-NAI has a maximum length of 253 octet to fit in
443 * RADIUS attributes.
444 */
445 wpa_printf(MSG_DEBUG,
446 "EAP: Too long realm for ERP keyName-NAI maximum length");
447 return;
448 }
449 nai_buf_len++; /* null termination */
450 erp = os_zalloc(sizeof(*erp) + nai_buf_len);
451 if (erp == NULL)
452 goto fail;
453 erp->recv_seq = (u32) -1;
454
455 emsk = sm->m->get_emsk(sm, sm->eap_method_priv, &emsk_len);
456 if (!emsk || emsk_len == 0 || emsk_len > ERP_MAX_KEY_LEN) {
457 wpa_printf(MSG_DEBUG,
458 "EAP: No suitable EMSK available for ERP");
459 goto fail;
460 }
461
462 wpa_hexdump_key(MSG_DEBUG, "EAP: EMSK", emsk, emsk_len);
463
464 WPA_PUT_BE16(len, EAP_EMSK_NAME_LEN);
465 if (hmac_sha256_kdf(sm->eap_if.eapSessionId, sm->eap_if.eapSessionIdLen,
466 "EMSK", len, sizeof(len),
467 EMSKname, EAP_EMSK_NAME_LEN) < 0) {
468 wpa_printf(MSG_DEBUG, "EAP: Could not derive EMSKname");
469 goto fail;
470 }
471 wpa_hexdump(MSG_DEBUG, "EAP: EMSKname", EMSKname, EAP_EMSK_NAME_LEN);
472
473 pos = wpa_snprintf_hex(erp->keyname_nai, nai_buf_len,
474 EMSKname, EAP_EMSK_NAME_LEN);
475 erp->keyname_nai[pos] = '@';
476 os_memcpy(&erp->keyname_nai[pos + 1], domain, domain_len);
477
478 WPA_PUT_BE16(len, emsk_len);
479 if (hmac_sha256_kdf(emsk, emsk_len,
480 "EAP Re-authentication Root Key@ietf.org",
481 len, sizeof(len), erp->rRK, emsk_len) < 0) {
482 wpa_printf(MSG_DEBUG, "EAP: Could not derive rRK for ERP");
483 goto fail;
484 }
485 erp->rRK_len = emsk_len;
486 wpa_hexdump_key(MSG_DEBUG, "EAP: ERP rRK", erp->rRK, erp->rRK_len);
487
488 ctx[0] = EAP_ERP_CS_HMAC_SHA256_128;
489 WPA_PUT_BE16(&ctx[1], erp->rRK_len);
490 if (hmac_sha256_kdf(erp->rRK, erp->rRK_len,
491 "Re-authentication Integrity Key@ietf.org",
492 ctx, sizeof(ctx), erp->rIK, erp->rRK_len) < 0) {
493 wpa_printf(MSG_DEBUG, "EAP: Could not derive rIK for ERP");
494 goto fail;
495 }
496 erp->rIK_len = erp->rRK_len;
497 wpa_hexdump_key(MSG_DEBUG, "EAP: ERP rIK", erp->rIK, erp->rIK_len);
498
499 if (eap_erp_add_key(sm, erp) == 0) {
500 wpa_printf(MSG_DEBUG, "EAP: Stored ERP keys %s",
501 erp->keyname_nai);
502 erp = NULL;
503 }
504
505 fail:
506 bin_clear_free(emsk, emsk_len);
507 bin_clear_free(erp, sizeof(*erp));
508 #endif /* CONFIG_ERP */
509 }
510
511
SM_STATE(EAP,METHOD_RESPONSE)512 SM_STATE(EAP, METHOD_RESPONSE)
513 {
514 SM_ENTRY(EAP, METHOD_RESPONSE);
515
516 if (!eap_hdr_len_valid(sm->eap_if.eapRespData, 1))
517 return;
518
519 sm->m->process(sm, sm->eap_method_priv, sm->eap_if.eapRespData);
520 if (sm->m->isDone(sm, sm->eap_method_priv)) {
521 eap_sm_Policy_update(sm, NULL, 0);
522 bin_clear_free(sm->eap_if.eapKeyData, sm->eap_if.eapKeyDataLen);
523 if (sm->m->getKey) {
524 sm->eap_if.eapKeyData = sm->m->getKey(
525 sm, sm->eap_method_priv,
526 &sm->eap_if.eapKeyDataLen);
527 } else {
528 sm->eap_if.eapKeyData = NULL;
529 sm->eap_if.eapKeyDataLen = 0;
530 }
531 os_free(sm->eap_if.eapSessionId);
532 sm->eap_if.eapSessionId = NULL;
533 if (sm->m->getSessionId) {
534 sm->eap_if.eapSessionId = sm->m->getSessionId(
535 sm, sm->eap_method_priv,
536 &sm->eap_if.eapSessionIdLen);
537 wpa_hexdump(MSG_DEBUG, "EAP: Session-Id",
538 sm->eap_if.eapSessionId,
539 sm->eap_if.eapSessionIdLen);
540 }
541 if (sm->cfg->erp && sm->m->get_emsk && sm->eap_if.eapSessionId)
542 eap_server_erp_init(sm);
543 sm->methodState = METHOD_END;
544 } else {
545 sm->methodState = METHOD_CONTINUE;
546 }
547 }
548
549
SM_STATE(EAP,PROPOSE_METHOD)550 SM_STATE(EAP, PROPOSE_METHOD)
551 {
552 int vendor;
553 enum eap_type type;
554
555 SM_ENTRY(EAP, PROPOSE_METHOD);
556
557 sm->try_initiate_reauth = false;
558 try_another_method:
559 type = eap_sm_Policy_getNextMethod(sm, &vendor);
560 if (vendor == EAP_VENDOR_IETF)
561 sm->currentMethod = type;
562 else
563 sm->currentMethod = EAP_TYPE_EXPANDED;
564 if (sm->m && sm->eap_method_priv) {
565 sm->m->reset(sm, sm->eap_method_priv);
566 sm->eap_method_priv = NULL;
567 }
568 sm->m = eap_server_get_eap_method(vendor, type);
569 if (sm->m) {
570 sm->eap_method_priv = sm->m->init(sm);
571 if (sm->eap_method_priv == NULL) {
572 wpa_printf(MSG_DEBUG, "EAP: Failed to initialize EAP "
573 "method %d", sm->currentMethod);
574 sm->m = NULL;
575 sm->currentMethod = EAP_TYPE_NONE;
576 goto try_another_method;
577 }
578 }
579 if (sm->m == NULL) {
580 wpa_printf(MSG_DEBUG, "EAP: Could not find suitable EAP method");
581 eap_log_msg(sm, "Could not find suitable EAP method");
582 sm->decision = DECISION_FAILURE;
583 return;
584 }
585 if (sm->currentMethod == EAP_TYPE_IDENTITY ||
586 sm->currentMethod == EAP_TYPE_NOTIFICATION)
587 sm->methodState = METHOD_CONTINUE;
588 else
589 sm->methodState = METHOD_PROPOSED;
590
591 wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_PROPOSED_METHOD
592 "vendor=%u method=%u", vendor, sm->currentMethod);
593 eap_log_msg(sm, "Propose EAP method vendor=%u method=%u",
594 vendor, sm->currentMethod);
595 }
596
597
SM_STATE(EAP,NAK)598 SM_STATE(EAP, NAK)
599 {
600 const struct eap_hdr *nak;
601 size_t len = 0;
602 const u8 *pos;
603 const u8 *nak_list = NULL;
604
605 SM_ENTRY(EAP, NAK);
606
607 if (sm->eap_method_priv) {
608 sm->m->reset(sm, sm->eap_method_priv);
609 sm->eap_method_priv = NULL;
610 }
611 sm->m = NULL;
612
613 if (!eap_hdr_len_valid(sm->eap_if.eapRespData, 1))
614 return;
615
616 nak = wpabuf_head(sm->eap_if.eapRespData);
617 if (nak && wpabuf_len(sm->eap_if.eapRespData) > sizeof(*nak)) {
618 len = be_to_host16(nak->length);
619 if (len > wpabuf_len(sm->eap_if.eapRespData))
620 len = wpabuf_len(sm->eap_if.eapRespData);
621 pos = (const u8 *) (nak + 1);
622 len -= sizeof(*nak);
623 if (*pos == EAP_TYPE_NAK) {
624 pos++;
625 len--;
626 nak_list = pos;
627 }
628 }
629 eap_sm_Policy_update(sm, nak_list, len);
630 }
631
632
SM_STATE(EAP,SELECT_ACTION)633 SM_STATE(EAP, SELECT_ACTION)
634 {
635 SM_ENTRY(EAP, SELECT_ACTION);
636
637 sm->decision = eap_sm_Policy_getDecision(sm);
638 }
639
640
SM_STATE(EAP,TIMEOUT_FAILURE)641 SM_STATE(EAP, TIMEOUT_FAILURE)
642 {
643 SM_ENTRY(EAP, TIMEOUT_FAILURE);
644
645 sm->eap_if.eapTimeout = true;
646
647 wpa_msg(sm->cfg->msg_ctx, MSG_INFO,
648 WPA_EVENT_EAP_TIMEOUT_FAILURE MACSTR, MAC2STR(sm->peer_addr));
649 }
650
651
SM_STATE(EAP,FAILURE)652 SM_STATE(EAP, FAILURE)
653 {
654 SM_ENTRY(EAP, FAILURE);
655
656 wpabuf_free(sm->eap_if.eapReqData);
657 sm->eap_if.eapReqData = eap_sm_buildFailure(sm, sm->currentId);
658 wpabuf_free(sm->lastReqData);
659 sm->lastReqData = NULL;
660 sm->eap_if.eapFail = true;
661
662 wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_FAILURE
663 MACSTR, MAC2STR(sm->peer_addr));
664 }
665
666
SM_STATE(EAP,SUCCESS)667 SM_STATE(EAP, SUCCESS)
668 {
669 SM_ENTRY(EAP, SUCCESS);
670
671 wpabuf_free(sm->eap_if.eapReqData);
672 sm->eap_if.eapReqData = eap_sm_buildSuccess(sm, sm->currentId);
673 wpabuf_free(sm->lastReqData);
674 sm->lastReqData = NULL;
675 if (sm->eap_if.eapKeyData)
676 sm->eap_if.eapKeyAvailable = true;
677 sm->eap_if.eapSuccess = true;
678
679 wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_SUCCESS
680 MACSTR, MAC2STR(sm->peer_addr));
681 }
682
683
SM_STATE(EAP,INITIATE_REAUTH_START)684 SM_STATE(EAP, INITIATE_REAUTH_START)
685 {
686 SM_ENTRY(EAP, INITIATE_REAUTH_START);
687
688 sm->initiate_reauth_start_sent = true;
689 sm->try_initiate_reauth = true;
690 sm->currentId = eap_sm_nextId(sm, sm->currentId);
691 wpa_printf(MSG_DEBUG,
692 "EAP: building EAP-Initiate-Re-auth-Start: Identifier %d",
693 sm->currentId);
694 sm->lastId = sm->currentId;
695 wpabuf_free(sm->eap_if.eapReqData);
696 sm->eap_if.eapReqData = eap_sm_buildInitiateReauthStart(sm,
697 sm->currentId);
698 wpabuf_free(sm->lastReqData);
699 sm->lastReqData = NULL;
700 }
701
702
703 #ifdef CONFIG_ERP
704
erp_send_finish_reauth(struct eap_sm * sm,struct eap_server_erp_key * erp,u8 id,u8 flags,u16 seq,const char * nai)705 static void erp_send_finish_reauth(struct eap_sm *sm,
706 struct eap_server_erp_key *erp, u8 id,
707 u8 flags, u16 seq, const char *nai)
708 {
709 size_t plen;
710 struct wpabuf *msg;
711 u8 hash[SHA256_MAC_LEN];
712 size_t hash_len;
713 u8 seed[4];
714
715 if (erp) {
716 switch (erp->cryptosuite) {
717 case EAP_ERP_CS_HMAC_SHA256_256:
718 hash_len = 32;
719 break;
720 case EAP_ERP_CS_HMAC_SHA256_128:
721 hash_len = 16;
722 break;
723 default:
724 return;
725 }
726 } else
727 hash_len = 0;
728
729 plen = 1 + 2 + 2 + os_strlen(nai);
730 if (hash_len)
731 plen += 1 + hash_len;
732 msg = eap_msg_alloc(EAP_VENDOR_IETF,
733 (enum eap_type) EAP_ERP_TYPE_REAUTH,
734 plen, EAP_CODE_FINISH, id);
735 if (msg == NULL)
736 return;
737 wpabuf_put_u8(msg, flags);
738 wpabuf_put_be16(msg, seq);
739
740 wpabuf_put_u8(msg, EAP_ERP_TLV_KEYNAME_NAI);
741 wpabuf_put_u8(msg, os_strlen(nai));
742 wpabuf_put_str(msg, nai);
743
744 if (erp) {
745 wpabuf_put_u8(msg, erp->cryptosuite);
746 if (hmac_sha256(erp->rIK, erp->rIK_len,
747 wpabuf_head(msg), wpabuf_len(msg), hash) < 0) {
748 wpabuf_free(msg);
749 return;
750 }
751 wpabuf_put_data(msg, hash, hash_len);
752 }
753
754 wpa_printf(MSG_DEBUG, "EAP: Send EAP-Finish/Re-auth (%s)",
755 flags & 0x80 ? "failure" : "success");
756
757 sm->lastId = sm->currentId;
758 sm->currentId = id;
759 wpabuf_free(sm->eap_if.eapReqData);
760 sm->eap_if.eapReqData = msg;
761 wpabuf_free(sm->lastReqData);
762 sm->lastReqData = NULL;
763
764 if ((flags & 0x80) || !erp) {
765 sm->eap_if.eapFail = true;
766 wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_FAILURE
767 MACSTR, MAC2STR(sm->peer_addr));
768 return;
769 }
770
771 bin_clear_free(sm->eap_if.eapKeyData, sm->eap_if.eapKeyDataLen);
772 sm->eap_if.eapKeyDataLen = 0;
773 sm->eap_if.eapKeyData = os_malloc(erp->rRK_len);
774 if (!sm->eap_if.eapKeyData)
775 return;
776
777 WPA_PUT_BE16(seed, seq);
778 WPA_PUT_BE16(&seed[2], erp->rRK_len);
779 if (hmac_sha256_kdf(erp->rRK, erp->rRK_len,
780 "Re-authentication Master Session Key@ietf.org",
781 seed, sizeof(seed),
782 sm->eap_if.eapKeyData, erp->rRK_len) < 0) {
783 wpa_printf(MSG_DEBUG, "EAP: Could not derive rMSK for ERP");
784 bin_clear_free(sm->eap_if.eapKeyData, erp->rRK_len);
785 sm->eap_if.eapKeyData = NULL;
786 return;
787 }
788 sm->eap_if.eapKeyDataLen = erp->rRK_len;
789 sm->eap_if.eapKeyAvailable = true;
790 wpa_hexdump_key(MSG_DEBUG, "EAP: ERP rMSK",
791 sm->eap_if.eapKeyData, sm->eap_if.eapKeyDataLen);
792 sm->eap_if.eapSuccess = true;
793
794 wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_SUCCESS
795 MACSTR, MAC2STR(sm->peer_addr));
796 }
797
798
SM_STATE(EAP,INITIATE_RECEIVED)799 SM_STATE(EAP, INITIATE_RECEIVED)
800 {
801 const u8 *pos, *end, *start, *tlvs, *hdr;
802 const struct eap_hdr *ehdr;
803 size_t len;
804 u8 flags;
805 u16 seq;
806 char nai[254];
807 struct eap_server_erp_key *erp;
808 int max_len;
809 u8 hash[SHA256_MAC_LEN];
810 size_t hash_len;
811 struct erp_tlvs parse;
812 u8 resp_flags = 0x80; /* default to failure; cleared on success */
813
814 SM_ENTRY(EAP, INITIATE_RECEIVED);
815
816 sm->rxInitiate = false;
817
818 pos = eap_hdr_validate(EAP_VENDOR_IETF,
819 (enum eap_type) EAP_ERP_TYPE_REAUTH,
820 sm->eap_if.eapRespData, &len);
821 if (pos == NULL) {
822 wpa_printf(MSG_INFO, "EAP-Initiate: Invalid frame");
823 goto fail;
824 }
825 hdr = wpabuf_head(sm->eap_if.eapRespData);
826 ehdr = wpabuf_head(sm->eap_if.eapRespData);
827
828 wpa_hexdump(MSG_DEBUG, "EAP: EAP-Initiate/Re-Auth", pos, len);
829 if (len < 4) {
830 wpa_printf(MSG_INFO, "EAP: Too short EAP-Initiate/Re-auth");
831 goto fail;
832 }
833 end = pos + len;
834
835 flags = *pos++;
836 seq = WPA_GET_BE16(pos);
837 pos += 2;
838 wpa_printf(MSG_DEBUG, "EAP: Flags=0x%x SEQ=%u", flags, seq);
839 tlvs = pos;
840
841 /*
842 * Parse TVs/TLVs. Since we do not yet know the length of the
843 * Authentication Tag, stop parsing if an unknown TV/TLV is seen and
844 * just try to find the keyName-NAI first so that we can check the
845 * Authentication Tag.
846 */
847 if (erp_parse_tlvs(tlvs, end, &parse, 1) < 0)
848 goto fail;
849
850 if (!parse.keyname) {
851 wpa_printf(MSG_DEBUG,
852 "EAP: No keyName-NAI in EAP-Initiate/Re-auth Packet");
853 goto fail;
854 }
855
856 wpa_hexdump_ascii(MSG_DEBUG, "EAP: EAP-Initiate/Re-auth - keyName-NAI",
857 parse.keyname, parse.keyname_len);
858 if (parse.keyname_len > 253) {
859 wpa_printf(MSG_DEBUG,
860 "EAP: Too long keyName-NAI in EAP-Initiate/Re-auth");
861 goto fail;
862 }
863 os_memcpy(nai, parse.keyname, parse.keyname_len);
864 nai[parse.keyname_len] = '\0';
865
866 if (!sm->cfg->eap_server) {
867 /*
868 * In passthrough case, EAP-Initiate/Re-auth replaces
869 * EAP Identity exchange. Use keyName-NAI as the user identity
870 * and forward EAP-Initiate/Re-auth to the backend
871 * authentication server.
872 */
873 wpa_printf(MSG_DEBUG,
874 "EAP: Use keyName-NAI as user identity for backend authentication");
875 eap_server_clear_identity(sm);
876 sm->identity = (u8 *) dup_binstr(parse.keyname,
877 parse.keyname_len);
878 if (!sm->identity)
879 goto fail;
880 sm->identity_len = parse.keyname_len;
881 return;
882 }
883
884 erp = eap_erp_get_key(sm, nai);
885 if (!erp) {
886 wpa_printf(MSG_DEBUG, "EAP: No matching ERP key found for %s",
887 nai);
888 goto report_error;
889 }
890
891 if (erp->recv_seq != (u32) -1 && erp->recv_seq >= seq) {
892 wpa_printf(MSG_DEBUG,
893 "EAP: SEQ=%u replayed (already received SEQ=%u)",
894 seq, erp->recv_seq);
895 goto fail;
896 }
897
898 /* Is there enough room for Cryptosuite and Authentication Tag? */
899 start = parse.keyname + parse.keyname_len;
900 max_len = end - start;
901 if (max_len <
902 1 + (erp->cryptosuite == EAP_ERP_CS_HMAC_SHA256_256 ? 32 : 16)) {
903 wpa_printf(MSG_DEBUG,
904 "EAP: Not enough room for Authentication Tag");
905 goto fail;
906 }
907
908 switch (erp->cryptosuite) {
909 case EAP_ERP_CS_HMAC_SHA256_256:
910 if (end[-33] != erp->cryptosuite) {
911 wpa_printf(MSG_DEBUG,
912 "EAP: Different Cryptosuite used");
913 goto fail;
914 }
915 hash_len = 32;
916 break;
917 case EAP_ERP_CS_HMAC_SHA256_128:
918 if (end[-17] != erp->cryptosuite) {
919 wpa_printf(MSG_DEBUG,
920 "EAP: Different Cryptosuite used");
921 goto fail;
922 }
923 hash_len = 16;
924 break;
925 default:
926 hash_len = 0;
927 break;
928 }
929
930 if (hash_len) {
931 if (hmac_sha256(erp->rIK, erp->rIK_len, hdr,
932 end - hdr - hash_len, hash) < 0)
933 goto fail;
934 if (os_memcmp(end - hash_len, hash, hash_len) != 0) {
935 wpa_printf(MSG_DEBUG,
936 "EAP: Authentication Tag mismatch");
937 goto fail;
938 }
939 }
940
941 /* Check if any supported CS results in matching tag */
942 if (!hash_len && max_len >= 1 + 32 &&
943 end[-33] == EAP_ERP_CS_HMAC_SHA256_256) {
944 if (hmac_sha256(erp->rIK, erp->rIK_len, hdr,
945 end - hdr - 32, hash) < 0)
946 goto fail;
947 if (os_memcmp(end - 32, hash, 32) == 0) {
948 wpa_printf(MSG_DEBUG,
949 "EAP: Authentication Tag match using HMAC-SHA256-256");
950 hash_len = 32;
951 erp->cryptosuite = EAP_ERP_CS_HMAC_SHA256_256;
952 }
953 }
954
955 if (!hash_len && end[-17] == EAP_ERP_CS_HMAC_SHA256_128) {
956 if (hmac_sha256(erp->rIK, erp->rIK_len, hdr,
957 end - hdr - 16, hash) < 0)
958 goto fail;
959 if (os_memcmp(end - 16, hash, 16) == 0) {
960 wpa_printf(MSG_DEBUG,
961 "EAP: Authentication Tag match using HMAC-SHA256-128");
962 hash_len = 16;
963 erp->cryptosuite = EAP_ERP_CS_HMAC_SHA256_128;
964 }
965 }
966
967 if (!hash_len) {
968 wpa_printf(MSG_DEBUG,
969 "EAP: No supported cryptosuite matched Authentication Tag");
970 goto fail;
971 }
972 end -= 1 + hash_len;
973
974 /*
975 * Parse TVs/TLVs again now that we know the exact part of the buffer
976 * that contains them.
977 */
978 wpa_hexdump(MSG_DEBUG, "EAP: EAP-Initiate/Re-Auth TVs/TLVs",
979 tlvs, end - tlvs);
980 if (erp_parse_tlvs(tlvs, end, &parse, 0) < 0)
981 goto fail;
982
983 wpa_printf(MSG_DEBUG, "EAP: ERP key %s SEQ updated to %u",
984 erp->keyname_nai, seq);
985 erp->recv_seq = seq;
986 resp_flags &= ~0x80; /* R=0 - success */
987
988 report_error:
989 erp_send_finish_reauth(sm, erp, ehdr->identifier, resp_flags, seq, nai);
990 return;
991
992 fail:
993 sm->ignore = true;
994 }
995
996 #endif /* CONFIG_ERP */
997
998
999 #ifndef ESP_SUPPLICANT
SM_STATE(EAP,INITIALIZE_PASSTHROUGH)1000 SM_STATE(EAP, INITIALIZE_PASSTHROUGH)
1001 {
1002 SM_ENTRY(EAP, INITIALIZE_PASSTHROUGH);
1003
1004 wpabuf_free(sm->eap_if.aaaEapRespData);
1005 sm->eap_if.aaaEapRespData = NULL;
1006 sm->try_initiate_reauth = false;
1007 }
1008
1009
SM_STATE(EAP,IDLE2)1010 SM_STATE(EAP, IDLE2)
1011 {
1012 SM_ENTRY(EAP, IDLE2);
1013
1014 sm->eap_if.retransWhile = eap_sm_calculateTimeout(
1015 sm, sm->retransCount, sm->eap_if.eapSRTT, sm->eap_if.eapRTTVAR,
1016 sm->methodTimeout);
1017 }
1018
1019
SM_STATE(EAP,RETRANSMIT2)1020 SM_STATE(EAP, RETRANSMIT2)
1021 {
1022 SM_ENTRY(EAP, RETRANSMIT2);
1023
1024 sm->retransCount++;
1025 if (sm->retransCount <= sm->MaxRetrans && sm->lastReqData) {
1026 if (eap_copy_buf(&sm->eap_if.eapReqData, sm->lastReqData) == 0)
1027 sm->eap_if.eapReq = true;
1028 }
1029
1030 wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_RETRANSMIT2 MACSTR,
1031 MAC2STR(sm->peer_addr));
1032 }
1033
1034
SM_STATE(EAP,RECEIVED2)1035 SM_STATE(EAP, RECEIVED2)
1036 {
1037 SM_ENTRY(EAP, RECEIVED2);
1038
1039 /* parse rxResp, respId, respMethod */
1040 eap_sm_parseEapResp(sm, sm->eap_if.eapRespData);
1041 }
1042
1043
SM_STATE(EAP,DISCARD2)1044 SM_STATE(EAP, DISCARD2)
1045 {
1046 SM_ENTRY(EAP, DISCARD2);
1047 sm->eap_if.eapResp = false;
1048 sm->eap_if.eapNoReq = true;
1049 }
1050
1051
SM_STATE(EAP,SEND_REQUEST2)1052 SM_STATE(EAP, SEND_REQUEST2)
1053 {
1054 SM_ENTRY(EAP, SEND_REQUEST2);
1055
1056 sm->retransCount = 0;
1057 if (sm->eap_if.eapReqData) {
1058 if (eap_copy_buf(&sm->lastReqData, sm->eap_if.eapReqData) == 0)
1059 {
1060 sm->eap_if.eapResp = false;
1061 sm->eap_if.eapReq = true;
1062 } else {
1063 sm->eap_if.eapResp = false;
1064 sm->eap_if.eapReq = false;
1065 }
1066 } else {
1067 wpa_printf(MSG_INFO, "EAP: SEND_REQUEST2 - no eapReqData");
1068 sm->eap_if.eapResp = false;
1069 sm->eap_if.eapReq = false;
1070 sm->eap_if.eapNoReq = true;
1071 }
1072 }
1073
1074
SM_STATE(EAP,AAA_REQUEST)1075 SM_STATE(EAP, AAA_REQUEST)
1076 {
1077 SM_ENTRY(EAP, AAA_REQUEST);
1078
1079 if (sm->eap_if.eapRespData == NULL) {
1080 wpa_printf(MSG_INFO, "EAP: AAA_REQUEST - no eapRespData");
1081 return;
1082 }
1083
1084 /*
1085 * if (respMethod == IDENTITY)
1086 * aaaIdentity = eapRespData
1087 * This is already taken care of by the EAP-Identity method which
1088 * stores the identity into sm->identity.
1089 */
1090
1091 eap_copy_buf(&sm->eap_if.aaaEapRespData, sm->eap_if.eapRespData);
1092 }
1093
1094
SM_STATE(EAP,AAA_RESPONSE)1095 SM_STATE(EAP, AAA_RESPONSE)
1096 {
1097 SM_ENTRY(EAP, AAA_RESPONSE);
1098
1099 eap_copy_buf(&sm->eap_if.eapReqData, sm->eap_if.aaaEapReqData);
1100 sm->currentId = eap_sm_getId(sm->eap_if.eapReqData);
1101 sm->methodTimeout = sm->eap_if.aaaMethodTimeout;
1102 }
1103
1104
SM_STATE(EAP,AAA_IDLE)1105 SM_STATE(EAP, AAA_IDLE)
1106 {
1107 SM_ENTRY(EAP, AAA_IDLE);
1108
1109 sm->eap_if.aaaFail = false;
1110 sm->eap_if.aaaSuccess = false;
1111 sm->eap_if.aaaEapReq = false;
1112 sm->eap_if.aaaEapNoReq = false;
1113 sm->eap_if.aaaEapResp = true;
1114 }
1115
1116
SM_STATE(EAP,TIMEOUT_FAILURE2)1117 SM_STATE(EAP, TIMEOUT_FAILURE2)
1118 {
1119 SM_ENTRY(EAP, TIMEOUT_FAILURE2);
1120
1121 sm->eap_if.eapTimeout = true;
1122
1123 wpa_msg(sm->cfg->msg_ctx, MSG_INFO,
1124 WPA_EVENT_EAP_TIMEOUT_FAILURE2 MACSTR, MAC2STR(sm->peer_addr));
1125 }
1126
1127
SM_STATE(EAP,FAILURE2)1128 SM_STATE(EAP, FAILURE2)
1129 {
1130 SM_ENTRY(EAP, FAILURE2);
1131
1132 eap_copy_buf(&sm->eap_if.eapReqData, sm->eap_if.aaaEapReqData);
1133 sm->eap_if.eapFail = true;
1134
1135 wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_FAILURE2 MACSTR,
1136 MAC2STR(sm->peer_addr));
1137 }
1138
1139
SM_STATE(EAP,SUCCESS2)1140 SM_STATE(EAP, SUCCESS2)
1141 {
1142 SM_ENTRY(EAP, SUCCESS2);
1143
1144 eap_copy_buf(&sm->eap_if.eapReqData, sm->eap_if.aaaEapReqData);
1145
1146 sm->eap_if.eapKeyAvailable = sm->eap_if.aaaEapKeyAvailable;
1147 if (sm->eap_if.aaaEapKeyAvailable) {
1148 EAP_COPY(&sm->eap_if.eapKeyData, sm->eap_if.aaaEapKeyData);
1149 } else {
1150 bin_clear_free(sm->eap_if.eapKeyData, sm->eap_if.eapKeyDataLen);
1151 sm->eap_if.eapKeyData = NULL;
1152 sm->eap_if.eapKeyDataLen = 0;
1153 }
1154
1155 sm->eap_if.eapSuccess = true;
1156
1157 /*
1158 * Start reauthentication with identity request even though we know the
1159 * previously used identity. This is needed to get reauthentication
1160 * started properly.
1161 */
1162 sm->start_reauth = true;
1163
1164 wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_SUCCESS2 MACSTR,
1165 MAC2STR(sm->peer_addr));
1166 }
1167 #endif
1168
1169
SM_STEP(EAP)1170 SM_STEP(EAP)
1171 {
1172 if (sm->eap_if.eapRestart && sm->eap_if.portEnabled)
1173 SM_ENTER_GLOBAL(EAP, INITIALIZE);
1174 else if (!sm->eap_if.portEnabled)
1175 SM_ENTER_GLOBAL(EAP, DISABLED);
1176 else if (sm->num_rounds > sm->cfg->max_auth_rounds) {
1177 if (sm->num_rounds == sm->cfg->max_auth_rounds + 1) {
1178 wpa_printf(MSG_DEBUG, "EAP: more than %d "
1179 "authentication rounds - abort",
1180 sm->cfg->max_auth_rounds);
1181 sm->num_rounds++;
1182 SM_ENTER_GLOBAL(EAP, FAILURE);
1183 }
1184 } else if (sm->num_rounds_short > sm->cfg->max_auth_rounds_short) {
1185 if (sm->num_rounds_short ==
1186 sm->cfg->max_auth_rounds_short + 1) {
1187 wpa_printf(MSG_DEBUG,
1188 "EAP: more than %d authentication rounds (short) - abort",
1189 sm->cfg->max_auth_rounds_short);
1190 sm->num_rounds_short++;
1191 SM_ENTER_GLOBAL(EAP, FAILURE);
1192 }
1193 } else switch (sm->EAP_state) {
1194 case EAP_INITIALIZE:
1195 if (sm->cfg->backend_auth) {
1196 if (!sm->rxResp)
1197 SM_ENTER(EAP, SELECT_ACTION);
1198 else if (sm->rxResp &&
1199 (sm->respMethod == EAP_TYPE_NAK ||
1200 (sm->respMethod == EAP_TYPE_EXPANDED &&
1201 sm->respVendor == EAP_VENDOR_IETF &&
1202 sm->respVendorMethod == EAP_TYPE_NAK)))
1203 SM_ENTER(EAP, NAK);
1204 else
1205 SM_ENTER(EAP, PICK_UP_METHOD);
1206 } else {
1207 SM_ENTER(EAP, SELECT_ACTION);
1208 }
1209 break;
1210 case EAP_PICK_UP_METHOD:
1211 if (sm->currentMethod == EAP_TYPE_NONE) {
1212 SM_ENTER(EAP, SELECT_ACTION);
1213 } else {
1214 SM_ENTER(EAP, METHOD_RESPONSE);
1215 }
1216 break;
1217 case EAP_DISABLED:
1218 if (sm->eap_if.portEnabled)
1219 SM_ENTER(EAP, INITIALIZE);
1220 break;
1221 case EAP_IDLE:
1222 if (sm->eap_if.retransWhile == 0) {
1223 if (sm->try_initiate_reauth) {
1224 sm->try_initiate_reauth = false;
1225 SM_ENTER(EAP, SELECT_ACTION);
1226 } else {
1227 SM_ENTER(EAP, RETRANSMIT);
1228 }
1229 } else if (sm->eap_if.eapResp)
1230 SM_ENTER(EAP, RECEIVED);
1231 break;
1232 case EAP_RETRANSMIT:
1233 if (sm->retransCount > sm->MaxRetrans)
1234 SM_ENTER(EAP, TIMEOUT_FAILURE);
1235 else
1236 SM_ENTER(EAP, IDLE);
1237 break;
1238 case EAP_RECEIVED:
1239 if (sm->rxResp && (sm->respId == sm->currentId) &&
1240 (sm->respMethod == EAP_TYPE_NAK ||
1241 (sm->respMethod == EAP_TYPE_EXPANDED &&
1242 sm->respVendor == EAP_VENDOR_IETF &&
1243 sm->respVendorMethod == EAP_TYPE_NAK))
1244 && (sm->methodState == METHOD_PROPOSED))
1245 SM_ENTER(EAP, NAK);
1246 else if (sm->rxResp && (sm->respId == sm->currentId) &&
1247 ((sm->respMethod == sm->currentMethod) ||
1248 (sm->respMethod == EAP_TYPE_EXPANDED &&
1249 sm->respVendor == EAP_VENDOR_IETF &&
1250 sm->respVendorMethod == sm->currentMethod)))
1251 SM_ENTER(EAP, INTEGRITY_CHECK);
1252 #ifdef CONFIG_ERP
1253 else if (sm->rxInitiate)
1254 SM_ENTER(EAP, INITIATE_RECEIVED);
1255 #endif /* CONFIG_ERP */
1256 else {
1257 wpa_printf(MSG_DEBUG, "EAP: RECEIVED->DISCARD: "
1258 "rxResp=%d respId=%d currentId=%d "
1259 "respMethod=%d currentMethod=%d",
1260 sm->rxResp, sm->respId, sm->currentId,
1261 sm->respMethod, sm->currentMethod);
1262 eap_log_msg(sm, "Discard received EAP message");
1263 SM_ENTER(EAP, DISCARD);
1264 }
1265 break;
1266 case EAP_DISCARD:
1267 SM_ENTER(EAP, IDLE);
1268 break;
1269 case EAP_SEND_REQUEST:
1270 SM_ENTER(EAP, IDLE);
1271 break;
1272 case EAP_INTEGRITY_CHECK:
1273 if (sm->ignore)
1274 SM_ENTER(EAP, DISCARD);
1275 else
1276 SM_ENTER(EAP, METHOD_RESPONSE);
1277 break;
1278 case EAP_METHOD_REQUEST:
1279 if (sm->m == NULL) {
1280 /*
1281 * This transition is not mentioned in RFC 4137, but it
1282 * is needed to handle cleanly a case where EAP method
1283 * initialization fails.
1284 */
1285 SM_ENTER(EAP, FAILURE);
1286 break;
1287 }
1288 SM_ENTER(EAP, SEND_REQUEST);
1289 if (sm->eap_if.eapNoReq && !sm->eap_if.eapReq) {
1290 /*
1291 * This transition is not mentioned in RFC 4137, but it
1292 * is needed to handle cleanly a case where EAP method
1293 * buildReq fails.
1294 */
1295 wpa_printf(MSG_DEBUG,
1296 "EAP: Method did not return a request");
1297 SM_ENTER(EAP, FAILURE);
1298 break;
1299 }
1300 break;
1301 case EAP_METHOD_RESPONSE:
1302 /*
1303 * Note: Mechanism to allow EAP methods to wait while going
1304 * through pending processing is an extension to RFC 4137
1305 * which only defines the transits to SELECT_ACTION and
1306 * METHOD_REQUEST from this METHOD_RESPONSE state.
1307 */
1308 if (sm->methodState == METHOD_END)
1309 SM_ENTER(EAP, SELECT_ACTION);
1310 else if (sm->method_pending == METHOD_PENDING_WAIT) {
1311 wpa_printf(MSG_DEBUG, "EAP: Method has pending "
1312 "processing - wait before proceeding to "
1313 "METHOD_REQUEST state");
1314 } else if (sm->method_pending == METHOD_PENDING_CONT) {
1315 wpa_printf(MSG_DEBUG, "EAP: Method has completed "
1316 "pending processing - reprocess pending "
1317 "EAP message");
1318 sm->method_pending = METHOD_PENDING_NONE;
1319 SM_ENTER(EAP, METHOD_RESPONSE);
1320 } else
1321 SM_ENTER(EAP, METHOD_REQUEST);
1322 break;
1323 case EAP_PROPOSE_METHOD:
1324 /*
1325 * Note: Mechanism to allow EAP methods to wait while going
1326 * through pending processing is an extension to RFC 4137
1327 * which only defines the transit to METHOD_REQUEST from this
1328 * PROPOSE_METHOD state.
1329 */
1330 if (sm->method_pending == METHOD_PENDING_WAIT) {
1331 wpa_printf(MSG_DEBUG, "EAP: Method has pending "
1332 "processing - wait before proceeding to "
1333 "METHOD_REQUEST state");
1334 if (sm->user_eap_method_index > 0)
1335 sm->user_eap_method_index--;
1336 } else if (sm->method_pending == METHOD_PENDING_CONT) {
1337 wpa_printf(MSG_DEBUG, "EAP: Method has completed "
1338 "pending processing - reprocess pending "
1339 "EAP message");
1340 sm->method_pending = METHOD_PENDING_NONE;
1341 SM_ENTER(EAP, PROPOSE_METHOD);
1342 } else
1343 SM_ENTER(EAP, METHOD_REQUEST);
1344 break;
1345 case EAP_NAK:
1346 SM_ENTER(EAP, SELECT_ACTION);
1347 break;
1348 case EAP_SELECT_ACTION:
1349 if (sm->decision == DECISION_FAILURE)
1350 SM_ENTER(EAP, FAILURE);
1351 else if (sm->decision == DECISION_SUCCESS)
1352 SM_ENTER(EAP, SUCCESS);
1353 #ifndef ESP_SUPPLICANT
1354 else if (sm->decision == DECISION_PASSTHROUGH)
1355 SM_ENTER(EAP, INITIALIZE_PASSTHROUGH);
1356 #endif
1357 else if (sm->decision == DECISION_INITIATE_REAUTH_START)
1358 SM_ENTER(EAP, INITIATE_REAUTH_START);
1359 #ifdef CONFIG_ERP
1360 else if (sm->cfg->eap_server && sm->cfg->erp && sm->rxInitiate)
1361 SM_ENTER(EAP, INITIATE_RECEIVED);
1362 #endif /* CONFIG_ERP */
1363 else
1364 SM_ENTER(EAP, PROPOSE_METHOD);
1365 break;
1366 case EAP_INITIATE_REAUTH_START:
1367 SM_ENTER(EAP, SEND_REQUEST);
1368 break;
1369 case EAP_INITIATE_RECEIVED:
1370 if (!sm->cfg->eap_server)
1371 SM_ENTER(EAP, SELECT_ACTION);
1372 break;
1373 case EAP_TIMEOUT_FAILURE:
1374 break;
1375 case EAP_FAILURE:
1376 break;
1377 case EAP_SUCCESS:
1378 break;
1379 #ifndef ESP_SUPPLICANT
1380 case EAP_INITIALIZE_PASSTHROUGH:
1381 if (sm->currentId == -1)
1382 SM_ENTER(EAP, AAA_IDLE);
1383 else
1384 SM_ENTER(EAP, AAA_REQUEST);
1385 break;
1386 case EAP_IDLE2:
1387 if (sm->eap_if.eapResp)
1388 SM_ENTER(EAP, RECEIVED2);
1389 else if (sm->eap_if.retransWhile == 0)
1390 SM_ENTER(EAP, RETRANSMIT2);
1391 break;
1392 case EAP_RETRANSMIT2:
1393 if (sm->retransCount > sm->MaxRetrans)
1394 SM_ENTER(EAP, TIMEOUT_FAILURE2);
1395 else
1396 SM_ENTER(EAP, IDLE2);
1397 break;
1398 case EAP_RECEIVED2:
1399 if (sm->rxResp && (sm->respId == sm->currentId))
1400 SM_ENTER(EAP, AAA_REQUEST);
1401 else
1402 SM_ENTER(EAP, DISCARD2);
1403 break;
1404 case EAP_DISCARD2:
1405 SM_ENTER(EAP, IDLE2);
1406 break;
1407 case EAP_SEND_REQUEST2:
1408 SM_ENTER(EAP, IDLE2);
1409 break;
1410 case EAP_AAA_REQUEST:
1411 SM_ENTER(EAP, AAA_IDLE);
1412 break;
1413 case EAP_AAA_RESPONSE:
1414 SM_ENTER(EAP, SEND_REQUEST2);
1415 break;
1416 case EAP_AAA_IDLE:
1417 if (sm->eap_if.aaaFail)
1418 SM_ENTER(EAP, FAILURE2);
1419 else if (sm->eap_if.aaaSuccess)
1420 SM_ENTER(EAP, SUCCESS2);
1421 else if (sm->eap_if.aaaEapReq)
1422 SM_ENTER(EAP, AAA_RESPONSE);
1423 else if (sm->eap_if.aaaTimeout)
1424 SM_ENTER(EAP, TIMEOUT_FAILURE2);
1425 break;
1426 case EAP_TIMEOUT_FAILURE2:
1427 break;
1428 case EAP_FAILURE2:
1429 break;
1430 case EAP_SUCCESS2:
1431 break;
1432 #else
1433 default:
1434 break;
1435 #endif
1436 }
1437 }
1438
1439
eap_sm_calculateTimeout(struct eap_sm * sm,int retransCount,int eapSRTT,int eapRTTVAR,int methodTimeout)1440 static int eap_sm_calculateTimeout(struct eap_sm *sm, int retransCount,
1441 int eapSRTT, int eapRTTVAR,
1442 int methodTimeout)
1443 {
1444 int rto, i;
1445
1446 if (sm->try_initiate_reauth) {
1447 wpa_printf(MSG_DEBUG,
1448 "EAP: retransmit timeout 1 second for EAP-Initiate-Re-auth-Start");
1449 return 1;
1450 }
1451
1452 if (methodTimeout) {
1453 /*
1454 * EAP method (either internal or through AAA server, provided
1455 * timeout hint. Use that as-is as a timeout for retransmitting
1456 * the EAP request if no response is received.
1457 */
1458 wpa_printf(MSG_DEBUG, "EAP: retransmit timeout %d seconds "
1459 "(from EAP method hint)", methodTimeout);
1460 return methodTimeout;
1461 }
1462
1463 /*
1464 * RFC 3748 recommends algorithms described in RFC 2988 for estimation
1465 * of the retransmission timeout. This should be implemented once
1466 * round-trip time measurements are available. For nowm a simple
1467 * backoff mechanism is used instead if there are no EAP method
1468 * specific hints.
1469 *
1470 * SRTT = smoothed round-trip time
1471 * RTTVAR = round-trip time variation
1472 * RTO = retransmission timeout
1473 */
1474
1475 /*
1476 * RFC 2988, 2.1: before RTT measurement, set RTO to 3 seconds for
1477 * initial retransmission and then double the RTO to provide back off
1478 * per 5.5. Limit the maximum RTO to 20 seconds per RFC 3748, 4.3
1479 * modified RTOmax.
1480 */
1481 rto = 3;
1482 for (i = 0; i < retransCount; i++) {
1483 rto *= 2;
1484 if (rto >= 20) {
1485 rto = 20;
1486 break;
1487 }
1488 }
1489
1490 wpa_printf(MSG_DEBUG, "EAP: retransmit timeout %d seconds "
1491 "(from dynamic back off; retransCount=%d)",
1492 rto, retransCount);
1493
1494 return rto;
1495 }
1496
1497
eap_sm_parseEapResp(struct eap_sm * sm,const struct wpabuf * resp)1498 static void eap_sm_parseEapResp(struct eap_sm *sm, const struct wpabuf *resp)
1499 {
1500 const struct eap_hdr *hdr;
1501 size_t plen;
1502
1503 /* parse rxResp, respId, respMethod */
1504 sm->rxResp = false;
1505 sm->rxInitiate = false;
1506 sm->respId = -1;
1507 sm->respMethod = EAP_TYPE_NONE;
1508 sm->respVendor = EAP_VENDOR_IETF;
1509 sm->respVendorMethod = EAP_TYPE_NONE;
1510
1511 if (resp == NULL || wpabuf_len(resp) < sizeof(*hdr)) {
1512 wpa_printf(MSG_DEBUG, "EAP: parseEapResp: invalid resp=%p "
1513 "len=%lu", resp,
1514 resp ? (unsigned long) wpabuf_len(resp) : 0);
1515 return;
1516 }
1517
1518 hdr = wpabuf_head(resp);
1519 plen = be_to_host16(hdr->length);
1520 if (plen > wpabuf_len(resp)) {
1521 wpa_printf(MSG_DEBUG, "EAP: Ignored truncated EAP-Packet "
1522 "(len=%lu plen=%lu)",
1523 (unsigned long) wpabuf_len(resp),
1524 (unsigned long) plen);
1525 return;
1526 }
1527
1528 sm->respId = hdr->identifier;
1529
1530 if (hdr->code == EAP_CODE_RESPONSE)
1531 sm->rxResp = true;
1532 else if (hdr->code == EAP_CODE_INITIATE)
1533 sm->rxInitiate = true;
1534
1535 if (plen > sizeof(*hdr)) {
1536 u8 *pos = (u8 *) (hdr + 1);
1537 sm->respMethod = *pos++;
1538 if (sm->respMethod == EAP_TYPE_EXPANDED) {
1539 if (plen < sizeof(*hdr) + 8) {
1540 wpa_printf(MSG_DEBUG, "EAP: Ignored truncated "
1541 "expanded EAP-Packet (plen=%lu)",
1542 (unsigned long) plen);
1543 return;
1544 }
1545 sm->respVendor = WPA_GET_BE24(pos);
1546 pos += 3;
1547 sm->respVendorMethod = WPA_GET_BE32(pos);
1548 }
1549 }
1550
1551 wpa_printf(MSG_DEBUG,
1552 "EAP: parseEapResp: rxResp=%d rxInitiate=%d respId=%d respMethod=%u respVendor=%u respVendorMethod=%u",
1553 sm->rxResp, sm->rxInitiate, sm->respId, sm->respMethod,
1554 sm->respVendor, sm->respVendorMethod);
1555 }
1556
1557
1558 #ifndef ESP_SUPPLICANT
eap_sm_getId(const struct wpabuf * data)1559 static int eap_sm_getId(const struct wpabuf *data)
1560 {
1561 const struct eap_hdr *hdr;
1562
1563 if (data == NULL || wpabuf_len(data) < sizeof(*hdr))
1564 return -1;
1565
1566 hdr = wpabuf_head(data);
1567 wpa_printf(MSG_DEBUG, "EAP: getId: id=%d", hdr->identifier);
1568 return hdr->identifier;
1569 }
1570 #endif
1571
eap_sm_buildSuccess(struct eap_sm * sm,u8 id)1572 static struct wpabuf * eap_sm_buildSuccess(struct eap_sm *sm, u8 id)
1573 {
1574 struct wpabuf *msg;
1575 struct eap_hdr *resp;
1576 wpa_printf(MSG_DEBUG, "EAP: Building EAP-Success (id=%d)", id);
1577
1578 msg = wpabuf_alloc(sizeof(*resp));
1579 if (msg == NULL)
1580 return NULL;
1581 resp = wpabuf_put(msg, sizeof(*resp));
1582 resp->code = EAP_CODE_SUCCESS;
1583 resp->identifier = id;
1584 resp->length = host_to_be16(sizeof(*resp));
1585
1586 return msg;
1587 }
1588
1589
eap_sm_buildFailure(struct eap_sm * sm,u8 id)1590 static struct wpabuf * eap_sm_buildFailure(struct eap_sm *sm, u8 id)
1591 {
1592 struct wpabuf *msg;
1593 struct eap_hdr *resp;
1594 wpa_printf(MSG_DEBUG, "EAP: Building EAP-Failure (id=%d)", id);
1595
1596 msg = wpabuf_alloc(sizeof(*resp));
1597 if (msg == NULL)
1598 return NULL;
1599 resp = wpabuf_put(msg, sizeof(*resp));
1600 resp->code = EAP_CODE_FAILURE;
1601 resp->identifier = id;
1602 resp->length = host_to_be16(sizeof(*resp));
1603
1604 return msg;
1605 }
1606
1607
eap_sm_nextId(struct eap_sm * sm,int id)1608 static int eap_sm_nextId(struct eap_sm *sm, int id)
1609 {
1610 if (id < 0) {
1611 /* RFC 3748 Ch 4.1: recommended to initialize Identifier with a
1612 * random number */
1613 id = rand() & 0xff;
1614 if (id != sm->lastId)
1615 return id;
1616 }
1617 return (id + 1) & 0xff;
1618 }
1619
1620
1621 /**
1622 * eap_sm_process_nak - Process EAP-Response/Nak
1623 * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
1624 * @nak_list: Nak list (allowed methods) from the supplicant
1625 * @len: Length of nak_list in bytes
1626 *
1627 * This function is called when EAP-Response/Nak is received from the
1628 * supplicant. This can happen for both phase 1 and phase 2 authentications.
1629 */
eap_sm_process_nak(struct eap_sm * sm,const u8 * nak_list,size_t len)1630 void eap_sm_process_nak(struct eap_sm *sm, const u8 *nak_list, size_t len)
1631 {
1632 int i;
1633 size_t j;
1634
1635 if (sm->user == NULL)
1636 return;
1637
1638 wpa_printf(MSG_MSGDUMP, "EAP: processing NAK (current EAP method "
1639 "index %d)", sm->user_eap_method_index);
1640
1641 wpa_hexdump(MSG_MSGDUMP, "EAP: configured methods",
1642 (u8 *) sm->user->methods,
1643 EAP_MAX_METHODS * sizeof(sm->user->methods[0]));
1644 wpa_hexdump(MSG_MSGDUMP, "EAP: list of methods supported by the peer",
1645 nak_list, len);
1646
1647 i = sm->user_eap_method_index;
1648 while (i < EAP_MAX_METHODS &&
1649 (sm->user->methods[i].vendor != EAP_VENDOR_IETF ||
1650 sm->user->methods[i].method != EAP_TYPE_NONE)) {
1651 if (sm->user->methods[i].vendor != EAP_VENDOR_IETF)
1652 goto not_found;
1653 for (j = 0; j < len; j++) {
1654 if (nak_list[j] == sm->user->methods[i].method) {
1655 break;
1656 }
1657 }
1658
1659 if (j < len) {
1660 /* found */
1661 i++;
1662 continue;
1663 }
1664
1665 not_found:
1666 /* not found - remove from the list */
1667 if (i + 1 < EAP_MAX_METHODS) {
1668 os_memmove(&sm->user->methods[i],
1669 &sm->user->methods[i + 1],
1670 (EAP_MAX_METHODS - i - 1) *
1671 sizeof(sm->user->methods[0]));
1672 }
1673 sm->user->methods[EAP_MAX_METHODS - 1].vendor =
1674 EAP_VENDOR_IETF;
1675 sm->user->methods[EAP_MAX_METHODS - 1].method = EAP_TYPE_NONE;
1676 }
1677
1678 wpa_hexdump(MSG_MSGDUMP, "EAP: new list of configured methods",
1679 (u8 *) sm->user->methods, EAP_MAX_METHODS *
1680 sizeof(sm->user->methods[0]));
1681 }
1682
1683
eap_sm_Policy_update(struct eap_sm * sm,const u8 * nak_list,size_t len)1684 static void eap_sm_Policy_update(struct eap_sm *sm, const u8 *nak_list,
1685 size_t len)
1686 {
1687 if (nak_list == NULL || sm == NULL || sm->user == NULL)
1688 return;
1689
1690 if (sm->user->phase2) {
1691 wpa_printf(MSG_DEBUG, "EAP: EAP-Nak received after Phase2 user"
1692 " info was selected - reject");
1693 sm->decision = DECISION_FAILURE;
1694 return;
1695 }
1696
1697 eap_sm_process_nak(sm, nak_list, len);
1698 }
1699
1700
eap_sm_Policy_getNextMethod(struct eap_sm * sm,int * vendor)1701 static enum eap_type eap_sm_Policy_getNextMethod(struct eap_sm *sm, int *vendor)
1702 {
1703 enum eap_type next;
1704 int idx = sm->user_eap_method_index;
1705
1706 /* In theory, there should be no problems with starting
1707 * re-authentication with something else than EAP-Request/Identity and
1708 * this does indeed work with wpa_supplicant. However, at least Funk
1709 * Supplicant seemed to ignore re-auth if it skipped
1710 * EAP-Request/Identity.
1711 * Re-auth sets currentId == -1, so that can be used here to select
1712 * whether Identity needs to be requested again. */
1713 if (sm->identity == NULL || sm->currentId == -1) {
1714 *vendor = EAP_VENDOR_IETF;
1715 next = EAP_TYPE_IDENTITY;
1716 sm->update_user = true;
1717 } else if (sm->user && idx < EAP_MAX_METHODS &&
1718 (sm->user->methods[idx].vendor != EAP_VENDOR_IETF ||
1719 sm->user->methods[idx].method != EAP_TYPE_NONE)) {
1720 *vendor = sm->user->methods[idx].vendor;
1721 next = sm->user->methods[idx].method;
1722 sm->user_eap_method_index++;
1723 } else {
1724 *vendor = EAP_VENDOR_IETF;
1725 next = EAP_TYPE_NONE;
1726 }
1727 wpa_printf(MSG_DEBUG, "EAP: getNextMethod: vendor %d type %d",
1728 *vendor, next);
1729 return next;
1730 }
1731
1732
eap_sm_Policy_getDecision(struct eap_sm * sm)1733 static int eap_sm_Policy_getDecision(struct eap_sm *sm)
1734 {
1735 if (!sm->cfg->eap_server && sm->identity && !sm->start_reauth) {
1736 wpa_printf(MSG_DEBUG, "EAP: getDecision: -> PASSTHROUGH");
1737 return DECISION_PASSTHROUGH;
1738 }
1739
1740 if (sm->m && sm->currentMethod != EAP_TYPE_IDENTITY &&
1741 sm->m->isSuccess(sm, sm->eap_method_priv)) {
1742 wpa_printf(MSG_DEBUG, "EAP: getDecision: method succeeded -> "
1743 "SUCCESS");
1744 sm->update_user = true;
1745 return DECISION_SUCCESS;
1746 }
1747
1748 if (sm->m && sm->m->isDone(sm, sm->eap_method_priv) &&
1749 !sm->m->isSuccess(sm, sm->eap_method_priv)) {
1750 wpa_printf(MSG_DEBUG, "EAP: getDecision: method failed -> "
1751 "FAILURE");
1752 sm->update_user = true;
1753 return DECISION_FAILURE;
1754 }
1755
1756 if ((sm->user == NULL || sm->update_user) && sm->identity &&
1757 !sm->start_reauth) {
1758 /*
1759 * Allow Identity method to be started once to allow identity
1760 * selection hint to be sent from the authentication server,
1761 * but prevent a loop of Identity requests by only allowing
1762 * this to happen once.
1763 */
1764 int id_req = 0;
1765 if (sm->user && sm->currentMethod == EAP_TYPE_IDENTITY &&
1766 sm->user->methods[0].vendor == EAP_VENDOR_IETF &&
1767 sm->user->methods[0].method == EAP_TYPE_IDENTITY)
1768 id_req = 1;
1769 if (eap_user_get(sm, sm->identity, sm->identity_len, 0) != 0) {
1770 wpa_printf(MSG_DEBUG, "EAP: getDecision: user not "
1771 "found from database -> FAILURE");
1772 return DECISION_FAILURE;
1773 }
1774 if (id_req && sm->user &&
1775 sm->user->methods[0].vendor == EAP_VENDOR_IETF &&
1776 sm->user->methods[0].method == EAP_TYPE_IDENTITY) {
1777 wpa_printf(MSG_DEBUG, "EAP: getDecision: stop "
1778 "identity request loop -> FAILURE");
1779 sm->update_user = true;
1780 return DECISION_FAILURE;
1781 }
1782 sm->update_user = false;
1783 }
1784 sm->start_reauth = false;
1785
1786 if (sm->user && sm->user_eap_method_index < EAP_MAX_METHODS &&
1787 (sm->user->methods[sm->user_eap_method_index].vendor !=
1788 EAP_VENDOR_IETF ||
1789 sm->user->methods[sm->user_eap_method_index].method !=
1790 EAP_TYPE_NONE)) {
1791 wpa_printf(MSG_DEBUG, "EAP: getDecision: another method "
1792 "available -> CONTINUE");
1793 return DECISION_CONTINUE;
1794 }
1795
1796 if (!sm->identity && eap_get_erp_send_reauth_start(sm) &&
1797 !sm->initiate_reauth_start_sent) {
1798 wpa_printf(MSG_DEBUG,
1799 "EAP: getDecision: send EAP-Initiate/Re-auth-Start");
1800 return DECISION_INITIATE_REAUTH_START;
1801 }
1802
1803 if (sm->identity == NULL || sm->currentId == -1) {
1804 wpa_printf(MSG_DEBUG, "EAP: getDecision: no identity known "
1805 "yet -> CONTINUE");
1806 return DECISION_CONTINUE;
1807 }
1808
1809 wpa_printf(MSG_DEBUG, "EAP: getDecision: no more methods available -> "
1810 "FAILURE");
1811 return DECISION_FAILURE;
1812 }
1813
1814
eap_sm_Policy_doPickUp(struct eap_sm * sm,enum eap_type method)1815 static bool eap_sm_Policy_doPickUp(struct eap_sm *sm, enum eap_type method)
1816 {
1817 return method == EAP_TYPE_IDENTITY;
1818 }
1819
1820
1821 /**
1822 * eap_server_sm_step - Step EAP server state machine
1823 * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
1824 * Returns: 1 if EAP state was changed or 0 if not
1825 *
1826 * This function advances EAP state machine to a new state to match with the
1827 * current variables. This should be called whenever variables used by the EAP
1828 * state machine have changed.
1829 */
eap_server_sm_step(struct eap_sm * sm)1830 int eap_server_sm_step(struct eap_sm *sm)
1831 {
1832 int res = 0;
1833 do {
1834 sm->changed = false;
1835 SM_STEP_RUN(EAP);
1836 if (sm->changed)
1837 res = 1;
1838 } while (sm->changed);
1839 return res;
1840 }
1841
1842
eap_user_free(struct eap_user * user)1843 void eap_user_free(struct eap_user *user)
1844 {
1845 if (user == NULL)
1846 return;
1847 bin_clear_free(user->password, user->password_len);
1848 user->password = NULL;
1849 bin_clear_free(user->salt, user->salt_len);
1850 user->salt = NULL;
1851 os_free(user);
1852 }
1853
1854
1855 /**
1856 * eap_server_sm_init - Allocate and initialize EAP server state machine
1857 * @eapol_ctx: Context data to be used with eapol_cb calls
1858 * @eapol_cb: Pointer to EAPOL callback functions
1859 * @conf: EAP configuration
1860 * Returns: Pointer to the allocated EAP state machine or %NULL on failure
1861 *
1862 * This function allocates and initializes an EAP state machine.
1863 */
eap_server_sm_init(void * eapol_ctx,const struct eapol_callbacks * eapol_cb,const struct eap_config * conf,const struct eap_session_data * sess)1864 struct eap_sm * eap_server_sm_init(void *eapol_ctx,
1865 const struct eapol_callbacks *eapol_cb,
1866 const struct eap_config *conf,
1867 const struct eap_session_data *sess)
1868 {
1869 struct eap_sm *sm;
1870
1871 sm = os_zalloc(sizeof(*sm));
1872 if (sm == NULL)
1873 return NULL;
1874 sm->eapol_ctx = eapol_ctx;
1875 sm->eapol_cb = eapol_cb;
1876 sm->MaxRetrans = 5; /* RFC 3748: max 3-5 retransmissions suggested */
1877 sm->cfg = conf;
1878 if (sess->assoc_wps_ie)
1879 sm->assoc_wps_ie = wpabuf_dup(sess->assoc_wps_ie);
1880 if (sess->assoc_p2p_ie)
1881 sm->assoc_p2p_ie = wpabuf_dup(sess->assoc_p2p_ie);
1882 if (sess->peer_addr)
1883 os_memcpy(sm->peer_addr, sess->peer_addr, ETH_ALEN);
1884 #ifdef CONFIG_TESTING_OPTIONS
1885 sm->tls_test_flags = sess->tls_test_flags;
1886 #endif /* CONFIG_TESTING_OPTIONS */
1887 sm->eap_if.portEnabled = 1;
1888
1889 wpa_printf(MSG_DEBUG, "EAP: Server state machine created");
1890
1891 return sm;
1892 }
1893
1894
1895 /**
1896 * eap_server_sm_deinit - Deinitialize and free an EAP server state machine
1897 * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
1898 *
1899 * This function deinitializes EAP state machine and frees all allocated
1900 * resources.
1901 */
eap_server_sm_deinit(struct eap_sm * sm)1902 void eap_server_sm_deinit(struct eap_sm *sm)
1903 {
1904 if (sm == NULL)
1905 return;
1906 wpa_printf(MSG_DEBUG, "EAP: Server state machine removed");
1907 if (sm->m && sm->eap_method_priv)
1908 sm->m->reset(sm, sm->eap_method_priv);
1909 wpabuf_free(sm->eap_if.eapReqData);
1910 bin_clear_free(sm->eap_if.eapKeyData, sm->eap_if.eapKeyDataLen);
1911 os_free(sm->eap_if.eapSessionId);
1912 wpabuf_free(sm->lastReqData);
1913 wpabuf_free(sm->eap_if.eapRespData);
1914 os_free(sm->identity);
1915 os_free(sm->serial_num);
1916 #ifndef ESP_SUPPLICANT
1917 wpabuf_free(sm->eap_if.aaaEapReqData);
1918 wpabuf_free(sm->eap_if.aaaEapRespData);
1919 bin_clear_free(sm->eap_if.aaaEapKeyData, sm->eap_if.aaaEapKeyDataLen);
1920 #endif
1921 eap_user_free(sm->user);
1922 wpabuf_free(sm->assoc_wps_ie);
1923 wpabuf_free(sm->assoc_p2p_ie);
1924 os_free(sm);
1925 }
1926
1927
1928 /**
1929 * eap_sm_notify_cached - Notify EAP state machine of cached PMK
1930 * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
1931 *
1932 * This function is called when PMKSA caching is used to skip EAP
1933 * authentication.
1934 */
eap_sm_notify_cached(struct eap_sm * sm)1935 void eap_sm_notify_cached(struct eap_sm *sm)
1936 {
1937 if (sm == NULL)
1938 return;
1939
1940 sm->EAP_state = EAP_SUCCESS;
1941 }
1942
1943
1944 /**
1945 * eap_sm_pending_cb - EAP state machine callback for a pending EAP request
1946 * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
1947 *
1948 * This function is called when data for a pending EAP-Request is received.
1949 */
eap_sm_pending_cb(struct eap_sm * sm)1950 void eap_sm_pending_cb(struct eap_sm *sm)
1951 {
1952 if (sm == NULL)
1953 return;
1954 wpa_printf(MSG_DEBUG, "EAP: Callback for pending request received");
1955 if (sm->method_pending == METHOD_PENDING_WAIT)
1956 sm->method_pending = METHOD_PENDING_CONT;
1957 }
1958
1959
1960 /**
1961 * eap_sm_method_pending - Query whether EAP method is waiting for pending data
1962 * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
1963 * Returns: 1 if method is waiting for pending data or 0 if not
1964 */
eap_sm_method_pending(struct eap_sm * sm)1965 int eap_sm_method_pending(struct eap_sm *sm)
1966 {
1967 if (sm == NULL)
1968 return 0;
1969 return sm->method_pending == METHOD_PENDING_WAIT;
1970 }
1971
1972
1973 /**
1974 * eap_get_identity - Get the user identity (from EAP-Response/Identity)
1975 * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
1976 * @len: Buffer for returning identity length
1977 * Returns: Pointer to the user identity or %NULL if not available
1978 */
eap_get_identity(struct eap_sm * sm,size_t * len)1979 const u8 * eap_get_identity(struct eap_sm *sm, size_t *len)
1980 {
1981 *len = sm->identity_len;
1982 return sm->identity;
1983 }
1984
1985
1986 /**
1987 * eap_get_serial_num - Get the serial number of user certificate
1988 * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
1989 * Returns: Pointer to the serial number or %NULL if not available
1990 */
eap_get_serial_num(struct eap_sm * sm)1991 const char * eap_get_serial_num(struct eap_sm *sm)
1992 {
1993 return sm->serial_num;
1994 }
1995
1996
1997 /**
1998 * eap_get_method - Get the used EAP method
1999 * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
2000 * Returns: Pointer to the method name or %NULL if not available
2001 */
eap_get_method(struct eap_sm * sm)2002 const char * eap_get_method(struct eap_sm *sm)
2003 {
2004 if (!sm || !sm->m)
2005 return NULL;
2006 return sm->m->name;
2007 }
2008
2009
2010 /**
2011 * eap_get_imsi - Get IMSI of the user
2012 * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
2013 * Returns: Pointer to IMSI or %NULL if not available
2014 */
eap_get_imsi(struct eap_sm * sm)2015 const char * eap_get_imsi(struct eap_sm *sm)
2016 {
2017 if (!sm || sm->imsi[0] == '\0')
2018 return NULL;
2019 return sm->imsi;
2020 }
2021
2022
eap_erp_update_identity(struct eap_sm * sm,const u8 * eap,size_t len)2023 void eap_erp_update_identity(struct eap_sm *sm, const u8 *eap, size_t len)
2024 {
2025 #ifdef CONFIG_ERP
2026 const struct eap_hdr *hdr;
2027 const u8 *pos, *end;
2028 struct erp_tlvs parse;
2029
2030 if (len < sizeof(*hdr) + 1)
2031 return;
2032 hdr = (const struct eap_hdr *) eap;
2033 end = eap + len;
2034 pos = (const u8 *) (hdr + 1);
2035 if (hdr->code != EAP_CODE_INITIATE || *pos != EAP_ERP_TYPE_REAUTH)
2036 return;
2037 pos++;
2038 if (pos + 3 > end)
2039 return;
2040
2041 /* Skip Flags and SEQ */
2042 pos += 3;
2043
2044 if (erp_parse_tlvs(pos, end, &parse, 1) < 0 || !parse.keyname)
2045 return;
2046 wpa_hexdump_ascii(MSG_DEBUG,
2047 "EAP: Update identity based on EAP-Initiate/Re-auth keyName-NAI",
2048 parse.keyname, parse.keyname_len);
2049 os_free(sm->identity);
2050 sm->identity = os_malloc(parse.keyname_len);
2051 if (sm->identity) {
2052 os_memcpy(sm->identity, parse.keyname, parse.keyname_len);
2053 sm->identity_len = parse.keyname_len;
2054 } else {
2055 sm->identity_len = 0;
2056 }
2057 #endif /* CONFIG_ERP */
2058 }
2059
2060
2061 /**
2062 * eap_get_interface - Get pointer to EAP-EAPOL interface data
2063 * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
2064 * Returns: Pointer to the EAP-EAPOL interface data
2065 */
eap_get_interface(struct eap_sm * sm)2066 struct eap_eapol_interface * eap_get_interface(struct eap_sm *sm)
2067 {
2068 return &sm->eap_if;
2069 }
2070
2071
2072 /**
2073 * eap_server_clear_identity - Clear EAP identity information
2074 * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
2075 *
2076 * This function can be used to clear the EAP identity information in the EAP
2077 * server context. This allows the EAP/Identity method to be used again after
2078 * EAPOL-Start or EAPOL-Logoff.
2079 */
eap_server_clear_identity(struct eap_sm * sm)2080 void eap_server_clear_identity(struct eap_sm *sm)
2081 {
2082 os_free(sm->identity);
2083 sm->identity = NULL;
2084 }
2085
2086
2087 #ifdef CONFIG_TESTING_OPTIONS
eap_server_mschap_rx_callback(struct eap_sm * sm,const char * source,const u8 * username,size_t username_len,const u8 * challenge,const u8 * response)2088 void eap_server_mschap_rx_callback(struct eap_sm *sm, const char *source,
2089 const u8 *username, size_t username_len,
2090 const u8 *challenge, const u8 *response)
2091 {
2092 char hex_challenge[30], hex_response[90], user[100];
2093
2094 /* Print out Challenge and Response in format supported by asleap. */
2095 if (username)
2096 printf_encode(user, sizeof(user), username, username_len);
2097 else
2098 user[0] = '\0';
2099 wpa_snprintf_hex_sep(hex_challenge, sizeof(hex_challenge),
2100 challenge, sizeof(challenge), ':');
2101 wpa_snprintf_hex_sep(hex_response, sizeof(hex_response), response, 24,
2102 ':');
2103 wpa_printf(MSG_DEBUG, "[%s/user=%s] asleap -C %s -R %s",
2104 source, user, hex_challenge, hex_response);
2105 }
2106 #endif /* CONFIG_TESTING_OPTIONS */
2107
2108
eap_server_config_free(struct eap_config * cfg)2109 void eap_server_config_free(struct eap_config *cfg)
2110 {
2111 if (!cfg)
2112 return;
2113 os_free(cfg->pac_opaque_encr_key);
2114 os_free(cfg->eap_fast_a_id);
2115 os_free(cfg->eap_fast_a_id_info);
2116 os_free(cfg->server_id);
2117 os_free(cfg);
2118 }
2119
