1 /* 2 * EAP peer state machines (RFC 4137) 3 * Copyright (c) 2004-2014, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 * 8 * This file implements the Peer State Machine as defined in RFC 4137. The used 9 * states and state transitions match mostly with the RFC. However, there are 10 * couple of additional transitions for working around small issues noticed 11 * during testing. These exceptions are explained in comments within the 12 * functions in this file. The method functions, m.func(), are similar to the 13 * ones used in RFC 4137, but some small changes have used here to optimize 14 * operations and to add functionality needed for fast re-authentication 15 * (session resumption). 16 */ 17 18 #include "includes.h" 19 20 #include "common.h" 21 #include "pcsc_funcs.h" 22 #include "state_machine.h" 23 #include "ext_password.h" 24 #include "crypto/crypto.h" 25 #include "crypto/tls.h" 26 #include "crypto/sha256.h" 27 #include "common/wpa_ctrl.h" 28 #include "eap_common/eap_wsc_common.h" 29 #include "eap_i.h" 30 #include "eap_config.h" 31 32 #define STATE_MACHINE_DATA struct eap_sm 33 #define STATE_MACHINE_DEBUG_PREFIX "EAP" 34 35 #define EAP_MAX_AUTH_ROUNDS 50 36 #define EAP_CLIENT_TIMEOUT_DEFAULT 60 37 38 39 static Boolean eap_sm_allowMethod(struct eap_sm *sm, int vendor, 40 EapType method); 41 static struct wpabuf * eap_sm_buildNak(struct eap_sm *sm, int id); 42 static void eap_sm_processIdentity(struct eap_sm *sm, 43 const struct wpabuf *req); 44 static void eap_sm_processNotify(struct eap_sm *sm, const struct wpabuf *req); 45 static struct wpabuf * eap_sm_buildNotify(int id); 46 static void eap_sm_parseEapReq(struct eap_sm *sm, const struct wpabuf *req); 47 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG) 48 static const char * eap_sm_method_state_txt(EapMethodState state); 49 static const char * eap_sm_decision_txt(EapDecision decision); 50 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */ 51 52 53 54 static Boolean eapol_get_bool(struct eap_sm *sm, enum eapol_bool_var var) 55 { 56 return sm->eapol_cb->get_bool(sm->eapol_ctx, var); 57 } 58 59 60 static void eapol_set_bool(struct eap_sm *sm, enum eapol_bool_var var, 61 Boolean value) 62 { 63 sm->eapol_cb->set_bool(sm->eapol_ctx, var, value); 64 } 65 66 67 static unsigned int eapol_get_int(struct eap_sm *sm, enum eapol_int_var var) 68 { 69 return sm->eapol_cb->get_int(sm->eapol_ctx, var); 70 } 71 72 73 static void eapol_set_int(struct eap_sm *sm, enum eapol_int_var var, 74 unsigned int value) 75 { 76 sm->eapol_cb->set_int(sm->eapol_ctx, var, value); 77 } 78 79 80 static struct wpabuf * eapol_get_eapReqData(struct eap_sm *sm) 81 { 82 return sm->eapol_cb->get_eapReqData(sm->eapol_ctx); 83 } 84 85 86 static void eap_notify_status(struct eap_sm *sm, const char *status, 87 const char *parameter) 88 { 89 wpa_printf(MSG_DEBUG, "EAP: Status notification: %s (param=%s)", 90 status, parameter); 91 if (sm->eapol_cb->notify_status) 92 sm->eapol_cb->notify_status(sm->eapol_ctx, status, parameter); 93 } 94 95 96 static void eap_sm_free_key(struct eap_sm *sm) 97 { 98 if (sm->eapKeyData) { 99 bin_clear_free(sm->eapKeyData, sm->eapKeyDataLen); 100 sm->eapKeyData = NULL; 101 } 102 } 103 104 105 static void eap_deinit_prev_method(struct eap_sm *sm, const char *txt) 106 { 107 ext_password_free(sm->ext_pw_buf); 108 sm->ext_pw_buf = NULL; 109 110 if (sm->m == NULL || sm->eap_method_priv == NULL) 111 return; 112 113 wpa_printf(MSG_DEBUG, "EAP: deinitialize previously used EAP method " 114 "(%d, %s) at %s", sm->selectedMethod, sm->m->name, txt); 115 sm->m->deinit(sm, sm->eap_method_priv); 116 sm->eap_method_priv = NULL; 117 sm->m = NULL; 118 } 119 120 121 /** 122 * eap_allowed_method - Check whether EAP method is allowed 123 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 124 * @vendor: Vendor-Id for expanded types or 0 = IETF for legacy types 125 * @method: EAP type 126 * Returns: 1 = allowed EAP method, 0 = not allowed 127 */ 128 int eap_allowed_method(struct eap_sm *sm, int vendor, u32 method) 129 { 130 struct eap_peer_config *config = eap_get_config(sm); 131 int i; 132 struct eap_method_type *m; 133 134 if (config == NULL || config->eap_methods == NULL) 135 return 1; 136 137 m = config->eap_methods; 138 for (i = 0; m[i].vendor != EAP_VENDOR_IETF || 139 m[i].method != EAP_TYPE_NONE; i++) { 140 if (m[i].vendor == vendor && m[i].method == method) 141 return 1; 142 } 143 return 0; 144 } 145 146 147 /* 148 * This state initializes state machine variables when the machine is 149 * activated (portEnabled = TRUE). This is also used when re-starting 150 * authentication (eapRestart == TRUE). 151 */ 152 SM_STATE(EAP, INITIALIZE) 153 { 154 SM_ENTRY(EAP, INITIALIZE); 155 if (sm->fast_reauth && sm->m && sm->m->has_reauth_data && 156 sm->m->has_reauth_data(sm, sm->eap_method_priv) && 157 !sm->prev_failure && 158 sm->last_config == eap_get_config(sm)) { 159 wpa_printf(MSG_DEBUG, "EAP: maintaining EAP method data for " 160 "fast reauthentication"); 161 sm->m->deinit_for_reauth(sm, sm->eap_method_priv); 162 } else { 163 sm->last_config = eap_get_config(sm); 164 eap_deinit_prev_method(sm, "INITIALIZE"); 165 } 166 sm->selectedMethod = EAP_TYPE_NONE; 167 sm->methodState = METHOD_NONE; 168 sm->allowNotifications = TRUE; 169 sm->decision = DECISION_FAIL; 170 sm->ClientTimeout = EAP_CLIENT_TIMEOUT_DEFAULT; 171 eapol_set_int(sm, EAPOL_idleWhile, sm->ClientTimeout); 172 eapol_set_bool(sm, EAPOL_eapSuccess, FALSE); 173 eapol_set_bool(sm, EAPOL_eapFail, FALSE); 174 eap_sm_free_key(sm); 175 os_free(sm->eapSessionId); 176 sm->eapSessionId = NULL; 177 sm->eapKeyAvailable = FALSE; 178 eapol_set_bool(sm, EAPOL_eapRestart, FALSE); 179 sm->lastId = -1; /* new session - make sure this does not match with 180 * the first EAP-Packet */ 181 /* 182 * RFC 4137 does not reset eapResp and eapNoResp here. However, this 183 * seemed to be able to trigger cases where both were set and if EAPOL 184 * state machine uses eapNoResp first, it may end up not sending a real 185 * reply correctly. This occurred when the workaround in FAIL state set 186 * eapNoResp = TRUE.. Maybe that workaround needs to be fixed to do 187 * something else(?) 188 */ 189 eapol_set_bool(sm, EAPOL_eapResp, FALSE); 190 eapol_set_bool(sm, EAPOL_eapNoResp, FALSE); 191 sm->num_rounds = 0; 192 sm->prev_failure = 0; 193 sm->expected_failure = 0; 194 sm->reauthInit = FALSE; 195 sm->erp_seq = (u32) -1; 196 } 197 198 199 /* 200 * This state is reached whenever service from the lower layer is interrupted 201 * or unavailable (portEnabled == FALSE). Immediate transition to INITIALIZE 202 * occurs when the port becomes enabled. 203 */ 204 SM_STATE(EAP, DISABLED) 205 { 206 SM_ENTRY(EAP, DISABLED); 207 sm->num_rounds = 0; 208 /* 209 * RFC 4137 does not describe clearing of idleWhile here, but doing so 210 * allows the timer tick to be stopped more quickly when EAP is not in 211 * use. 212 */ 213 eapol_set_int(sm, EAPOL_idleWhile, 0); 214 } 215 216 217 /* 218 * The state machine spends most of its time here, waiting for something to 219 * happen. This state is entered unconditionally from INITIALIZE, DISCARD, and 220 * SEND_RESPONSE states. 221 */ 222 SM_STATE(EAP, IDLE) 223 { 224 SM_ENTRY(EAP, IDLE); 225 } 226 227 228 /* 229 * This state is entered when an EAP packet is received (eapReq == TRUE) to 230 * parse the packet header. 231 */ 232 SM_STATE(EAP, RECEIVED) 233 { 234 const struct wpabuf *eapReqData; 235 236 SM_ENTRY(EAP, RECEIVED); 237 eapReqData = eapol_get_eapReqData(sm); 238 /* parse rxReq, rxSuccess, rxFailure, reqId, reqMethod */ 239 eap_sm_parseEapReq(sm, eapReqData); 240 sm->num_rounds++; 241 } 242 243 244 /* 245 * This state is entered when a request for a new type comes in. Either the 246 * correct method is started, or a Nak response is built. 247 */ 248 SM_STATE(EAP, GET_METHOD) 249 { 250 int reinit; 251 EapType method; 252 const struct eap_method *eap_method; 253 254 SM_ENTRY(EAP, GET_METHOD); 255 256 if (sm->reqMethod == EAP_TYPE_EXPANDED) 257 method = sm->reqVendorMethod; 258 else 259 method = sm->reqMethod; 260 261 eap_method = eap_peer_get_eap_method(sm->reqVendor, method); 262 263 if (!eap_sm_allowMethod(sm, sm->reqVendor, method)) { 264 wpa_printf(MSG_DEBUG, "EAP: vendor %u method %u not allowed", 265 sm->reqVendor, method); 266 wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_PROPOSED_METHOD 267 "vendor=%u method=%u -> NAK", 268 sm->reqVendor, method); 269 eap_notify_status(sm, "refuse proposed method", 270 eap_method ? eap_method->name : "unknown"); 271 goto nak; 272 } 273 274 wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_PROPOSED_METHOD 275 "vendor=%u method=%u", sm->reqVendor, method); 276 277 eap_notify_status(sm, "accept proposed method", 278 eap_method ? eap_method->name : "unknown"); 279 /* 280 * RFC 4137 does not define specific operation for fast 281 * re-authentication (session resumption). The design here is to allow 282 * the previously used method data to be maintained for 283 * re-authentication if the method support session resumption. 284 * Otherwise, the previously used method data is freed and a new method 285 * is allocated here. 286 */ 287 if (sm->fast_reauth && 288 sm->m && sm->m->vendor == sm->reqVendor && 289 sm->m->method == method && 290 sm->m->has_reauth_data && 291 sm->m->has_reauth_data(sm, sm->eap_method_priv)) { 292 wpa_printf(MSG_DEBUG, "EAP: Using previous method data" 293 " for fast re-authentication"); 294 reinit = 1; 295 } else { 296 eap_deinit_prev_method(sm, "GET_METHOD"); 297 reinit = 0; 298 } 299 300 sm->selectedMethod = sm->reqMethod; 301 if (sm->m == NULL) 302 sm->m = eap_method; 303 if (!sm->m) { 304 wpa_printf(MSG_DEBUG, "EAP: Could not find selected method: " 305 "vendor %d method %d", 306 sm->reqVendor, method); 307 goto nak; 308 } 309 310 sm->ClientTimeout = EAP_CLIENT_TIMEOUT_DEFAULT; 311 312 wpa_printf(MSG_DEBUG, "EAP: Initialize selected EAP method: " 313 "vendor %u method %u (%s)", 314 sm->reqVendor, method, sm->m->name); 315 if (reinit) 316 sm->eap_method_priv = sm->m->init_for_reauth( 317 sm, sm->eap_method_priv); 318 else 319 sm->eap_method_priv = sm->m->init(sm); 320 321 if (sm->eap_method_priv == NULL) { 322 struct eap_peer_config *config = eap_get_config(sm); 323 wpa_msg(sm->msg_ctx, MSG_INFO, 324 "EAP: Failed to initialize EAP method: vendor %u " 325 "method %u (%s)", 326 sm->reqVendor, method, sm->m->name); 327 sm->m = NULL; 328 sm->methodState = METHOD_NONE; 329 sm->selectedMethod = EAP_TYPE_NONE; 330 if (sm->reqMethod == EAP_TYPE_TLS && config && 331 (config->pending_req_pin || 332 config->pending_req_passphrase)) { 333 /* 334 * Return without generating Nak in order to allow 335 * entering of PIN code or passphrase to retry the 336 * current EAP packet. 337 */ 338 wpa_printf(MSG_DEBUG, "EAP: Pending PIN/passphrase " 339 "request - skip Nak"); 340 return; 341 } 342 343 goto nak; 344 } 345 346 sm->methodState = METHOD_INIT; 347 wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_METHOD 348 "EAP vendor %u method %u (%s) selected", 349 sm->reqVendor, method, sm->m->name); 350 return; 351 352 nak: 353 wpabuf_free(sm->eapRespData); 354 sm->eapRespData = NULL; 355 sm->eapRespData = eap_sm_buildNak(sm, sm->reqId); 356 } 357 358 359 #ifdef CONFIG_ERP 360 361 static char * eap_home_realm(struct eap_sm *sm) 362 { 363 struct eap_peer_config *config = eap_get_config(sm); 364 char *realm; 365 size_t i, realm_len; 366 367 if (!config) 368 return NULL; 369 370 if (config->identity) { 371 for (i = 0; i < config->identity_len; i++) { 372 if (config->identity[i] == '@') 373 break; 374 } 375 if (i < config->identity_len) { 376 realm_len = config->identity_len - i - 1; 377 realm = os_malloc(realm_len + 1); 378 if (realm == NULL) 379 return NULL; 380 os_memcpy(realm, &config->identity[i + 1], realm_len); 381 realm[realm_len] = '\0'; 382 return realm; 383 } 384 } 385 386 if (config->anonymous_identity) { 387 for (i = 0; i < config->anonymous_identity_len; i++) { 388 if (config->anonymous_identity[i] == '@') 389 break; 390 } 391 if (i < config->anonymous_identity_len) { 392 realm_len = config->anonymous_identity_len - i - 1; 393 realm = os_malloc(realm_len + 1); 394 if (realm == NULL) 395 return NULL; 396 os_memcpy(realm, &config->anonymous_identity[i + 1], 397 realm_len); 398 realm[realm_len] = '\0'; 399 return realm; 400 } 401 } 402 403 return os_strdup(""); 404 } 405 406 407 static struct eap_erp_key * 408 eap_erp_get_key(struct eap_sm *sm, const char *realm) 409 { 410 struct eap_erp_key *erp; 411 412 dl_list_for_each(erp, &sm->erp_keys, struct eap_erp_key, list) { 413 char *pos; 414 415 pos = os_strchr(erp->keyname_nai, '@'); 416 if (!pos) 417 continue; 418 pos++; 419 if (os_strcmp(pos, realm) == 0) 420 return erp; 421 } 422 423 return NULL; 424 } 425 426 427 static struct eap_erp_key * 428 eap_erp_get_key_nai(struct eap_sm *sm, const char *nai) 429 { 430 struct eap_erp_key *erp; 431 432 dl_list_for_each(erp, &sm->erp_keys, struct eap_erp_key, list) { 433 if (os_strcmp(erp->keyname_nai, nai) == 0) 434 return erp; 435 } 436 437 return NULL; 438 } 439 440 441 static void eap_peer_erp_free_key(struct eap_erp_key *erp) 442 { 443 dl_list_del(&erp->list); 444 bin_clear_free(erp, sizeof(*erp)); 445 } 446 447 448 static void eap_erp_remove_keys_realm(struct eap_sm *sm, const char *realm) 449 { 450 struct eap_erp_key *erp; 451 452 while ((erp = eap_erp_get_key(sm, realm)) != NULL) { 453 wpa_printf(MSG_DEBUG, "EAP: Delete old ERP key %s", 454 erp->keyname_nai); 455 eap_peer_erp_free_key(erp); 456 } 457 } 458 459 #endif /* CONFIG_ERP */ 460 461 462 void eap_peer_erp_free_keys(struct eap_sm *sm) 463 { 464 #ifdef CONFIG_ERP 465 struct eap_erp_key *erp, *tmp; 466 467 dl_list_for_each_safe(erp, tmp, &sm->erp_keys, struct eap_erp_key, list) 468 eap_peer_erp_free_key(erp); 469 #endif /* CONFIG_ERP */ 470 } 471 472 473 static void eap_peer_erp_init(struct eap_sm *sm) 474 { 475 #ifdef CONFIG_ERP 476 u8 *emsk = NULL; 477 size_t emsk_len = 0; 478 u8 EMSKname[EAP_EMSK_NAME_LEN]; 479 u8 len[2]; 480 char *realm; 481 size_t realm_len, nai_buf_len; 482 struct eap_erp_key *erp = NULL; 483 int pos; 484 485 realm = eap_home_realm(sm); 486 if (!realm) 487 return; 488 realm_len = os_strlen(realm); 489 wpa_printf(MSG_DEBUG, "EAP: Realm for ERP keyName-NAI: %s", realm); 490 eap_erp_remove_keys_realm(sm, realm); 491 492 nai_buf_len = 2 * EAP_EMSK_NAME_LEN + 1 + realm_len; 493 if (nai_buf_len > 253) { 494 /* 495 * keyName-NAI has a maximum length of 253 octet to fit in 496 * RADIUS attributes. 497 */ 498 wpa_printf(MSG_DEBUG, 499 "EAP: Too long realm for ERP keyName-NAI maximum length"); 500 goto fail; 501 } 502 nai_buf_len++; /* null termination */ 503 erp = os_zalloc(sizeof(*erp) + nai_buf_len); 504 if (erp == NULL) 505 goto fail; 506 507 emsk = sm->m->get_emsk(sm, sm->eap_method_priv, &emsk_len); 508 if (!emsk || emsk_len == 0 || emsk_len > ERP_MAX_KEY_LEN) { 509 wpa_printf(MSG_DEBUG, 510 "EAP: No suitable EMSK available for ERP"); 511 goto fail; 512 } 513 514 wpa_hexdump_key(MSG_DEBUG, "EAP: EMSK", emsk, emsk_len); 515 516 WPA_PUT_BE16(len, 8); 517 if (hmac_sha256_kdf(sm->eapSessionId, sm->eapSessionIdLen, "EMSK", 518 len, sizeof(len), 519 EMSKname, EAP_EMSK_NAME_LEN) < 0) { 520 wpa_printf(MSG_DEBUG, "EAP: Could not derive EMSKname"); 521 goto fail; 522 } 523 wpa_hexdump(MSG_DEBUG, "EAP: EMSKname", EMSKname, EAP_EMSK_NAME_LEN); 524 525 pos = wpa_snprintf_hex(erp->keyname_nai, nai_buf_len, 526 EMSKname, EAP_EMSK_NAME_LEN); 527 erp->keyname_nai[pos] = '@'; 528 os_memcpy(&erp->keyname_nai[pos + 1], realm, realm_len); 529 530 WPA_PUT_BE16(len, emsk_len); 531 if (hmac_sha256_kdf(emsk, emsk_len, 532 "EAP Re-authentication Root Key@ietf.org", 533 len, sizeof(len), erp->rRK, emsk_len) < 0) { 534 wpa_printf(MSG_DEBUG, "EAP: Could not derive rRK for ERP"); 535 goto fail; 536 } 537 erp->rRK_len = emsk_len; 538 wpa_hexdump_key(MSG_DEBUG, "EAP: ERP rRK", erp->rRK, erp->rRK_len); 539 540 if (hmac_sha256_kdf(erp->rRK, erp->rRK_len, 541 "EAP Re-authentication Integrity Key@ietf.org", 542 len, sizeof(len), erp->rIK, erp->rRK_len) < 0) { 543 wpa_printf(MSG_DEBUG, "EAP: Could not derive rIK for ERP"); 544 goto fail; 545 } 546 erp->rIK_len = erp->rRK_len; 547 wpa_hexdump_key(MSG_DEBUG, "EAP: ERP rIK", erp->rIK, erp->rIK_len); 548 549 wpa_printf(MSG_DEBUG, "EAP: Stored ERP keys %s", erp->keyname_nai); 550 dl_list_add(&sm->erp_keys, &erp->list); 551 erp = NULL; 552 fail: 553 bin_clear_free(emsk, emsk_len); 554 bin_clear_free(erp, sizeof(*erp)); 555 os_free(realm); 556 #endif /* CONFIG_ERP */ 557 } 558 559 560 #ifdef CONFIG_ERP 561 static int eap_peer_erp_reauth_start(struct eap_sm *sm, 562 const struct eap_hdr *hdr, size_t len) 563 { 564 char *realm; 565 struct eap_erp_key *erp; 566 struct wpabuf *msg; 567 u8 hash[SHA256_MAC_LEN]; 568 569 realm = eap_home_realm(sm); 570 if (!realm) 571 return -1; 572 573 erp = eap_erp_get_key(sm, realm); 574 os_free(realm); 575 realm = NULL; 576 if (!erp) 577 return -1; 578 579 if (erp->next_seq >= 65536) 580 return -1; /* SEQ has range of 0..65535 */ 581 582 /* TODO: check rRK lifetime expiration */ 583 584 wpa_printf(MSG_DEBUG, "EAP: Valid ERP key found %s (SEQ=%u)", 585 erp->keyname_nai, erp->next_seq); 586 587 msg = eap_msg_alloc(EAP_VENDOR_IETF, (EapType) EAP_ERP_TYPE_REAUTH, 588 1 + 2 + 2 + os_strlen(erp->keyname_nai) + 1 + 16, 589 EAP_CODE_INITIATE, hdr->identifier); 590 if (msg == NULL) 591 return -1; 592 593 wpabuf_put_u8(msg, 0x20); /* Flags: R=0 B=0 L=1 */ 594 wpabuf_put_be16(msg, erp->next_seq); 595 596 wpabuf_put_u8(msg, EAP_ERP_TLV_KEYNAME_NAI); 597 wpabuf_put_u8(msg, os_strlen(erp->keyname_nai)); 598 wpabuf_put_str(msg, erp->keyname_nai); 599 600 wpabuf_put_u8(msg, EAP_ERP_CS_HMAC_SHA256_128); /* Cryptosuite */ 601 602 if (hmac_sha256(erp->rIK, erp->rIK_len, 603 wpabuf_head(msg), wpabuf_len(msg), hash) < 0) { 604 wpabuf_free(msg); 605 return -1; 606 } 607 wpabuf_put_data(msg, hash, 16); 608 609 wpa_printf(MSG_DEBUG, "EAP: Sending EAP-Initiate/Re-auth"); 610 sm->erp_seq = erp->next_seq; 611 erp->next_seq++; 612 wpabuf_free(sm->eapRespData); 613 sm->eapRespData = msg; 614 sm->reauthInit = TRUE; 615 return 0; 616 } 617 #endif /* CONFIG_ERP */ 618 619 620 /* 621 * The method processing happens here. The request from the authenticator is 622 * processed, and an appropriate response packet is built. 623 */ 624 SM_STATE(EAP, METHOD) 625 { 626 struct wpabuf *eapReqData; 627 struct eap_method_ret ret; 628 int min_len = 1; 629 630 SM_ENTRY(EAP, METHOD); 631 if (sm->m == NULL) { 632 wpa_printf(MSG_WARNING, "EAP::METHOD - method not selected"); 633 return; 634 } 635 636 eapReqData = eapol_get_eapReqData(sm); 637 if (sm->m->vendor == EAP_VENDOR_IETF && sm->m->method == EAP_TYPE_LEAP) 638 min_len = 0; /* LEAP uses EAP-Success without payload */ 639 if (!eap_hdr_len_valid(eapReqData, min_len)) 640 return; 641 642 /* 643 * Get ignore, methodState, decision, allowNotifications, and 644 * eapRespData. RFC 4137 uses three separate method procedure (check, 645 * process, and buildResp) in this state. These have been combined into 646 * a single function call to m->process() in order to optimize EAP 647 * method implementation interface a bit. These procedures are only 648 * used from within this METHOD state, so there is no need to keep 649 * these as separate C functions. 650 * 651 * The RFC 4137 procedures return values as follows: 652 * ignore = m.check(eapReqData) 653 * (methodState, decision, allowNotifications) = m.process(eapReqData) 654 * eapRespData = m.buildResp(reqId) 655 */ 656 os_memset(&ret, 0, sizeof(ret)); 657 ret.ignore = sm->ignore; 658 ret.methodState = sm->methodState; 659 ret.decision = sm->decision; 660 ret.allowNotifications = sm->allowNotifications; 661 wpabuf_free(sm->eapRespData); 662 sm->eapRespData = NULL; 663 sm->eapRespData = sm->m->process(sm, sm->eap_method_priv, &ret, 664 eapReqData); 665 wpa_printf(MSG_DEBUG, "EAP: method process -> ignore=%s " 666 "methodState=%s decision=%s eapRespData=%p", 667 ret.ignore ? "TRUE" : "FALSE", 668 eap_sm_method_state_txt(ret.methodState), 669 eap_sm_decision_txt(ret.decision), 670 sm->eapRespData); 671 672 sm->ignore = ret.ignore; 673 if (sm->ignore) 674 return; 675 sm->methodState = ret.methodState; 676 sm->decision = ret.decision; 677 sm->allowNotifications = ret.allowNotifications; 678 679 if (sm->m->isKeyAvailable && sm->m->getKey && 680 sm->m->isKeyAvailable(sm, sm->eap_method_priv)) { 681 struct eap_peer_config *config = eap_get_config(sm); 682 683 eap_sm_free_key(sm); 684 sm->eapKeyData = sm->m->getKey(sm, sm->eap_method_priv, 685 &sm->eapKeyDataLen); 686 os_free(sm->eapSessionId); 687 sm->eapSessionId = NULL; 688 if (sm->m->getSessionId) { 689 sm->eapSessionId = sm->m->getSessionId( 690 sm, sm->eap_method_priv, 691 &sm->eapSessionIdLen); 692 wpa_hexdump(MSG_DEBUG, "EAP: Session-Id", 693 sm->eapSessionId, sm->eapSessionIdLen); 694 } 695 if (config->erp && sm->m->get_emsk && sm->eapSessionId) 696 eap_peer_erp_init(sm); 697 } 698 } 699 700 701 /* 702 * This state signals the lower layer that a response packet is ready to be 703 * sent. 704 */ 705 SM_STATE(EAP, SEND_RESPONSE) 706 { 707 SM_ENTRY(EAP, SEND_RESPONSE); 708 wpabuf_free(sm->lastRespData); 709 if (sm->eapRespData) { 710 if (sm->workaround) 711 os_memcpy(sm->last_sha1, sm->req_sha1, 20); 712 sm->lastId = sm->reqId; 713 sm->lastRespData = wpabuf_dup(sm->eapRespData); 714 eapol_set_bool(sm, EAPOL_eapResp, TRUE); 715 } else { 716 wpa_printf(MSG_DEBUG, "EAP: No eapRespData available"); 717 sm->lastRespData = NULL; 718 } 719 eapol_set_bool(sm, EAPOL_eapReq, FALSE); 720 eapol_set_int(sm, EAPOL_idleWhile, sm->ClientTimeout); 721 sm->reauthInit = FALSE; 722 } 723 724 725 /* 726 * This state signals the lower layer that the request was discarded, and no 727 * response packet will be sent at this time. 728 */ 729 SM_STATE(EAP, DISCARD) 730 { 731 SM_ENTRY(EAP, DISCARD); 732 eapol_set_bool(sm, EAPOL_eapReq, FALSE); 733 eapol_set_bool(sm, EAPOL_eapNoResp, TRUE); 734 } 735 736 737 /* 738 * Handles requests for Identity method and builds a response. 739 */ 740 SM_STATE(EAP, IDENTITY) 741 { 742 const struct wpabuf *eapReqData; 743 744 SM_ENTRY(EAP, IDENTITY); 745 eapReqData = eapol_get_eapReqData(sm); 746 if (!eap_hdr_len_valid(eapReqData, 1)) 747 return; 748 eap_sm_processIdentity(sm, eapReqData); 749 wpabuf_free(sm->eapRespData); 750 sm->eapRespData = NULL; 751 sm->eapRespData = eap_sm_buildIdentity(sm, sm->reqId, 0); 752 } 753 754 755 /* 756 * Handles requests for Notification method and builds a response. 757 */ 758 SM_STATE(EAP, NOTIFICATION) 759 { 760 const struct wpabuf *eapReqData; 761 762 SM_ENTRY(EAP, NOTIFICATION); 763 eapReqData = eapol_get_eapReqData(sm); 764 if (!eap_hdr_len_valid(eapReqData, 1)) 765 return; 766 eap_sm_processNotify(sm, eapReqData); 767 wpabuf_free(sm->eapRespData); 768 sm->eapRespData = NULL; 769 sm->eapRespData = eap_sm_buildNotify(sm->reqId); 770 } 771 772 773 /* 774 * This state retransmits the previous response packet. 775 */ 776 SM_STATE(EAP, RETRANSMIT) 777 { 778 SM_ENTRY(EAP, RETRANSMIT); 779 wpabuf_free(sm->eapRespData); 780 if (sm->lastRespData) 781 sm->eapRespData = wpabuf_dup(sm->lastRespData); 782 else 783 sm->eapRespData = NULL; 784 } 785 786 787 /* 788 * This state is entered in case of a successful completion of authentication 789 * and state machine waits here until port is disabled or EAP authentication is 790 * restarted. 791 */ 792 SM_STATE(EAP, SUCCESS) 793 { 794 SM_ENTRY(EAP, SUCCESS); 795 if (sm->eapKeyData != NULL) 796 sm->eapKeyAvailable = TRUE; 797 eapol_set_bool(sm, EAPOL_eapSuccess, TRUE); 798 799 /* 800 * RFC 4137 does not clear eapReq here, but this seems to be required 801 * to avoid processing the same request twice when state machine is 802 * initialized. 803 */ 804 eapol_set_bool(sm, EAPOL_eapReq, FALSE); 805 806 /* 807 * RFC 4137 does not set eapNoResp here, but this seems to be required 808 * to get EAPOL Supplicant backend state machine into SUCCESS state. In 809 * addition, either eapResp or eapNoResp is required to be set after 810 * processing the received EAP frame. 811 */ 812 eapol_set_bool(sm, EAPOL_eapNoResp, TRUE); 813 814 wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_SUCCESS 815 "EAP authentication completed successfully"); 816 } 817 818 819 /* 820 * This state is entered in case of a failure and state machine waits here 821 * until port is disabled or EAP authentication is restarted. 822 */ 823 SM_STATE(EAP, FAILURE) 824 { 825 SM_ENTRY(EAP, FAILURE); 826 eapol_set_bool(sm, EAPOL_eapFail, TRUE); 827 828 /* 829 * RFC 4137 does not clear eapReq here, but this seems to be required 830 * to avoid processing the same request twice when state machine is 831 * initialized. 832 */ 833 eapol_set_bool(sm, EAPOL_eapReq, FALSE); 834 835 /* 836 * RFC 4137 does not set eapNoResp here. However, either eapResp or 837 * eapNoResp is required to be set after processing the received EAP 838 * frame. 839 */ 840 eapol_set_bool(sm, EAPOL_eapNoResp, TRUE); 841 842 wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_FAILURE 843 "EAP authentication failed"); 844 845 sm->prev_failure = 1; 846 } 847 848 849 static int eap_success_workaround(struct eap_sm *sm, int reqId, int lastId) 850 { 851 /* 852 * At least Microsoft IAS and Meetinghouse Aegis seem to be sending 853 * EAP-Success/Failure with lastId + 1 even though RFC 3748 and 854 * RFC 4137 require that reqId == lastId. In addition, it looks like 855 * Ringmaster v2.1.2.0 would be using lastId + 2 in EAP-Success. 856 * 857 * Accept this kind of Id if EAP workarounds are enabled. These are 858 * unauthenticated plaintext messages, so this should have minimal 859 * security implications (bit easier to fake EAP-Success/Failure). 860 */ 861 if (sm->workaround && (reqId == ((lastId + 1) & 0xff) || 862 reqId == ((lastId + 2) & 0xff))) { 863 wpa_printf(MSG_DEBUG, "EAP: Workaround for unexpected " 864 "identifier field in EAP Success: " 865 "reqId=%d lastId=%d (these are supposed to be " 866 "same)", reqId, lastId); 867 return 1; 868 } 869 wpa_printf(MSG_DEBUG, "EAP: EAP-Success Id mismatch - reqId=%d " 870 "lastId=%d", reqId, lastId); 871 return 0; 872 } 873 874 875 /* 876 * RFC 4137 - Appendix A.1: EAP Peer State Machine - State transitions 877 */ 878 879 static void eap_peer_sm_step_idle(struct eap_sm *sm) 880 { 881 /* 882 * The first three transitions are from RFC 4137. The last two are 883 * local additions to handle special cases with LEAP and PEAP server 884 * not sending EAP-Success in some cases. 885 */ 886 if (eapol_get_bool(sm, EAPOL_eapReq)) 887 SM_ENTER(EAP, RECEIVED); 888 else if ((eapol_get_bool(sm, EAPOL_altAccept) && 889 sm->decision != DECISION_FAIL) || 890 (eapol_get_int(sm, EAPOL_idleWhile) == 0 && 891 sm->decision == DECISION_UNCOND_SUCC)) 892 SM_ENTER(EAP, SUCCESS); 893 else if (eapol_get_bool(sm, EAPOL_altReject) || 894 (eapol_get_int(sm, EAPOL_idleWhile) == 0 && 895 sm->decision != DECISION_UNCOND_SUCC) || 896 (eapol_get_bool(sm, EAPOL_altAccept) && 897 sm->methodState != METHOD_CONT && 898 sm->decision == DECISION_FAIL)) 899 SM_ENTER(EAP, FAILURE); 900 else if (sm->selectedMethod == EAP_TYPE_LEAP && 901 sm->leap_done && sm->decision != DECISION_FAIL && 902 sm->methodState == METHOD_DONE) 903 SM_ENTER(EAP, SUCCESS); 904 else if (sm->selectedMethod == EAP_TYPE_PEAP && 905 sm->peap_done && sm->decision != DECISION_FAIL && 906 sm->methodState == METHOD_DONE) 907 SM_ENTER(EAP, SUCCESS); 908 } 909 910 911 static int eap_peer_req_is_duplicate(struct eap_sm *sm) 912 { 913 int duplicate; 914 915 duplicate = (sm->reqId == sm->lastId) && sm->rxReq; 916 if (sm->workaround && duplicate && 917 os_memcmp(sm->req_sha1, sm->last_sha1, 20) != 0) { 918 /* 919 * RFC 4137 uses (reqId == lastId) as the only verification for 920 * duplicate EAP requests. However, this misses cases where the 921 * AS is incorrectly using the same id again; and 922 * unfortunately, such implementations exist. Use SHA1 hash as 923 * an extra verification for the packets being duplicate to 924 * workaround these issues. 925 */ 926 wpa_printf(MSG_DEBUG, "EAP: AS used the same Id again, but " 927 "EAP packets were not identical"); 928 wpa_printf(MSG_DEBUG, "EAP: workaround - assume this is not a " 929 "duplicate packet"); 930 duplicate = 0; 931 } 932 933 return duplicate; 934 } 935 936 937 static int eap_peer_sm_allow_canned(struct eap_sm *sm) 938 { 939 struct eap_peer_config *config = eap_get_config(sm); 940 941 return config && config->phase1 && 942 os_strstr(config->phase1, "allow_canned_success=1"); 943 } 944 945 946 static void eap_peer_sm_step_received(struct eap_sm *sm) 947 { 948 int duplicate = eap_peer_req_is_duplicate(sm); 949 950 /* 951 * Two special cases below for LEAP are local additions to work around 952 * odd LEAP behavior (EAP-Success in the middle of authentication and 953 * then swapped roles). Other transitions are based on RFC 4137. 954 */ 955 if (sm->rxSuccess && sm->decision != DECISION_FAIL && 956 (sm->reqId == sm->lastId || 957 eap_success_workaround(sm, sm->reqId, sm->lastId))) 958 SM_ENTER(EAP, SUCCESS); 959 else if (sm->workaround && sm->lastId == -1 && sm->rxSuccess && 960 !sm->rxFailure && !sm->rxReq && eap_peer_sm_allow_canned(sm)) 961 SM_ENTER(EAP, SUCCESS); /* EAP-Success prior any EAP method */ 962 else if (sm->workaround && sm->lastId == -1 && sm->rxFailure && 963 !sm->rxReq && sm->methodState != METHOD_CONT && 964 eap_peer_sm_allow_canned(sm)) 965 SM_ENTER(EAP, FAILURE); /* EAP-Failure prior any EAP method */ 966 else if (sm->workaround && sm->rxSuccess && !sm->rxFailure && 967 !sm->rxReq && sm->methodState != METHOD_CONT && 968 eap_peer_sm_allow_canned(sm)) 969 SM_ENTER(EAP, SUCCESS); /* EAP-Success after Identity */ 970 else if (sm->methodState != METHOD_CONT && 971 ((sm->rxFailure && 972 sm->decision != DECISION_UNCOND_SUCC) || 973 (sm->rxSuccess && sm->decision == DECISION_FAIL && 974 (sm->selectedMethod != EAP_TYPE_LEAP || 975 sm->methodState != METHOD_MAY_CONT))) && 976 (sm->reqId == sm->lastId || 977 eap_success_workaround(sm, sm->reqId, sm->lastId))) 978 SM_ENTER(EAP, FAILURE); 979 else if (sm->rxReq && duplicate) 980 SM_ENTER(EAP, RETRANSMIT); 981 else if (sm->rxReq && !duplicate && 982 sm->reqMethod == EAP_TYPE_NOTIFICATION && 983 sm->allowNotifications) 984 SM_ENTER(EAP, NOTIFICATION); 985 else if (sm->rxReq && !duplicate && 986 sm->selectedMethod == EAP_TYPE_NONE && 987 sm->reqMethod == EAP_TYPE_IDENTITY) 988 SM_ENTER(EAP, IDENTITY); 989 else if (sm->rxReq && !duplicate && 990 sm->selectedMethod == EAP_TYPE_NONE && 991 sm->reqMethod != EAP_TYPE_IDENTITY && 992 sm->reqMethod != EAP_TYPE_NOTIFICATION) 993 SM_ENTER(EAP, GET_METHOD); 994 else if (sm->rxReq && !duplicate && 995 sm->reqMethod == sm->selectedMethod && 996 sm->methodState != METHOD_DONE) 997 SM_ENTER(EAP, METHOD); 998 else if (sm->selectedMethod == EAP_TYPE_LEAP && 999 (sm->rxSuccess || sm->rxResp)) 1000 SM_ENTER(EAP, METHOD); 1001 else if (sm->reauthInit) 1002 SM_ENTER(EAP, SEND_RESPONSE); 1003 else 1004 SM_ENTER(EAP, DISCARD); 1005 } 1006 1007 1008 static void eap_peer_sm_step_local(struct eap_sm *sm) 1009 { 1010 switch (sm->EAP_state) { 1011 case EAP_INITIALIZE: 1012 SM_ENTER(EAP, IDLE); 1013 break; 1014 case EAP_DISABLED: 1015 if (eapol_get_bool(sm, EAPOL_portEnabled) && 1016 !sm->force_disabled) 1017 SM_ENTER(EAP, INITIALIZE); 1018 break; 1019 case EAP_IDLE: 1020 eap_peer_sm_step_idle(sm); 1021 break; 1022 case EAP_RECEIVED: 1023 eap_peer_sm_step_received(sm); 1024 break; 1025 case EAP_GET_METHOD: 1026 if (sm->selectedMethod == sm->reqMethod) 1027 SM_ENTER(EAP, METHOD); 1028 else 1029 SM_ENTER(EAP, SEND_RESPONSE); 1030 break; 1031 case EAP_METHOD: 1032 /* 1033 * Note: RFC 4137 uses methodState == DONE && decision == FAIL 1034 * as the condition. eapRespData == NULL here is used to allow 1035 * final EAP method response to be sent without having to change 1036 * all methods to either use methodState MAY_CONT or leaving 1037 * decision to something else than FAIL in cases where the only 1038 * expected response is EAP-Failure. 1039 */ 1040 if (sm->ignore) 1041 SM_ENTER(EAP, DISCARD); 1042 else if (sm->methodState == METHOD_DONE && 1043 sm->decision == DECISION_FAIL && !sm->eapRespData) 1044 SM_ENTER(EAP, FAILURE); 1045 else 1046 SM_ENTER(EAP, SEND_RESPONSE); 1047 break; 1048 case EAP_SEND_RESPONSE: 1049 SM_ENTER(EAP, IDLE); 1050 break; 1051 case EAP_DISCARD: 1052 SM_ENTER(EAP, IDLE); 1053 break; 1054 case EAP_IDENTITY: 1055 SM_ENTER(EAP, SEND_RESPONSE); 1056 break; 1057 case EAP_NOTIFICATION: 1058 SM_ENTER(EAP, SEND_RESPONSE); 1059 break; 1060 case EAP_RETRANSMIT: 1061 SM_ENTER(EAP, SEND_RESPONSE); 1062 break; 1063 case EAP_SUCCESS: 1064 break; 1065 case EAP_FAILURE: 1066 break; 1067 } 1068 } 1069 1070 1071 SM_STEP(EAP) 1072 { 1073 /* Global transitions */ 1074 if (eapol_get_bool(sm, EAPOL_eapRestart) && 1075 eapol_get_bool(sm, EAPOL_portEnabled)) 1076 SM_ENTER_GLOBAL(EAP, INITIALIZE); 1077 else if (!eapol_get_bool(sm, EAPOL_portEnabled) || sm->force_disabled) 1078 SM_ENTER_GLOBAL(EAP, DISABLED); 1079 else if (sm->num_rounds > EAP_MAX_AUTH_ROUNDS) { 1080 /* RFC 4137 does not place any limit on number of EAP messages 1081 * in an authentication session. However, some error cases have 1082 * ended up in a state were EAP messages were sent between the 1083 * peer and server in a loop (e.g., TLS ACK frame in both 1084 * direction). Since this is quite undesired outcome, limit the 1085 * total number of EAP round-trips and abort authentication if 1086 * this limit is exceeded. 1087 */ 1088 if (sm->num_rounds == EAP_MAX_AUTH_ROUNDS + 1) { 1089 wpa_msg(sm->msg_ctx, MSG_INFO, "EAP: more than %d " 1090 "authentication rounds - abort", 1091 EAP_MAX_AUTH_ROUNDS); 1092 sm->num_rounds++; 1093 SM_ENTER_GLOBAL(EAP, FAILURE); 1094 } 1095 } else { 1096 /* Local transitions */ 1097 eap_peer_sm_step_local(sm); 1098 } 1099 } 1100 1101 1102 static Boolean eap_sm_allowMethod(struct eap_sm *sm, int vendor, 1103 EapType method) 1104 { 1105 if (!eap_allowed_method(sm, vendor, method)) { 1106 wpa_printf(MSG_DEBUG, "EAP: configuration does not allow: " 1107 "vendor %u method %u", vendor, method); 1108 return FALSE; 1109 } 1110 if (eap_peer_get_eap_method(vendor, method)) 1111 return TRUE; 1112 wpa_printf(MSG_DEBUG, "EAP: not included in build: " 1113 "vendor %u method %u", vendor, method); 1114 return FALSE; 1115 } 1116 1117 1118 static struct wpabuf * eap_sm_build_expanded_nak( 1119 struct eap_sm *sm, int id, const struct eap_method *methods, 1120 size_t count) 1121 { 1122 struct wpabuf *resp; 1123 int found = 0; 1124 const struct eap_method *m; 1125 1126 wpa_printf(MSG_DEBUG, "EAP: Building expanded EAP-Nak"); 1127 1128 /* RFC 3748 - 5.3.2: Expanded Nak */ 1129 resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_EXPANDED, 1130 8 + 8 * (count + 1), EAP_CODE_RESPONSE, id); 1131 if (resp == NULL) 1132 return NULL; 1133 1134 wpabuf_put_be24(resp, EAP_VENDOR_IETF); 1135 wpabuf_put_be32(resp, EAP_TYPE_NAK); 1136 1137 for (m = methods; m; m = m->next) { 1138 if (sm->reqVendor == m->vendor && 1139 sm->reqVendorMethod == m->method) 1140 continue; /* do not allow the current method again */ 1141 if (eap_allowed_method(sm, m->vendor, m->method)) { 1142 wpa_printf(MSG_DEBUG, "EAP: allowed type: " 1143 "vendor=%u method=%u", 1144 m->vendor, m->method); 1145 wpabuf_put_u8(resp, EAP_TYPE_EXPANDED); 1146 wpabuf_put_be24(resp, m->vendor); 1147 wpabuf_put_be32(resp, m->method); 1148 1149 found++; 1150 } 1151 } 1152 if (!found) { 1153 wpa_printf(MSG_DEBUG, "EAP: no more allowed methods"); 1154 wpabuf_put_u8(resp, EAP_TYPE_EXPANDED); 1155 wpabuf_put_be24(resp, EAP_VENDOR_IETF); 1156 wpabuf_put_be32(resp, EAP_TYPE_NONE); 1157 } 1158 1159 eap_update_len(resp); 1160 1161 return resp; 1162 } 1163 1164 1165 static struct wpabuf * eap_sm_buildNak(struct eap_sm *sm, int id) 1166 { 1167 struct wpabuf *resp; 1168 u8 *start; 1169 int found = 0, expanded_found = 0; 1170 size_t count; 1171 const struct eap_method *methods, *m; 1172 1173 wpa_printf(MSG_DEBUG, "EAP: Building EAP-Nak (requested type %u " 1174 "vendor=%u method=%u not allowed)", sm->reqMethod, 1175 sm->reqVendor, sm->reqVendorMethod); 1176 methods = eap_peer_get_methods(&count); 1177 if (methods == NULL) 1178 return NULL; 1179 if (sm->reqMethod == EAP_TYPE_EXPANDED) 1180 return eap_sm_build_expanded_nak(sm, id, methods, count); 1181 1182 /* RFC 3748 - 5.3.1: Legacy Nak */ 1183 resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_NAK, 1184 sizeof(struct eap_hdr) + 1 + count + 1, 1185 EAP_CODE_RESPONSE, id); 1186 if (resp == NULL) 1187 return NULL; 1188 1189 start = wpabuf_put(resp, 0); 1190 for (m = methods; m; m = m->next) { 1191 if (m->vendor == EAP_VENDOR_IETF && m->method == sm->reqMethod) 1192 continue; /* do not allow the current method again */ 1193 if (eap_allowed_method(sm, m->vendor, m->method)) { 1194 if (m->vendor != EAP_VENDOR_IETF) { 1195 if (expanded_found) 1196 continue; 1197 expanded_found = 1; 1198 wpabuf_put_u8(resp, EAP_TYPE_EXPANDED); 1199 } else 1200 wpabuf_put_u8(resp, m->method); 1201 found++; 1202 } 1203 } 1204 if (!found) 1205 wpabuf_put_u8(resp, EAP_TYPE_NONE); 1206 wpa_hexdump(MSG_DEBUG, "EAP: allowed methods", start, found); 1207 1208 eap_update_len(resp); 1209 1210 return resp; 1211 } 1212 1213 1214 static void eap_sm_processIdentity(struct eap_sm *sm, const struct wpabuf *req) 1215 { 1216 const u8 *pos; 1217 size_t msg_len; 1218 1219 wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_STARTED 1220 "EAP authentication started"); 1221 eap_notify_status(sm, "started", ""); 1222 1223 pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_IDENTITY, req, 1224 &msg_len); 1225 if (pos == NULL) 1226 return; 1227 1228 /* 1229 * RFC 3748 - 5.1: Identity 1230 * Data field may contain a displayable message in UTF-8. If this 1231 * includes NUL-character, only the data before that should be 1232 * displayed. Some EAP implementasitons may piggy-back additional 1233 * options after the NUL. 1234 */ 1235 /* TODO: could save displayable message so that it can be shown to the 1236 * user in case of interaction is required */ 1237 wpa_hexdump_ascii(MSG_DEBUG, "EAP: EAP-Request Identity data", 1238 pos, msg_len); 1239 } 1240 1241 1242 #ifdef PCSC_FUNCS 1243 1244 /* 1245 * Rules for figuring out MNC length based on IMSI for SIM cards that do not 1246 * include MNC length field. 1247 */ 1248 static int mnc_len_from_imsi(const char *imsi) 1249 { 1250 char mcc_str[4]; 1251 unsigned int mcc; 1252 1253 os_memcpy(mcc_str, imsi, 3); 1254 mcc_str[3] = '\0'; 1255 mcc = atoi(mcc_str); 1256 1257 if (mcc == 228) 1258 return 2; /* Networks in Switzerland use 2-digit MNC */ 1259 if (mcc == 244) 1260 return 2; /* Networks in Finland use 2-digit MNC */ 1261 1262 return -1; 1263 } 1264 1265 1266 static int eap_sm_append_3gpp_realm(struct eap_sm *sm, char *imsi, 1267 size_t max_len, size_t *imsi_len) 1268 { 1269 int mnc_len; 1270 char *pos, mnc[4]; 1271 1272 if (*imsi_len + 36 > max_len) { 1273 wpa_printf(MSG_WARNING, "No room for realm in IMSI buffer"); 1274 return -1; 1275 } 1276 1277 /* MNC (2 or 3 digits) */ 1278 mnc_len = scard_get_mnc_len(sm->scard_ctx); 1279 if (mnc_len < 0) 1280 mnc_len = mnc_len_from_imsi(imsi); 1281 if (mnc_len < 0) { 1282 wpa_printf(MSG_INFO, "Failed to get MNC length from (U)SIM " 1283 "assuming 3"); 1284 mnc_len = 3; 1285 } 1286 1287 if (mnc_len == 2) { 1288 mnc[0] = '0'; 1289 mnc[1] = imsi[3]; 1290 mnc[2] = imsi[4]; 1291 } else if (mnc_len == 3) { 1292 mnc[0] = imsi[3]; 1293 mnc[1] = imsi[4]; 1294 mnc[2] = imsi[5]; 1295 } 1296 mnc[3] = '\0'; 1297 1298 pos = imsi + *imsi_len; 1299 pos += os_snprintf(pos, imsi + max_len - pos, 1300 "@wlan.mnc%s.mcc%c%c%c.3gppnetwork.org", 1301 mnc, imsi[0], imsi[1], imsi[2]); 1302 *imsi_len = pos - imsi; 1303 1304 return 0; 1305 } 1306 1307 1308 static int eap_sm_imsi_identity(struct eap_sm *sm, 1309 struct eap_peer_config *conf) 1310 { 1311 enum { EAP_SM_SIM, EAP_SM_AKA, EAP_SM_AKA_PRIME } method = EAP_SM_SIM; 1312 char imsi[100]; 1313 size_t imsi_len; 1314 struct eap_method_type *m = conf->eap_methods; 1315 int i; 1316 1317 imsi_len = sizeof(imsi); 1318 if (scard_get_imsi(sm->scard_ctx, imsi, &imsi_len)) { 1319 wpa_printf(MSG_WARNING, "Failed to get IMSI from SIM"); 1320 return -1; 1321 } 1322 1323 wpa_hexdump_ascii(MSG_DEBUG, "IMSI", (u8 *) imsi, imsi_len); 1324 1325 if (imsi_len < 7) { 1326 wpa_printf(MSG_WARNING, "Too short IMSI for SIM identity"); 1327 return -1; 1328 } 1329 1330 if (eap_sm_append_3gpp_realm(sm, imsi, sizeof(imsi), &imsi_len) < 0) { 1331 wpa_printf(MSG_WARNING, "Could not add realm to SIM identity"); 1332 return -1; 1333 } 1334 wpa_hexdump_ascii(MSG_DEBUG, "IMSI + realm", (u8 *) imsi, imsi_len); 1335 1336 for (i = 0; m && (m[i].vendor != EAP_VENDOR_IETF || 1337 m[i].method != EAP_TYPE_NONE); i++) { 1338 if (m[i].vendor == EAP_VENDOR_IETF && 1339 m[i].method == EAP_TYPE_AKA_PRIME) { 1340 method = EAP_SM_AKA_PRIME; 1341 break; 1342 } 1343 1344 if (m[i].vendor == EAP_VENDOR_IETF && 1345 m[i].method == EAP_TYPE_AKA) { 1346 method = EAP_SM_AKA; 1347 break; 1348 } 1349 } 1350 1351 os_free(conf->identity); 1352 conf->identity = os_malloc(1 + imsi_len); 1353 if (conf->identity == NULL) { 1354 wpa_printf(MSG_WARNING, "Failed to allocate buffer for " 1355 "IMSI-based identity"); 1356 return -1; 1357 } 1358 1359 switch (method) { 1360 case EAP_SM_SIM: 1361 conf->identity[0] = '1'; 1362 break; 1363 case EAP_SM_AKA: 1364 conf->identity[0] = '0'; 1365 break; 1366 case EAP_SM_AKA_PRIME: 1367 conf->identity[0] = '6'; 1368 break; 1369 } 1370 os_memcpy(conf->identity + 1, imsi, imsi_len); 1371 conf->identity_len = 1 + imsi_len; 1372 1373 return 0; 1374 } 1375 1376 #endif /* PCSC_FUNCS */ 1377 1378 1379 static int eap_sm_set_scard_pin(struct eap_sm *sm, 1380 struct eap_peer_config *conf) 1381 { 1382 #ifdef PCSC_FUNCS 1383 if (scard_set_pin(sm->scard_ctx, conf->pin)) { 1384 /* 1385 * Make sure the same PIN is not tried again in order to avoid 1386 * blocking SIM. 1387 */ 1388 os_free(conf->pin); 1389 conf->pin = NULL; 1390 1391 wpa_printf(MSG_WARNING, "PIN validation failed"); 1392 eap_sm_request_pin(sm); 1393 return -1; 1394 } 1395 return 0; 1396 #else /* PCSC_FUNCS */ 1397 return -1; 1398 #endif /* PCSC_FUNCS */ 1399 } 1400 1401 static int eap_sm_get_scard_identity(struct eap_sm *sm, 1402 struct eap_peer_config *conf) 1403 { 1404 #ifdef PCSC_FUNCS 1405 if (eap_sm_set_scard_pin(sm, conf)) 1406 return -1; 1407 1408 return eap_sm_imsi_identity(sm, conf); 1409 #else /* PCSC_FUNCS */ 1410 return -1; 1411 #endif /* PCSC_FUNCS */ 1412 } 1413 1414 1415 /** 1416 * eap_sm_buildIdentity - Build EAP-Identity/Response for the current network 1417 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 1418 * @id: EAP identifier for the packet 1419 * @encrypted: Whether the packet is for encrypted tunnel (EAP phase 2) 1420 * Returns: Pointer to the allocated EAP-Identity/Response packet or %NULL on 1421 * failure 1422 * 1423 * This function allocates and builds an EAP-Identity/Response packet for the 1424 * current network. The caller is responsible for freeing the returned data. 1425 */ 1426 struct wpabuf * eap_sm_buildIdentity(struct eap_sm *sm, int id, int encrypted) 1427 { 1428 struct eap_peer_config *config = eap_get_config(sm); 1429 struct wpabuf *resp; 1430 const u8 *identity; 1431 size_t identity_len; 1432 1433 if (config == NULL) { 1434 wpa_printf(MSG_WARNING, "EAP: buildIdentity: configuration " 1435 "was not available"); 1436 return NULL; 1437 } 1438 1439 if (sm->m && sm->m->get_identity && 1440 (identity = sm->m->get_identity(sm, sm->eap_method_priv, 1441 &identity_len)) != NULL) { 1442 wpa_hexdump_ascii(MSG_DEBUG, "EAP: using method re-auth " 1443 "identity", identity, identity_len); 1444 } else if (!encrypted && config->anonymous_identity) { 1445 identity = config->anonymous_identity; 1446 identity_len = config->anonymous_identity_len; 1447 wpa_hexdump_ascii(MSG_DEBUG, "EAP: using anonymous identity", 1448 identity, identity_len); 1449 } else { 1450 identity = config->identity; 1451 identity_len = config->identity_len; 1452 wpa_hexdump_ascii(MSG_DEBUG, "EAP: using real identity", 1453 identity, identity_len); 1454 } 1455 1456 if (identity == NULL) { 1457 wpa_printf(MSG_WARNING, "EAP: buildIdentity: identity " 1458 "configuration was not available"); 1459 if (config->pcsc) { 1460 if (eap_sm_get_scard_identity(sm, config) < 0) 1461 return NULL; 1462 identity = config->identity; 1463 identity_len = config->identity_len; 1464 wpa_hexdump_ascii(MSG_DEBUG, "permanent identity from " 1465 "IMSI", identity, identity_len); 1466 } else { 1467 eap_sm_request_identity(sm); 1468 return NULL; 1469 } 1470 } else if (config->pcsc) { 1471 if (eap_sm_set_scard_pin(sm, config) < 0) 1472 return NULL; 1473 } 1474 1475 resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_IDENTITY, identity_len, 1476 EAP_CODE_RESPONSE, id); 1477 if (resp == NULL) 1478 return NULL; 1479 1480 wpabuf_put_data(resp, identity, identity_len); 1481 1482 return resp; 1483 } 1484 1485 1486 static void eap_sm_processNotify(struct eap_sm *sm, const struct wpabuf *req) 1487 { 1488 const u8 *pos; 1489 char *msg; 1490 size_t i, msg_len; 1491 1492 pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_NOTIFICATION, req, 1493 &msg_len); 1494 if (pos == NULL) 1495 return; 1496 wpa_hexdump_ascii(MSG_DEBUG, "EAP: EAP-Request Notification data", 1497 pos, msg_len); 1498 1499 msg = os_malloc(msg_len + 1); 1500 if (msg == NULL) 1501 return; 1502 for (i = 0; i < msg_len; i++) 1503 msg[i] = isprint(pos[i]) ? (char) pos[i] : '_'; 1504 msg[msg_len] = '\0'; 1505 wpa_msg(sm->msg_ctx, MSG_INFO, "%s%s", 1506 WPA_EVENT_EAP_NOTIFICATION, msg); 1507 os_free(msg); 1508 } 1509 1510 1511 static struct wpabuf * eap_sm_buildNotify(int id) 1512 { 1513 struct wpabuf *resp; 1514 1515 wpa_printf(MSG_DEBUG, "EAP: Generating EAP-Response Notification"); 1516 resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_NOTIFICATION, 0, 1517 EAP_CODE_RESPONSE, id); 1518 if (resp == NULL) 1519 return NULL; 1520 1521 return resp; 1522 } 1523 1524 1525 static void eap_peer_initiate(struct eap_sm *sm, const struct eap_hdr *hdr, 1526 size_t len) 1527 { 1528 #ifdef CONFIG_ERP 1529 const u8 *pos = (const u8 *) (hdr + 1); 1530 const u8 *end = ((const u8 *) hdr) + len; 1531 struct erp_tlvs parse; 1532 1533 if (len < sizeof(*hdr) + 1) { 1534 wpa_printf(MSG_DEBUG, "EAP: Ignored too short EAP-Initiate"); 1535 return; 1536 } 1537 1538 if (*pos != EAP_ERP_TYPE_REAUTH_START) { 1539 wpa_printf(MSG_DEBUG, 1540 "EAP: Ignored unexpected EAP-Initiate Type=%u", 1541 *pos); 1542 return; 1543 } 1544 1545 pos++; 1546 if (pos >= end) { 1547 wpa_printf(MSG_DEBUG, 1548 "EAP: Too short EAP-Initiate/Re-auth-Start"); 1549 return; 1550 } 1551 pos++; /* Reserved */ 1552 wpa_hexdump(MSG_DEBUG, "EAP: EAP-Initiate/Re-auth-Start TVs/TLVs", 1553 pos, end - pos); 1554 1555 if (erp_parse_tlvs(pos, end, &parse, 0) < 0) 1556 goto invalid; 1557 1558 if (parse.domain) { 1559 wpa_hexdump_ascii(MSG_DEBUG, 1560 "EAP: EAP-Initiate/Re-auth-Start - Domain name", 1561 parse.domain, parse.domain_len); 1562 /* TODO: Derivation of domain specific keys for local ER */ 1563 } 1564 1565 if (eap_peer_erp_reauth_start(sm, hdr, len) == 0) 1566 return; 1567 1568 invalid: 1569 #endif /* CONFIG_ERP */ 1570 wpa_printf(MSG_DEBUG, 1571 "EAP: EAP-Initiate/Re-auth-Start - No suitable ERP keys available - try to start full EAP authentication"); 1572 eapol_set_bool(sm, EAPOL_eapTriggerStart, TRUE); 1573 } 1574 1575 1576 static void eap_peer_finish(struct eap_sm *sm, const struct eap_hdr *hdr, 1577 size_t len) 1578 { 1579 #ifdef CONFIG_ERP 1580 const u8 *pos = (const u8 *) (hdr + 1); 1581 const u8 *end = ((const u8 *) hdr) + len; 1582 const u8 *start; 1583 struct erp_tlvs parse; 1584 u8 flags; 1585 u16 seq; 1586 u8 hash[SHA256_MAC_LEN]; 1587 size_t hash_len; 1588 struct eap_erp_key *erp; 1589 int max_len; 1590 char nai[254]; 1591 u8 seed[4]; 1592 int auth_tag_ok = 0; 1593 1594 if (len < sizeof(*hdr) + 1) { 1595 wpa_printf(MSG_DEBUG, "EAP: Ignored too short EAP-Finish"); 1596 return; 1597 } 1598 1599 if (*pos != EAP_ERP_TYPE_REAUTH) { 1600 wpa_printf(MSG_DEBUG, 1601 "EAP: Ignored unexpected EAP-Finish Type=%u", *pos); 1602 return; 1603 } 1604 1605 if (len < sizeof(*hdr) + 4) { 1606 wpa_printf(MSG_DEBUG, 1607 "EAP: Ignored too short EAP-Finish/Re-auth"); 1608 return; 1609 } 1610 1611 pos++; 1612 flags = *pos++; 1613 seq = WPA_GET_BE16(pos); 1614 pos += 2; 1615 wpa_printf(MSG_DEBUG, "EAP: Flags=0x%x SEQ=%u", flags, seq); 1616 1617 if (seq != sm->erp_seq) { 1618 wpa_printf(MSG_DEBUG, 1619 "EAP: Unexpected EAP-Finish/Re-auth SEQ=%u", seq); 1620 return; 1621 } 1622 1623 /* 1624 * Parse TVs/TLVs. Since we do not yet know the length of the 1625 * Authentication Tag, stop parsing if an unknown TV/TLV is seen and 1626 * just try to find the keyName-NAI first so that we can check the 1627 * Authentication Tag. 1628 */ 1629 if (erp_parse_tlvs(pos, end, &parse, 1) < 0) 1630 return; 1631 1632 if (!parse.keyname) { 1633 wpa_printf(MSG_DEBUG, 1634 "EAP: No keyName-NAI in EAP-Finish/Re-auth Packet"); 1635 return; 1636 } 1637 1638 wpa_hexdump_ascii(MSG_DEBUG, "EAP: EAP-Finish/Re-auth - keyName-NAI", 1639 parse.keyname, parse.keyname_len); 1640 if (parse.keyname_len > 253) { 1641 wpa_printf(MSG_DEBUG, 1642 "EAP: Too long keyName-NAI in EAP-Finish/Re-auth"); 1643 return; 1644 } 1645 os_memcpy(nai, parse.keyname, parse.keyname_len); 1646 nai[parse.keyname_len] = '\0'; 1647 1648 erp = eap_erp_get_key_nai(sm, nai); 1649 if (!erp) { 1650 wpa_printf(MSG_DEBUG, "EAP: No matching ERP key found for %s", 1651 nai); 1652 return; 1653 } 1654 1655 /* Is there enough room for Cryptosuite and Authentication Tag? */ 1656 start = parse.keyname + parse.keyname_len; 1657 max_len = end - start; 1658 hash_len = 16; 1659 if (max_len < 1 + (int) hash_len) { 1660 wpa_printf(MSG_DEBUG, 1661 "EAP: Not enough room for Authentication Tag"); 1662 if (flags & 0x80) 1663 goto no_auth_tag; 1664 return; 1665 } 1666 if (end[-17] != EAP_ERP_CS_HMAC_SHA256_128) { 1667 wpa_printf(MSG_DEBUG, "EAP: Different Cryptosuite used"); 1668 if (flags & 0x80) 1669 goto no_auth_tag; 1670 return; 1671 } 1672 1673 if (hmac_sha256(erp->rIK, erp->rIK_len, (const u8 *) hdr, 1674 end - ((const u8 *) hdr) - hash_len, hash) < 0) 1675 return; 1676 if (os_memcmp(end - hash_len, hash, hash_len) != 0) { 1677 wpa_printf(MSG_DEBUG, 1678 "EAP: Authentication Tag mismatch"); 1679 return; 1680 } 1681 auth_tag_ok = 1; 1682 end -= 1 + hash_len; 1683 1684 no_auth_tag: 1685 /* 1686 * Parse TVs/TLVs again now that we know the exact part of the buffer 1687 * that contains them. 1688 */ 1689 wpa_hexdump(MSG_DEBUG, "EAP: EAP-Finish/Re-Auth TVs/TLVs", 1690 pos, end - pos); 1691 if (erp_parse_tlvs(pos, end, &parse, 0) < 0) 1692 return; 1693 1694 if (flags & 0x80 || !auth_tag_ok) { 1695 wpa_printf(MSG_DEBUG, 1696 "EAP: EAP-Finish/Re-auth indicated failure"); 1697 eapol_set_bool(sm, EAPOL_eapFail, TRUE); 1698 eapol_set_bool(sm, EAPOL_eapReq, FALSE); 1699 eapol_set_bool(sm, EAPOL_eapNoResp, TRUE); 1700 wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_FAILURE 1701 "EAP authentication failed"); 1702 sm->prev_failure = 1; 1703 wpa_printf(MSG_DEBUG, 1704 "EAP: Drop ERP key to try full authentication on next attempt"); 1705 eap_peer_erp_free_key(erp); 1706 return; 1707 } 1708 1709 eap_sm_free_key(sm); 1710 sm->eapKeyDataLen = 0; 1711 sm->eapKeyData = os_malloc(erp->rRK_len); 1712 if (!sm->eapKeyData) 1713 return; 1714 sm->eapKeyDataLen = erp->rRK_len; 1715 1716 WPA_PUT_BE16(seed, seq); 1717 WPA_PUT_BE16(&seed[2], erp->rRK_len); 1718 if (hmac_sha256_kdf(erp->rRK, erp->rRK_len, 1719 "Re-authentication Master Session Key@ietf.org", 1720 seed, sizeof(seed), 1721 sm->eapKeyData, erp->rRK_len) < 0) { 1722 wpa_printf(MSG_DEBUG, "EAP: Could not derive rMSK for ERP"); 1723 eap_sm_free_key(sm); 1724 return; 1725 } 1726 wpa_hexdump_key(MSG_DEBUG, "EAP: ERP rMSK", 1727 sm->eapKeyData, sm->eapKeyDataLen); 1728 sm->eapKeyAvailable = TRUE; 1729 eapol_set_bool(sm, EAPOL_eapSuccess, TRUE); 1730 eapol_set_bool(sm, EAPOL_eapReq, FALSE); 1731 eapol_set_bool(sm, EAPOL_eapNoResp, TRUE); 1732 wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_SUCCESS 1733 "EAP re-authentication completed successfully"); 1734 #endif /* CONFIG_ERP */ 1735 } 1736 1737 1738 static void eap_sm_parseEapReq(struct eap_sm *sm, const struct wpabuf *req) 1739 { 1740 const struct eap_hdr *hdr; 1741 size_t plen; 1742 const u8 *pos; 1743 1744 sm->rxReq = sm->rxResp = sm->rxSuccess = sm->rxFailure = FALSE; 1745 sm->reqId = 0; 1746 sm->reqMethod = EAP_TYPE_NONE; 1747 sm->reqVendor = EAP_VENDOR_IETF; 1748 sm->reqVendorMethod = EAP_TYPE_NONE; 1749 1750 if (req == NULL || wpabuf_len(req) < sizeof(*hdr)) 1751 return; 1752 1753 hdr = wpabuf_head(req); 1754 plen = be_to_host16(hdr->length); 1755 if (plen > wpabuf_len(req)) { 1756 wpa_printf(MSG_DEBUG, "EAP: Ignored truncated EAP-Packet " 1757 "(len=%lu plen=%lu)", 1758 (unsigned long) wpabuf_len(req), 1759 (unsigned long) plen); 1760 return; 1761 } 1762 1763 sm->reqId = hdr->identifier; 1764 1765 if (sm->workaround) { 1766 const u8 *addr[1]; 1767 addr[0] = wpabuf_head(req); 1768 sha1_vector(1, addr, &plen, sm->req_sha1); 1769 } 1770 1771 switch (hdr->code) { 1772 case EAP_CODE_REQUEST: 1773 if (plen < sizeof(*hdr) + 1) { 1774 wpa_printf(MSG_DEBUG, "EAP: Too short EAP-Request - " 1775 "no Type field"); 1776 return; 1777 } 1778 sm->rxReq = TRUE; 1779 pos = (const u8 *) (hdr + 1); 1780 sm->reqMethod = *pos++; 1781 if (sm->reqMethod == EAP_TYPE_EXPANDED) { 1782 if (plen < sizeof(*hdr) + 8) { 1783 wpa_printf(MSG_DEBUG, "EAP: Ignored truncated " 1784 "expanded EAP-Packet (plen=%lu)", 1785 (unsigned long) plen); 1786 return; 1787 } 1788 sm->reqVendor = WPA_GET_BE24(pos); 1789 pos += 3; 1790 sm->reqVendorMethod = WPA_GET_BE32(pos); 1791 } 1792 wpa_printf(MSG_DEBUG, "EAP: Received EAP-Request id=%d " 1793 "method=%u vendor=%u vendorMethod=%u", 1794 sm->reqId, sm->reqMethod, sm->reqVendor, 1795 sm->reqVendorMethod); 1796 break; 1797 case EAP_CODE_RESPONSE: 1798 if (sm->selectedMethod == EAP_TYPE_LEAP) { 1799 /* 1800 * LEAP differs from RFC 4137 by using reversed roles 1801 * for mutual authentication and because of this, we 1802 * need to accept EAP-Response frames if LEAP is used. 1803 */ 1804 if (plen < sizeof(*hdr) + 1) { 1805 wpa_printf(MSG_DEBUG, "EAP: Too short " 1806 "EAP-Response - no Type field"); 1807 return; 1808 } 1809 sm->rxResp = TRUE; 1810 pos = (const u8 *) (hdr + 1); 1811 sm->reqMethod = *pos; 1812 wpa_printf(MSG_DEBUG, "EAP: Received EAP-Response for " 1813 "LEAP method=%d id=%d", 1814 sm->reqMethod, sm->reqId); 1815 break; 1816 } 1817 wpa_printf(MSG_DEBUG, "EAP: Ignored EAP-Response"); 1818 break; 1819 case EAP_CODE_SUCCESS: 1820 wpa_printf(MSG_DEBUG, "EAP: Received EAP-Success"); 1821 eap_notify_status(sm, "completion", "success"); 1822 sm->rxSuccess = TRUE; 1823 break; 1824 case EAP_CODE_FAILURE: 1825 wpa_printf(MSG_DEBUG, "EAP: Received EAP-Failure"); 1826 eap_notify_status(sm, "completion", "failure"); 1827 sm->rxFailure = TRUE; 1828 break; 1829 case EAP_CODE_INITIATE: 1830 eap_peer_initiate(sm, hdr, plen); 1831 break; 1832 case EAP_CODE_FINISH: 1833 eap_peer_finish(sm, hdr, plen); 1834 break; 1835 default: 1836 wpa_printf(MSG_DEBUG, "EAP: Ignored EAP-Packet with unknown " 1837 "code %d", hdr->code); 1838 break; 1839 } 1840 } 1841 1842 1843 static void eap_peer_sm_tls_event(void *ctx, enum tls_event ev, 1844 union tls_event_data *data) 1845 { 1846 struct eap_sm *sm = ctx; 1847 char *hash_hex = NULL; 1848 1849 switch (ev) { 1850 case TLS_CERT_CHAIN_SUCCESS: 1851 eap_notify_status(sm, "remote certificate verification", 1852 "success"); 1853 break; 1854 case TLS_CERT_CHAIN_FAILURE: 1855 wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_TLS_CERT_ERROR 1856 "reason=%d depth=%d subject='%s' err='%s'", 1857 data->cert_fail.reason, 1858 data->cert_fail.depth, 1859 data->cert_fail.subject, 1860 data->cert_fail.reason_txt); 1861 eap_notify_status(sm, "remote certificate verification", 1862 data->cert_fail.reason_txt); 1863 break; 1864 case TLS_PEER_CERTIFICATE: 1865 if (!sm->eapol_cb->notify_cert) 1866 break; 1867 1868 if (data->peer_cert.hash) { 1869 size_t len = data->peer_cert.hash_len * 2 + 1; 1870 hash_hex = os_malloc(len); 1871 if (hash_hex) { 1872 wpa_snprintf_hex(hash_hex, len, 1873 data->peer_cert.hash, 1874 data->peer_cert.hash_len); 1875 } 1876 } 1877 1878 sm->eapol_cb->notify_cert(sm->eapol_ctx, 1879 data->peer_cert.depth, 1880 data->peer_cert.subject, 1881 data->peer_cert.altsubject, 1882 data->peer_cert.num_altsubject, 1883 hash_hex, data->peer_cert.cert); 1884 break; 1885 case TLS_ALERT: 1886 if (data->alert.is_local) 1887 eap_notify_status(sm, "local TLS alert", 1888 data->alert.description); 1889 else 1890 eap_notify_status(sm, "remote TLS alert", 1891 data->alert.description); 1892 break; 1893 } 1894 1895 os_free(hash_hex); 1896 } 1897 1898 1899 /** 1900 * eap_peer_sm_init - Allocate and initialize EAP peer state machine 1901 * @eapol_ctx: Context data to be used with eapol_cb calls 1902 * @eapol_cb: Pointer to EAPOL callback functions 1903 * @msg_ctx: Context data for wpa_msg() calls 1904 * @conf: EAP configuration 1905 * Returns: Pointer to the allocated EAP state machine or %NULL on failure 1906 * 1907 * This function allocates and initializes an EAP state machine. In addition, 1908 * this initializes TLS library for the new EAP state machine. eapol_cb pointer 1909 * will be in use until eap_peer_sm_deinit() is used to deinitialize this EAP 1910 * state machine. Consequently, the caller must make sure that this data 1911 * structure remains alive while the EAP state machine is active. 1912 */ 1913 struct eap_sm * eap_peer_sm_init(void *eapol_ctx, 1914 const struct eapol_callbacks *eapol_cb, 1915 void *msg_ctx, struct eap_config *conf) 1916 { 1917 struct eap_sm *sm; 1918 struct tls_config tlsconf; 1919 1920 sm = os_zalloc(sizeof(*sm)); 1921 if (sm == NULL) 1922 return NULL; 1923 sm->eapol_ctx = eapol_ctx; 1924 sm->eapol_cb = eapol_cb; 1925 sm->msg_ctx = msg_ctx; 1926 sm->ClientTimeout = EAP_CLIENT_TIMEOUT_DEFAULT; 1927 sm->wps = conf->wps; 1928 dl_list_init(&sm->erp_keys); 1929 1930 os_memset(&tlsconf, 0, sizeof(tlsconf)); 1931 tlsconf.opensc_engine_path = conf->opensc_engine_path; 1932 tlsconf.pkcs11_engine_path = conf->pkcs11_engine_path; 1933 tlsconf.pkcs11_module_path = conf->pkcs11_module_path; 1934 tlsconf.openssl_ciphers = conf->openssl_ciphers; 1935 #ifdef CONFIG_FIPS 1936 tlsconf.fips_mode = 1; 1937 #endif /* CONFIG_FIPS */ 1938 tlsconf.event_cb = eap_peer_sm_tls_event; 1939 tlsconf.cb_ctx = sm; 1940 tlsconf.cert_in_cb = conf->cert_in_cb; 1941 sm->ssl_ctx = tls_init(&tlsconf); 1942 if (sm->ssl_ctx == NULL) { 1943 wpa_printf(MSG_WARNING, "SSL: Failed to initialize TLS " 1944 "context."); 1945 os_free(sm); 1946 return NULL; 1947 } 1948 1949 sm->ssl_ctx2 = tls_init(&tlsconf); 1950 if (sm->ssl_ctx2 == NULL) { 1951 wpa_printf(MSG_INFO, "SSL: Failed to initialize TLS " 1952 "context (2)."); 1953 /* Run without separate TLS context within TLS tunnel */ 1954 } 1955 1956 return sm; 1957 } 1958 1959 1960 /** 1961 * eap_peer_sm_deinit - Deinitialize and free an EAP peer state machine 1962 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 1963 * 1964 * This function deinitializes EAP state machine and frees all allocated 1965 * resources. 1966 */ 1967 void eap_peer_sm_deinit(struct eap_sm *sm) 1968 { 1969 if (sm == NULL) 1970 return; 1971 eap_deinit_prev_method(sm, "EAP deinit"); 1972 eap_sm_abort(sm); 1973 if (sm->ssl_ctx2) 1974 tls_deinit(sm->ssl_ctx2); 1975 tls_deinit(sm->ssl_ctx); 1976 eap_peer_erp_free_keys(sm); 1977 os_free(sm); 1978 } 1979 1980 1981 /** 1982 * eap_peer_sm_step - Step EAP peer state machine 1983 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 1984 * Returns: 1 if EAP state was changed or 0 if not 1985 * 1986 * This function advances EAP state machine to a new state to match with the 1987 * current variables. This should be called whenever variables used by the EAP 1988 * state machine have changed. 1989 */ 1990 int eap_peer_sm_step(struct eap_sm *sm) 1991 { 1992 int res = 0; 1993 do { 1994 sm->changed = FALSE; 1995 SM_STEP_RUN(EAP); 1996 if (sm->changed) 1997 res = 1; 1998 } while (sm->changed); 1999 return res; 2000 } 2001 2002 2003 /** 2004 * eap_sm_abort - Abort EAP authentication 2005 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 2006 * 2007 * Release system resources that have been allocated for the authentication 2008 * session without fully deinitializing the EAP state machine. 2009 */ 2010 void eap_sm_abort(struct eap_sm *sm) 2011 { 2012 wpabuf_free(sm->lastRespData); 2013 sm->lastRespData = NULL; 2014 wpabuf_free(sm->eapRespData); 2015 sm->eapRespData = NULL; 2016 eap_sm_free_key(sm); 2017 os_free(sm->eapSessionId); 2018 sm->eapSessionId = NULL; 2019 2020 /* This is not clearly specified in the EAP statemachines draft, but 2021 * it seems necessary to make sure that some of the EAPOL variables get 2022 * cleared for the next authentication. */ 2023 eapol_set_bool(sm, EAPOL_eapSuccess, FALSE); 2024 } 2025 2026 2027 #ifdef CONFIG_CTRL_IFACE 2028 static const char * eap_sm_state_txt(int state) 2029 { 2030 switch (state) { 2031 case EAP_INITIALIZE: 2032 return "INITIALIZE"; 2033 case EAP_DISABLED: 2034 return "DISABLED"; 2035 case EAP_IDLE: 2036 return "IDLE"; 2037 case EAP_RECEIVED: 2038 return "RECEIVED"; 2039 case EAP_GET_METHOD: 2040 return "GET_METHOD"; 2041 case EAP_METHOD: 2042 return "METHOD"; 2043 case EAP_SEND_RESPONSE: 2044 return "SEND_RESPONSE"; 2045 case EAP_DISCARD: 2046 return "DISCARD"; 2047 case EAP_IDENTITY: 2048 return "IDENTITY"; 2049 case EAP_NOTIFICATION: 2050 return "NOTIFICATION"; 2051 case EAP_RETRANSMIT: 2052 return "RETRANSMIT"; 2053 case EAP_SUCCESS: 2054 return "SUCCESS"; 2055 case EAP_FAILURE: 2056 return "FAILURE"; 2057 default: 2058 return "UNKNOWN"; 2059 } 2060 } 2061 #endif /* CONFIG_CTRL_IFACE */ 2062 2063 2064 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG) 2065 static const char * eap_sm_method_state_txt(EapMethodState state) 2066 { 2067 switch (state) { 2068 case METHOD_NONE: 2069 return "NONE"; 2070 case METHOD_INIT: 2071 return "INIT"; 2072 case METHOD_CONT: 2073 return "CONT"; 2074 case METHOD_MAY_CONT: 2075 return "MAY_CONT"; 2076 case METHOD_DONE: 2077 return "DONE"; 2078 default: 2079 return "UNKNOWN"; 2080 } 2081 } 2082 2083 2084 static const char * eap_sm_decision_txt(EapDecision decision) 2085 { 2086 switch (decision) { 2087 case DECISION_FAIL: 2088 return "FAIL"; 2089 case DECISION_COND_SUCC: 2090 return "COND_SUCC"; 2091 case DECISION_UNCOND_SUCC: 2092 return "UNCOND_SUCC"; 2093 default: 2094 return "UNKNOWN"; 2095 } 2096 } 2097 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */ 2098 2099 2100 #ifdef CONFIG_CTRL_IFACE 2101 2102 /** 2103 * eap_sm_get_status - Get EAP state machine status 2104 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 2105 * @buf: Buffer for status information 2106 * @buflen: Maximum buffer length 2107 * @verbose: Whether to include verbose status information 2108 * Returns: Number of bytes written to buf. 2109 * 2110 * Query EAP state machine for status information. This function fills in a 2111 * text area with current status information from the EAPOL state machine. If 2112 * the buffer (buf) is not large enough, status information will be truncated 2113 * to fit the buffer. 2114 */ 2115 int eap_sm_get_status(struct eap_sm *sm, char *buf, size_t buflen, int verbose) 2116 { 2117 int len, ret; 2118 2119 if (sm == NULL) 2120 return 0; 2121 2122 len = os_snprintf(buf, buflen, 2123 "EAP state=%s\n", 2124 eap_sm_state_txt(sm->EAP_state)); 2125 if (os_snprintf_error(buflen, len)) 2126 return 0; 2127 2128 if (sm->selectedMethod != EAP_TYPE_NONE) { 2129 const char *name; 2130 if (sm->m) { 2131 name = sm->m->name; 2132 } else { 2133 const struct eap_method *m = 2134 eap_peer_get_eap_method(EAP_VENDOR_IETF, 2135 sm->selectedMethod); 2136 if (m) 2137 name = m->name; 2138 else 2139 name = "?"; 2140 } 2141 ret = os_snprintf(buf + len, buflen - len, 2142 "selectedMethod=%d (EAP-%s)\n", 2143 sm->selectedMethod, name); 2144 if (os_snprintf_error(buflen - len, ret)) 2145 return len; 2146 len += ret; 2147 2148 if (sm->m && sm->m->get_status) { 2149 len += sm->m->get_status(sm, sm->eap_method_priv, 2150 buf + len, buflen - len, 2151 verbose); 2152 } 2153 } 2154 2155 if (verbose) { 2156 ret = os_snprintf(buf + len, buflen - len, 2157 "reqMethod=%d\n" 2158 "methodState=%s\n" 2159 "decision=%s\n" 2160 "ClientTimeout=%d\n", 2161 sm->reqMethod, 2162 eap_sm_method_state_txt(sm->methodState), 2163 eap_sm_decision_txt(sm->decision), 2164 sm->ClientTimeout); 2165 if (os_snprintf_error(buflen - len, ret)) 2166 return len; 2167 len += ret; 2168 } 2169 2170 return len; 2171 } 2172 #endif /* CONFIG_CTRL_IFACE */ 2173 2174 2175 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG) 2176 static void eap_sm_request(struct eap_sm *sm, enum wpa_ctrl_req_type field, 2177 const char *msg, size_t msglen) 2178 { 2179 struct eap_peer_config *config; 2180 const char *txt = NULL; 2181 char *tmp; 2182 2183 if (sm == NULL) 2184 return; 2185 config = eap_get_config(sm); 2186 if (config == NULL) 2187 return; 2188 2189 switch (field) { 2190 case WPA_CTRL_REQ_EAP_IDENTITY: 2191 config->pending_req_identity++; 2192 break; 2193 case WPA_CTRL_REQ_EAP_PASSWORD: 2194 config->pending_req_password++; 2195 break; 2196 case WPA_CTRL_REQ_EAP_NEW_PASSWORD: 2197 config->pending_req_new_password++; 2198 break; 2199 case WPA_CTRL_REQ_EAP_PIN: 2200 config->pending_req_pin++; 2201 break; 2202 case WPA_CTRL_REQ_EAP_OTP: 2203 if (msg) { 2204 tmp = os_malloc(msglen + 3); 2205 if (tmp == NULL) 2206 return; 2207 tmp[0] = '['; 2208 os_memcpy(tmp + 1, msg, msglen); 2209 tmp[msglen + 1] = ']'; 2210 tmp[msglen + 2] = '\0'; 2211 txt = tmp; 2212 os_free(config->pending_req_otp); 2213 config->pending_req_otp = tmp; 2214 config->pending_req_otp_len = msglen + 3; 2215 } else { 2216 if (config->pending_req_otp == NULL) 2217 return; 2218 txt = config->pending_req_otp; 2219 } 2220 break; 2221 case WPA_CTRL_REQ_EAP_PASSPHRASE: 2222 config->pending_req_passphrase++; 2223 break; 2224 case WPA_CTRL_REQ_SIM: 2225 txt = msg; 2226 break; 2227 default: 2228 return; 2229 } 2230 2231 if (sm->eapol_cb->eap_param_needed) 2232 sm->eapol_cb->eap_param_needed(sm->eapol_ctx, field, txt); 2233 } 2234 #else /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */ 2235 #define eap_sm_request(sm, type, msg, msglen) do { } while (0) 2236 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */ 2237 2238 const char * eap_sm_get_method_name(struct eap_sm *sm) 2239 { 2240 if (sm->m == NULL) 2241 return "UNKNOWN"; 2242 return sm->m->name; 2243 } 2244 2245 2246 /** 2247 * eap_sm_request_identity - Request identity from user (ctrl_iface) 2248 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 2249 * 2250 * EAP methods can call this function to request identity information for the 2251 * current network. This is normally called when the identity is not included 2252 * in the network configuration. The request will be sent to monitor programs 2253 * through the control interface. 2254 */ 2255 void eap_sm_request_identity(struct eap_sm *sm) 2256 { 2257 eap_sm_request(sm, WPA_CTRL_REQ_EAP_IDENTITY, NULL, 0); 2258 } 2259 2260 2261 /** 2262 * eap_sm_request_password - Request password from user (ctrl_iface) 2263 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 2264 * 2265 * EAP methods can call this function to request password information for the 2266 * current network. This is normally called when the password is not included 2267 * in the network configuration. The request will be sent to monitor programs 2268 * through the control interface. 2269 */ 2270 void eap_sm_request_password(struct eap_sm *sm) 2271 { 2272 eap_sm_request(sm, WPA_CTRL_REQ_EAP_PASSWORD, NULL, 0); 2273 } 2274 2275 2276 /** 2277 * eap_sm_request_new_password - Request new password from user (ctrl_iface) 2278 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 2279 * 2280 * EAP methods can call this function to request new password information for 2281 * the current network. This is normally called when the EAP method indicates 2282 * that the current password has expired and password change is required. The 2283 * request will be sent to monitor programs through the control interface. 2284 */ 2285 void eap_sm_request_new_password(struct eap_sm *sm) 2286 { 2287 eap_sm_request(sm, WPA_CTRL_REQ_EAP_NEW_PASSWORD, NULL, 0); 2288 } 2289 2290 2291 /** 2292 * eap_sm_request_pin - Request SIM or smart card PIN from user (ctrl_iface) 2293 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 2294 * 2295 * EAP methods can call this function to request SIM or smart card PIN 2296 * information for the current network. This is normally called when the PIN is 2297 * not included in the network configuration. The request will be sent to 2298 * monitor programs through the control interface. 2299 */ 2300 void eap_sm_request_pin(struct eap_sm *sm) 2301 { 2302 eap_sm_request(sm, WPA_CTRL_REQ_EAP_PIN, NULL, 0); 2303 } 2304 2305 2306 /** 2307 * eap_sm_request_otp - Request one time password from user (ctrl_iface) 2308 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 2309 * @msg: Message to be displayed to the user when asking for OTP 2310 * @msg_len: Length of the user displayable message 2311 * 2312 * EAP methods can call this function to request open time password (OTP) for 2313 * the current network. The request will be sent to monitor programs through 2314 * the control interface. 2315 */ 2316 void eap_sm_request_otp(struct eap_sm *sm, const char *msg, size_t msg_len) 2317 { 2318 eap_sm_request(sm, WPA_CTRL_REQ_EAP_OTP, msg, msg_len); 2319 } 2320 2321 2322 /** 2323 * eap_sm_request_passphrase - Request passphrase from user (ctrl_iface) 2324 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 2325 * 2326 * EAP methods can call this function to request passphrase for a private key 2327 * for the current network. This is normally called when the passphrase is not 2328 * included in the network configuration. The request will be sent to monitor 2329 * programs through the control interface. 2330 */ 2331 void eap_sm_request_passphrase(struct eap_sm *sm) 2332 { 2333 eap_sm_request(sm, WPA_CTRL_REQ_EAP_PASSPHRASE, NULL, 0); 2334 } 2335 2336 2337 /** 2338 * eap_sm_request_sim - Request external SIM processing 2339 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 2340 * @req: EAP method specific request 2341 */ 2342 void eap_sm_request_sim(struct eap_sm *sm, const char *req) 2343 { 2344 eap_sm_request(sm, WPA_CTRL_REQ_SIM, req, os_strlen(req)); 2345 } 2346 2347 2348 /** 2349 * eap_sm_notify_ctrl_attached - Notification of attached monitor 2350 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 2351 * 2352 * Notify EAP state machines that a monitor was attached to the control 2353 * interface to trigger re-sending of pending requests for user input. 2354 */ 2355 void eap_sm_notify_ctrl_attached(struct eap_sm *sm) 2356 { 2357 struct eap_peer_config *config = eap_get_config(sm); 2358 2359 if (config == NULL) 2360 return; 2361 2362 /* Re-send any pending requests for user data since a new control 2363 * interface was added. This handles cases where the EAP authentication 2364 * starts immediately after system startup when the user interface is 2365 * not yet running. */ 2366 if (config->pending_req_identity) 2367 eap_sm_request_identity(sm); 2368 if (config->pending_req_password) 2369 eap_sm_request_password(sm); 2370 if (config->pending_req_new_password) 2371 eap_sm_request_new_password(sm); 2372 if (config->pending_req_otp) 2373 eap_sm_request_otp(sm, NULL, 0); 2374 if (config->pending_req_pin) 2375 eap_sm_request_pin(sm); 2376 if (config->pending_req_passphrase) 2377 eap_sm_request_passphrase(sm); 2378 } 2379 2380 2381 static int eap_allowed_phase2_type(int vendor, int type) 2382 { 2383 if (vendor != EAP_VENDOR_IETF) 2384 return 0; 2385 return type != EAP_TYPE_PEAP && type != EAP_TYPE_TTLS && 2386 type != EAP_TYPE_FAST; 2387 } 2388 2389 2390 /** 2391 * eap_get_phase2_type - Get EAP type for the given EAP phase 2 method name 2392 * @name: EAP method name, e.g., MD5 2393 * @vendor: Buffer for returning EAP Vendor-Id 2394 * Returns: EAP method type or %EAP_TYPE_NONE if not found 2395 * 2396 * This function maps EAP type names into EAP type numbers that are allowed for 2397 * Phase 2, i.e., for tunneled authentication. Phase 2 is used, e.g., with 2398 * EAP-PEAP, EAP-TTLS, and EAP-FAST. 2399 */ 2400 u32 eap_get_phase2_type(const char *name, int *vendor) 2401 { 2402 int v; 2403 u32 type = eap_peer_get_type(name, &v); 2404 if (eap_allowed_phase2_type(v, type)) { 2405 *vendor = v; 2406 return type; 2407 } 2408 *vendor = EAP_VENDOR_IETF; 2409 return EAP_TYPE_NONE; 2410 } 2411 2412 2413 /** 2414 * eap_get_phase2_types - Get list of allowed EAP phase 2 types 2415 * @config: Pointer to a network configuration 2416 * @count: Pointer to a variable to be filled with number of returned EAP types 2417 * Returns: Pointer to allocated type list or %NULL on failure 2418 * 2419 * This function generates an array of allowed EAP phase 2 (tunneled) types for 2420 * the given network configuration. 2421 */ 2422 struct eap_method_type * eap_get_phase2_types(struct eap_peer_config *config, 2423 size_t *count) 2424 { 2425 struct eap_method_type *buf; 2426 u32 method; 2427 int vendor; 2428 size_t mcount; 2429 const struct eap_method *methods, *m; 2430 2431 methods = eap_peer_get_methods(&mcount); 2432 if (methods == NULL) 2433 return NULL; 2434 *count = 0; 2435 buf = os_malloc(mcount * sizeof(struct eap_method_type)); 2436 if (buf == NULL) 2437 return NULL; 2438 2439 for (m = methods; m; m = m->next) { 2440 vendor = m->vendor; 2441 method = m->method; 2442 if (eap_allowed_phase2_type(vendor, method)) { 2443 if (vendor == EAP_VENDOR_IETF && 2444 method == EAP_TYPE_TLS && config && 2445 config->private_key2 == NULL) 2446 continue; 2447 buf[*count].vendor = vendor; 2448 buf[*count].method = method; 2449 (*count)++; 2450 } 2451 } 2452 2453 return buf; 2454 } 2455 2456 2457 /** 2458 * eap_set_fast_reauth - Update fast_reauth setting 2459 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 2460 * @enabled: 1 = Fast reauthentication is enabled, 0 = Disabled 2461 */ 2462 void eap_set_fast_reauth(struct eap_sm *sm, int enabled) 2463 { 2464 sm->fast_reauth = enabled; 2465 } 2466 2467 2468 /** 2469 * eap_set_workaround - Update EAP workarounds setting 2470 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 2471 * @workaround: 1 = Enable EAP workarounds, 0 = Disable EAP workarounds 2472 */ 2473 void eap_set_workaround(struct eap_sm *sm, unsigned int workaround) 2474 { 2475 sm->workaround = workaround; 2476 } 2477 2478 2479 /** 2480 * eap_get_config - Get current network configuration 2481 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 2482 * Returns: Pointer to the current network configuration or %NULL if not found 2483 * 2484 * EAP peer methods should avoid using this function if they can use other 2485 * access functions, like eap_get_config_identity() and 2486 * eap_get_config_password(), that do not require direct access to 2487 * struct eap_peer_config. 2488 */ 2489 struct eap_peer_config * eap_get_config(struct eap_sm *sm) 2490 { 2491 return sm->eapol_cb->get_config(sm->eapol_ctx); 2492 } 2493 2494 2495 /** 2496 * eap_get_config_identity - Get identity from the network configuration 2497 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 2498 * @len: Buffer for the length of the identity 2499 * Returns: Pointer to the identity or %NULL if not found 2500 */ 2501 const u8 * eap_get_config_identity(struct eap_sm *sm, size_t *len) 2502 { 2503 struct eap_peer_config *config = eap_get_config(sm); 2504 if (config == NULL) 2505 return NULL; 2506 *len = config->identity_len; 2507 return config->identity; 2508 } 2509 2510 2511 static int eap_get_ext_password(struct eap_sm *sm, 2512 struct eap_peer_config *config) 2513 { 2514 char *name; 2515 2516 if (config->password == NULL) 2517 return -1; 2518 2519 name = os_zalloc(config->password_len + 1); 2520 if (name == NULL) 2521 return -1; 2522 os_memcpy(name, config->password, config->password_len); 2523 2524 ext_password_free(sm->ext_pw_buf); 2525 sm->ext_pw_buf = ext_password_get(sm->ext_pw, name); 2526 os_free(name); 2527 2528 return sm->ext_pw_buf == NULL ? -1 : 0; 2529 } 2530 2531 2532 /** 2533 * eap_get_config_password - Get password from the network configuration 2534 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 2535 * @len: Buffer for the length of the password 2536 * Returns: Pointer to the password or %NULL if not found 2537 */ 2538 const u8 * eap_get_config_password(struct eap_sm *sm, size_t *len) 2539 { 2540 struct eap_peer_config *config = eap_get_config(sm); 2541 if (config == NULL) 2542 return NULL; 2543 2544 if (config->flags & EAP_CONFIG_FLAGS_EXT_PASSWORD) { 2545 if (eap_get_ext_password(sm, config) < 0) 2546 return NULL; 2547 *len = wpabuf_len(sm->ext_pw_buf); 2548 return wpabuf_head(sm->ext_pw_buf); 2549 } 2550 2551 *len = config->password_len; 2552 return config->password; 2553 } 2554 2555 2556 /** 2557 * eap_get_config_password2 - Get password from the network configuration 2558 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 2559 * @len: Buffer for the length of the password 2560 * @hash: Buffer for returning whether the password is stored as a 2561 * NtPasswordHash instead of plaintext password; can be %NULL if this 2562 * information is not needed 2563 * Returns: Pointer to the password or %NULL if not found 2564 */ 2565 const u8 * eap_get_config_password2(struct eap_sm *sm, size_t *len, int *hash) 2566 { 2567 struct eap_peer_config *config = eap_get_config(sm); 2568 if (config == NULL) 2569 return NULL; 2570 2571 if (config->flags & EAP_CONFIG_FLAGS_EXT_PASSWORD) { 2572 if (eap_get_ext_password(sm, config) < 0) 2573 return NULL; 2574 if (hash) 2575 *hash = 0; 2576 *len = wpabuf_len(sm->ext_pw_buf); 2577 return wpabuf_head(sm->ext_pw_buf); 2578 } 2579 2580 *len = config->password_len; 2581 if (hash) 2582 *hash = !!(config->flags & EAP_CONFIG_FLAGS_PASSWORD_NTHASH); 2583 return config->password; 2584 } 2585 2586 2587 /** 2588 * eap_get_config_new_password - Get new password from network configuration 2589 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 2590 * @len: Buffer for the length of the new password 2591 * Returns: Pointer to the new password or %NULL if not found 2592 */ 2593 const u8 * eap_get_config_new_password(struct eap_sm *sm, size_t *len) 2594 { 2595 struct eap_peer_config *config = eap_get_config(sm); 2596 if (config == NULL) 2597 return NULL; 2598 *len = config->new_password_len; 2599 return config->new_password; 2600 } 2601 2602 2603 /** 2604 * eap_get_config_otp - Get one-time password from the network configuration 2605 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 2606 * @len: Buffer for the length of the one-time password 2607 * Returns: Pointer to the one-time password or %NULL if not found 2608 */ 2609 const u8 * eap_get_config_otp(struct eap_sm *sm, size_t *len) 2610 { 2611 struct eap_peer_config *config = eap_get_config(sm); 2612 if (config == NULL) 2613 return NULL; 2614 *len = config->otp_len; 2615 return config->otp; 2616 } 2617 2618 2619 /** 2620 * eap_clear_config_otp - Clear used one-time password 2621 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 2622 * 2623 * This function clears a used one-time password (OTP) from the current network 2624 * configuration. This should be called when the OTP has been used and is not 2625 * needed anymore. 2626 */ 2627 void eap_clear_config_otp(struct eap_sm *sm) 2628 { 2629 struct eap_peer_config *config = eap_get_config(sm); 2630 if (config == NULL) 2631 return; 2632 os_memset(config->otp, 0, config->otp_len); 2633 os_free(config->otp); 2634 config->otp = NULL; 2635 config->otp_len = 0; 2636 } 2637 2638 2639 /** 2640 * eap_get_config_phase1 - Get phase1 data from the network configuration 2641 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 2642 * Returns: Pointer to the phase1 data or %NULL if not found 2643 */ 2644 const char * eap_get_config_phase1(struct eap_sm *sm) 2645 { 2646 struct eap_peer_config *config = eap_get_config(sm); 2647 if (config == NULL) 2648 return NULL; 2649 return config->phase1; 2650 } 2651 2652 2653 /** 2654 * eap_get_config_phase2 - Get phase2 data from the network configuration 2655 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 2656 * Returns: Pointer to the phase1 data or %NULL if not found 2657 */ 2658 const char * eap_get_config_phase2(struct eap_sm *sm) 2659 { 2660 struct eap_peer_config *config = eap_get_config(sm); 2661 if (config == NULL) 2662 return NULL; 2663 return config->phase2; 2664 } 2665 2666 2667 int eap_get_config_fragment_size(struct eap_sm *sm) 2668 { 2669 struct eap_peer_config *config = eap_get_config(sm); 2670 if (config == NULL) 2671 return -1; 2672 return config->fragment_size; 2673 } 2674 2675 2676 /** 2677 * eap_key_available - Get key availability (eapKeyAvailable variable) 2678 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 2679 * Returns: 1 if EAP keying material is available, 0 if not 2680 */ 2681 int eap_key_available(struct eap_sm *sm) 2682 { 2683 return sm ? sm->eapKeyAvailable : 0; 2684 } 2685 2686 2687 /** 2688 * eap_notify_success - Notify EAP state machine about external success trigger 2689 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 2690 * 2691 * This function is called when external event, e.g., successful completion of 2692 * WPA-PSK key handshake, is indicating that EAP state machine should move to 2693 * success state. This is mainly used with security modes that do not use EAP 2694 * state machine (e.g., WPA-PSK). 2695 */ 2696 void eap_notify_success(struct eap_sm *sm) 2697 { 2698 if (sm) { 2699 sm->decision = DECISION_COND_SUCC; 2700 sm->EAP_state = EAP_SUCCESS; 2701 } 2702 } 2703 2704 2705 /** 2706 * eap_notify_lower_layer_success - Notification of lower layer success 2707 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 2708 * 2709 * Notify EAP state machines that a lower layer has detected a successful 2710 * authentication. This is used to recover from dropped EAP-Success messages. 2711 */ 2712 void eap_notify_lower_layer_success(struct eap_sm *sm) 2713 { 2714 if (sm == NULL) 2715 return; 2716 2717 if (eapol_get_bool(sm, EAPOL_eapSuccess) || 2718 sm->decision == DECISION_FAIL || 2719 (sm->methodState != METHOD_MAY_CONT && 2720 sm->methodState != METHOD_DONE)) 2721 return; 2722 2723 if (sm->eapKeyData != NULL) 2724 sm->eapKeyAvailable = TRUE; 2725 eapol_set_bool(sm, EAPOL_eapSuccess, TRUE); 2726 wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_SUCCESS 2727 "EAP authentication completed successfully (based on lower " 2728 "layer success)"); 2729 } 2730 2731 2732 /** 2733 * eap_get_eapSessionId - Get Session-Id from EAP state machine 2734 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 2735 * @len: Pointer to variable that will be set to number of bytes in the session 2736 * Returns: Pointer to the EAP Session-Id or %NULL on failure 2737 * 2738 * Fetch EAP Session-Id from the EAP state machine. The Session-Id is available 2739 * only after a successful authentication. EAP state machine continues to manage 2740 * the Session-Id and the caller must not change or free the returned data. 2741 */ 2742 const u8 * eap_get_eapSessionId(struct eap_sm *sm, size_t *len) 2743 { 2744 if (sm == NULL || sm->eapSessionId == NULL) { 2745 *len = 0; 2746 return NULL; 2747 } 2748 2749 *len = sm->eapSessionIdLen; 2750 return sm->eapSessionId; 2751 } 2752 2753 2754 /** 2755 * eap_get_eapKeyData - Get master session key (MSK) from EAP state machine 2756 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 2757 * @len: Pointer to variable that will be set to number of bytes in the key 2758 * Returns: Pointer to the EAP keying data or %NULL on failure 2759 * 2760 * Fetch EAP keying material (MSK, eapKeyData) from the EAP state machine. The 2761 * key is available only after a successful authentication. EAP state machine 2762 * continues to manage the key data and the caller must not change or free the 2763 * returned data. 2764 */ 2765 const u8 * eap_get_eapKeyData(struct eap_sm *sm, size_t *len) 2766 { 2767 if (sm == NULL || sm->eapKeyData == NULL) { 2768 *len = 0; 2769 return NULL; 2770 } 2771 2772 *len = sm->eapKeyDataLen; 2773 return sm->eapKeyData; 2774 } 2775 2776 2777 /** 2778 * eap_get_eapKeyData - Get EAP response data 2779 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 2780 * Returns: Pointer to the EAP response (eapRespData) or %NULL on failure 2781 * 2782 * Fetch EAP response (eapRespData) from the EAP state machine. This data is 2783 * available when EAP state machine has processed an incoming EAP request. The 2784 * EAP state machine does not maintain a reference to the response after this 2785 * function is called and the caller is responsible for freeing the data. 2786 */ 2787 struct wpabuf * eap_get_eapRespData(struct eap_sm *sm) 2788 { 2789 struct wpabuf *resp; 2790 2791 if (sm == NULL || sm->eapRespData == NULL) 2792 return NULL; 2793 2794 resp = sm->eapRespData; 2795 sm->eapRespData = NULL; 2796 2797 return resp; 2798 } 2799 2800 2801 /** 2802 * eap_sm_register_scard_ctx - Notification of smart card context 2803 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 2804 * @ctx: Context data for smart card operations 2805 * 2806 * Notify EAP state machines of context data for smart card operations. This 2807 * context data will be used as a parameter for scard_*() functions. 2808 */ 2809 void eap_register_scard_ctx(struct eap_sm *sm, void *ctx) 2810 { 2811 if (sm) 2812 sm->scard_ctx = ctx; 2813 } 2814 2815 2816 /** 2817 * eap_set_config_blob - Set or add a named configuration blob 2818 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 2819 * @blob: New value for the blob 2820 * 2821 * Adds a new configuration blob or replaces the current value of an existing 2822 * blob. 2823 */ 2824 void eap_set_config_blob(struct eap_sm *sm, struct wpa_config_blob *blob) 2825 { 2826 #ifndef CONFIG_NO_CONFIG_BLOBS 2827 sm->eapol_cb->set_config_blob(sm->eapol_ctx, blob); 2828 #endif /* CONFIG_NO_CONFIG_BLOBS */ 2829 } 2830 2831 2832 /** 2833 * eap_get_config_blob - Get a named configuration blob 2834 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 2835 * @name: Name of the blob 2836 * Returns: Pointer to blob data or %NULL if not found 2837 */ 2838 const struct wpa_config_blob * eap_get_config_blob(struct eap_sm *sm, 2839 const char *name) 2840 { 2841 #ifndef CONFIG_NO_CONFIG_BLOBS 2842 return sm->eapol_cb->get_config_blob(sm->eapol_ctx, name); 2843 #else /* CONFIG_NO_CONFIG_BLOBS */ 2844 return NULL; 2845 #endif /* CONFIG_NO_CONFIG_BLOBS */ 2846 } 2847 2848 2849 /** 2850 * eap_set_force_disabled - Set force_disabled flag 2851 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 2852 * @disabled: 1 = EAP disabled, 0 = EAP enabled 2853 * 2854 * This function is used to force EAP state machine to be disabled when it is 2855 * not in use (e.g., with WPA-PSK or plaintext connections). 2856 */ 2857 void eap_set_force_disabled(struct eap_sm *sm, int disabled) 2858 { 2859 sm->force_disabled = disabled; 2860 } 2861 2862 2863 /** 2864 * eap_set_external_sim - Set external_sim flag 2865 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 2866 * @external_sim: Whether external SIM/USIM processing is used 2867 */ 2868 void eap_set_external_sim(struct eap_sm *sm, int external_sim) 2869 { 2870 sm->external_sim = external_sim; 2871 } 2872 2873 2874 /** 2875 * eap_notify_pending - Notify that EAP method is ready to re-process a request 2876 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 2877 * 2878 * An EAP method can perform a pending operation (e.g., to get a response from 2879 * an external process). Once the response is available, this function can be 2880 * used to request EAPOL state machine to retry delivering the previously 2881 * received (and still unanswered) EAP request to EAP state machine. 2882 */ 2883 void eap_notify_pending(struct eap_sm *sm) 2884 { 2885 sm->eapol_cb->notify_pending(sm->eapol_ctx); 2886 } 2887 2888 2889 /** 2890 * eap_invalidate_cached_session - Mark cached session data invalid 2891 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 2892 */ 2893 void eap_invalidate_cached_session(struct eap_sm *sm) 2894 { 2895 if (sm) 2896 eap_deinit_prev_method(sm, "invalidate"); 2897 } 2898 2899 2900 int eap_is_wps_pbc_enrollee(struct eap_peer_config *conf) 2901 { 2902 if (conf->identity_len != WSC_ID_ENROLLEE_LEN || 2903 os_memcmp(conf->identity, WSC_ID_ENROLLEE, WSC_ID_ENROLLEE_LEN)) 2904 return 0; /* Not a WPS Enrollee */ 2905 2906 if (conf->phase1 == NULL || os_strstr(conf->phase1, "pbc=1") == NULL) 2907 return 0; /* Not using PBC */ 2908 2909 return 1; 2910 } 2911 2912 2913 int eap_is_wps_pin_enrollee(struct eap_peer_config *conf) 2914 { 2915 if (conf->identity_len != WSC_ID_ENROLLEE_LEN || 2916 os_memcmp(conf->identity, WSC_ID_ENROLLEE, WSC_ID_ENROLLEE_LEN)) 2917 return 0; /* Not a WPS Enrollee */ 2918 2919 if (conf->phase1 == NULL || os_strstr(conf->phase1, "pin=") == NULL) 2920 return 0; /* Not using PIN */ 2921 2922 return 1; 2923 } 2924 2925 2926 void eap_sm_set_ext_pw_ctx(struct eap_sm *sm, struct ext_password_data *ext) 2927 { 2928 ext_password_free(sm->ext_pw_buf); 2929 sm->ext_pw_buf = NULL; 2930 sm->ext_pw = ext; 2931 } 2932 2933 2934 /** 2935 * eap_set_anon_id - Set or add anonymous identity 2936 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 2937 * @id: Anonymous identity (e.g., EAP-SIM pseudonym) or %NULL to clear 2938 * @len: Length of anonymous identity in octets 2939 */ 2940 void eap_set_anon_id(struct eap_sm *sm, const u8 *id, size_t len) 2941 { 2942 if (sm->eapol_cb->set_anon_id) 2943 sm->eapol_cb->set_anon_id(sm->eapol_ctx, id, len); 2944 } 2945 2946 2947 int eap_peer_was_failure_expected(struct eap_sm *sm) 2948 { 2949 return sm->expected_failure; 2950 } 2951