xref: /freebsd/contrib/wpa/src/eap_peer/eap.c (revision 8d20be1e22095c27faf8fe8b2f0d089739cc742e)
1 /*
2  * EAP peer state machines (RFC 4137)
3  * Copyright (c) 2004-2012, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  *
8  * This file implements the Peer State Machine as defined in RFC 4137. The used
9  * states and state transitions match mostly with the RFC. However, there are
10  * couple of additional transitions for working around small issues noticed
11  * during testing. These exceptions are explained in comments within the
12  * functions in this file. The method functions, m.func(), are similar to the
13  * ones used in RFC 4137, but some small changes have used here to optimize
14  * operations and to add functionality needed for fast re-authentication
15  * (session resumption).
16  */
17 
18 #include "includes.h"
19 
20 #include "common.h"
21 #include "pcsc_funcs.h"
22 #include "state_machine.h"
23 #include "ext_password.h"
24 #include "crypto/crypto.h"
25 #include "crypto/tls.h"
26 #include "common/wpa_ctrl.h"
27 #include "eap_common/eap_wsc_common.h"
28 #include "eap_i.h"
29 #include "eap_config.h"
30 
31 #define STATE_MACHINE_DATA struct eap_sm
32 #define STATE_MACHINE_DEBUG_PREFIX "EAP"
33 
34 #define EAP_MAX_AUTH_ROUNDS 50
35 #define EAP_CLIENT_TIMEOUT_DEFAULT 60
36 
37 
38 static Boolean eap_sm_allowMethod(struct eap_sm *sm, int vendor,
39 				  EapType method);
40 static struct wpabuf * eap_sm_buildNak(struct eap_sm *sm, int id);
41 static void eap_sm_processIdentity(struct eap_sm *sm,
42 				   const struct wpabuf *req);
43 static void eap_sm_processNotify(struct eap_sm *sm, const struct wpabuf *req);
44 static struct wpabuf * eap_sm_buildNotify(int id);
45 static void eap_sm_parseEapReq(struct eap_sm *sm, const struct wpabuf *req);
46 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
47 static const char * eap_sm_method_state_txt(EapMethodState state);
48 static const char * eap_sm_decision_txt(EapDecision decision);
49 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
50 
51 
52 
53 static Boolean eapol_get_bool(struct eap_sm *sm, enum eapol_bool_var var)
54 {
55 	return sm->eapol_cb->get_bool(sm->eapol_ctx, var);
56 }
57 
58 
59 static void eapol_set_bool(struct eap_sm *sm, enum eapol_bool_var var,
60 			   Boolean value)
61 {
62 	sm->eapol_cb->set_bool(sm->eapol_ctx, var, value);
63 }
64 
65 
66 static unsigned int eapol_get_int(struct eap_sm *sm, enum eapol_int_var var)
67 {
68 	return sm->eapol_cb->get_int(sm->eapol_ctx, var);
69 }
70 
71 
72 static void eapol_set_int(struct eap_sm *sm, enum eapol_int_var var,
73 			  unsigned int value)
74 {
75 	sm->eapol_cb->set_int(sm->eapol_ctx, var, value);
76 }
77 
78 
79 static struct wpabuf * eapol_get_eapReqData(struct eap_sm *sm)
80 {
81 	return sm->eapol_cb->get_eapReqData(sm->eapol_ctx);
82 }
83 
84 
85 static void eap_notify_status(struct eap_sm *sm, const char *status,
86 				      const char *parameter)
87 {
88 	wpa_printf(MSG_DEBUG, "EAP: Status notification: %s (param=%s)",
89 		   status, parameter);
90 	if (sm->eapol_cb->notify_status)
91 		sm->eapol_cb->notify_status(sm->eapol_ctx, status, parameter);
92 }
93 
94 
95 static void eap_deinit_prev_method(struct eap_sm *sm, const char *txt)
96 {
97 	ext_password_free(sm->ext_pw_buf);
98 	sm->ext_pw_buf = NULL;
99 
100 	if (sm->m == NULL || sm->eap_method_priv == NULL)
101 		return;
102 
103 	wpa_printf(MSG_DEBUG, "EAP: deinitialize previously used EAP method "
104 		   "(%d, %s) at %s", sm->selectedMethod, sm->m->name, txt);
105 	sm->m->deinit(sm, sm->eap_method_priv);
106 	sm->eap_method_priv = NULL;
107 	sm->m = NULL;
108 }
109 
110 
111 /**
112  * eap_allowed_method - Check whether EAP method is allowed
113  * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
114  * @vendor: Vendor-Id for expanded types or 0 = IETF for legacy types
115  * @method: EAP type
116  * Returns: 1 = allowed EAP method, 0 = not allowed
117  */
118 int eap_allowed_method(struct eap_sm *sm, int vendor, u32 method)
119 {
120 	struct eap_peer_config *config = eap_get_config(sm);
121 	int i;
122 	struct eap_method_type *m;
123 
124 	if (config == NULL || config->eap_methods == NULL)
125 		return 1;
126 
127 	m = config->eap_methods;
128 	for (i = 0; m[i].vendor != EAP_VENDOR_IETF ||
129 		     m[i].method != EAP_TYPE_NONE; i++) {
130 		if (m[i].vendor == vendor && m[i].method == method)
131 			return 1;
132 	}
133 	return 0;
134 }
135 
136 
137 /*
138  * This state initializes state machine variables when the machine is
139  * activated (portEnabled = TRUE). This is also used when re-starting
140  * authentication (eapRestart == TRUE).
141  */
142 SM_STATE(EAP, INITIALIZE)
143 {
144 	SM_ENTRY(EAP, INITIALIZE);
145 	if (sm->fast_reauth && sm->m && sm->m->has_reauth_data &&
146 	    sm->m->has_reauth_data(sm, sm->eap_method_priv) &&
147 	    !sm->prev_failure) {
148 		wpa_printf(MSG_DEBUG, "EAP: maintaining EAP method data for "
149 			   "fast reauthentication");
150 		sm->m->deinit_for_reauth(sm, sm->eap_method_priv);
151 	} else {
152 		eap_deinit_prev_method(sm, "INITIALIZE");
153 	}
154 	sm->selectedMethod = EAP_TYPE_NONE;
155 	sm->methodState = METHOD_NONE;
156 	sm->allowNotifications = TRUE;
157 	sm->decision = DECISION_FAIL;
158 	sm->ClientTimeout = EAP_CLIENT_TIMEOUT_DEFAULT;
159 	eapol_set_int(sm, EAPOL_idleWhile, sm->ClientTimeout);
160 	eapol_set_bool(sm, EAPOL_eapSuccess, FALSE);
161 	eapol_set_bool(sm, EAPOL_eapFail, FALSE);
162 	os_free(sm->eapKeyData);
163 	sm->eapKeyData = NULL;
164 	sm->eapKeyAvailable = FALSE;
165 	eapol_set_bool(sm, EAPOL_eapRestart, FALSE);
166 	sm->lastId = -1; /* new session - make sure this does not match with
167 			  * the first EAP-Packet */
168 	/*
169 	 * RFC 4137 does not reset eapResp and eapNoResp here. However, this
170 	 * seemed to be able to trigger cases where both were set and if EAPOL
171 	 * state machine uses eapNoResp first, it may end up not sending a real
172 	 * reply correctly. This occurred when the workaround in FAIL state set
173 	 * eapNoResp = TRUE.. Maybe that workaround needs to be fixed to do
174 	 * something else(?)
175 	 */
176 	eapol_set_bool(sm, EAPOL_eapResp, FALSE);
177 	eapol_set_bool(sm, EAPOL_eapNoResp, FALSE);
178 	sm->num_rounds = 0;
179 	sm->prev_failure = 0;
180 }
181 
182 
183 /*
184  * This state is reached whenever service from the lower layer is interrupted
185  * or unavailable (portEnabled == FALSE). Immediate transition to INITIALIZE
186  * occurs when the port becomes enabled.
187  */
188 SM_STATE(EAP, DISABLED)
189 {
190 	SM_ENTRY(EAP, DISABLED);
191 	sm->num_rounds = 0;
192 	/*
193 	 * RFC 4137 does not describe clearing of idleWhile here, but doing so
194 	 * allows the timer tick to be stopped more quickly when EAP is not in
195 	 * use.
196 	 */
197 	eapol_set_int(sm, EAPOL_idleWhile, 0);
198 }
199 
200 
201 /*
202  * The state machine spends most of its time here, waiting for something to
203  * happen. This state is entered unconditionally from INITIALIZE, DISCARD, and
204  * SEND_RESPONSE states.
205  */
206 SM_STATE(EAP, IDLE)
207 {
208 	SM_ENTRY(EAP, IDLE);
209 }
210 
211 
212 /*
213  * This state is entered when an EAP packet is received (eapReq == TRUE) to
214  * parse the packet header.
215  */
216 SM_STATE(EAP, RECEIVED)
217 {
218 	const struct wpabuf *eapReqData;
219 
220 	SM_ENTRY(EAP, RECEIVED);
221 	eapReqData = eapol_get_eapReqData(sm);
222 	/* parse rxReq, rxSuccess, rxFailure, reqId, reqMethod */
223 	eap_sm_parseEapReq(sm, eapReqData);
224 	sm->num_rounds++;
225 }
226 
227 
228 /*
229  * This state is entered when a request for a new type comes in. Either the
230  * correct method is started, or a Nak response is built.
231  */
232 SM_STATE(EAP, GET_METHOD)
233 {
234 	int reinit;
235 	EapType method;
236 	const struct eap_method *eap_method;
237 
238 	SM_ENTRY(EAP, GET_METHOD);
239 
240 	if (sm->reqMethod == EAP_TYPE_EXPANDED)
241 		method = sm->reqVendorMethod;
242 	else
243 		method = sm->reqMethod;
244 
245 	eap_method = eap_peer_get_eap_method(sm->reqVendor, method);
246 
247 	if (!eap_sm_allowMethod(sm, sm->reqVendor, method)) {
248 		wpa_printf(MSG_DEBUG, "EAP: vendor %u method %u not allowed",
249 			   sm->reqVendor, method);
250 		wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_PROPOSED_METHOD
251 			"vendor=%u method=%u -> NAK",
252 			sm->reqVendor, method);
253 		eap_notify_status(sm, "refuse proposed method",
254 				  eap_method ?  eap_method->name : "unknown");
255 		goto nak;
256 	}
257 
258 	wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_PROPOSED_METHOD
259 		"vendor=%u method=%u", sm->reqVendor, method);
260 
261 	eap_notify_status(sm, "accept proposed method",
262 			  eap_method ?  eap_method->name : "unknown");
263 	/*
264 	 * RFC 4137 does not define specific operation for fast
265 	 * re-authentication (session resumption). The design here is to allow
266 	 * the previously used method data to be maintained for
267 	 * re-authentication if the method support session resumption.
268 	 * Otherwise, the previously used method data is freed and a new method
269 	 * is allocated here.
270 	 */
271 	if (sm->fast_reauth &&
272 	    sm->m && sm->m->vendor == sm->reqVendor &&
273 	    sm->m->method == method &&
274 	    sm->m->has_reauth_data &&
275 	    sm->m->has_reauth_data(sm, sm->eap_method_priv)) {
276 		wpa_printf(MSG_DEBUG, "EAP: Using previous method data"
277 			   " for fast re-authentication");
278 		reinit = 1;
279 	} else {
280 		eap_deinit_prev_method(sm, "GET_METHOD");
281 		reinit = 0;
282 	}
283 
284 	sm->selectedMethod = sm->reqMethod;
285 	if (sm->m == NULL)
286 		sm->m = eap_method;
287 	if (!sm->m) {
288 		wpa_printf(MSG_DEBUG, "EAP: Could not find selected method: "
289 			   "vendor %d method %d",
290 			   sm->reqVendor, method);
291 		goto nak;
292 	}
293 
294 	sm->ClientTimeout = EAP_CLIENT_TIMEOUT_DEFAULT;
295 
296 	wpa_printf(MSG_DEBUG, "EAP: Initialize selected EAP method: "
297 		   "vendor %u method %u (%s)",
298 		   sm->reqVendor, method, sm->m->name);
299 	if (reinit)
300 		sm->eap_method_priv = sm->m->init_for_reauth(
301 			sm, sm->eap_method_priv);
302 	else
303 		sm->eap_method_priv = sm->m->init(sm);
304 
305 	if (sm->eap_method_priv == NULL) {
306 		struct eap_peer_config *config = eap_get_config(sm);
307 		wpa_msg(sm->msg_ctx, MSG_INFO,
308 			"EAP: Failed to initialize EAP method: vendor %u "
309 			"method %u (%s)",
310 			sm->reqVendor, method, sm->m->name);
311 		sm->m = NULL;
312 		sm->methodState = METHOD_NONE;
313 		sm->selectedMethod = EAP_TYPE_NONE;
314 		if (sm->reqMethod == EAP_TYPE_TLS && config &&
315 		    (config->pending_req_pin ||
316 		     config->pending_req_passphrase)) {
317 			/*
318 			 * Return without generating Nak in order to allow
319 			 * entering of PIN code or passphrase to retry the
320 			 * current EAP packet.
321 			 */
322 			wpa_printf(MSG_DEBUG, "EAP: Pending PIN/passphrase "
323 				   "request - skip Nak");
324 			return;
325 		}
326 
327 		goto nak;
328 	}
329 
330 	sm->methodState = METHOD_INIT;
331 	wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_METHOD
332 		"EAP vendor %u method %u (%s) selected",
333 		sm->reqVendor, method, sm->m->name);
334 	return;
335 
336 nak:
337 	wpabuf_free(sm->eapRespData);
338 	sm->eapRespData = NULL;
339 	sm->eapRespData = eap_sm_buildNak(sm, sm->reqId);
340 }
341 
342 
343 /*
344  * The method processing happens here. The request from the authenticator is
345  * processed, and an appropriate response packet is built.
346  */
347 SM_STATE(EAP, METHOD)
348 {
349 	struct wpabuf *eapReqData;
350 	struct eap_method_ret ret;
351 	int min_len = 1;
352 
353 	SM_ENTRY(EAP, METHOD);
354 	if (sm->m == NULL) {
355 		wpa_printf(MSG_WARNING, "EAP::METHOD - method not selected");
356 		return;
357 	}
358 
359 	eapReqData = eapol_get_eapReqData(sm);
360 	if (sm->m->vendor == EAP_VENDOR_IETF && sm->m->method == EAP_TYPE_LEAP)
361 		min_len = 0; /* LEAP uses EAP-Success without payload */
362 	if (!eap_hdr_len_valid(eapReqData, min_len))
363 		return;
364 
365 	/*
366 	 * Get ignore, methodState, decision, allowNotifications, and
367 	 * eapRespData. RFC 4137 uses three separate method procedure (check,
368 	 * process, and buildResp) in this state. These have been combined into
369 	 * a single function call to m->process() in order to optimize EAP
370 	 * method implementation interface a bit. These procedures are only
371 	 * used from within this METHOD state, so there is no need to keep
372 	 * these as separate C functions.
373 	 *
374 	 * The RFC 4137 procedures return values as follows:
375 	 * ignore = m.check(eapReqData)
376 	 * (methodState, decision, allowNotifications) = m.process(eapReqData)
377 	 * eapRespData = m.buildResp(reqId)
378 	 */
379 	os_memset(&ret, 0, sizeof(ret));
380 	ret.ignore = sm->ignore;
381 	ret.methodState = sm->methodState;
382 	ret.decision = sm->decision;
383 	ret.allowNotifications = sm->allowNotifications;
384 	wpabuf_free(sm->eapRespData);
385 	sm->eapRespData = NULL;
386 	sm->eapRespData = sm->m->process(sm, sm->eap_method_priv, &ret,
387 					 eapReqData);
388 	wpa_printf(MSG_DEBUG, "EAP: method process -> ignore=%s "
389 		   "methodState=%s decision=%s",
390 		   ret.ignore ? "TRUE" : "FALSE",
391 		   eap_sm_method_state_txt(ret.methodState),
392 		   eap_sm_decision_txt(ret.decision));
393 
394 	sm->ignore = ret.ignore;
395 	if (sm->ignore)
396 		return;
397 	sm->methodState = ret.methodState;
398 	sm->decision = ret.decision;
399 	sm->allowNotifications = ret.allowNotifications;
400 
401 	if (sm->m->isKeyAvailable && sm->m->getKey &&
402 	    sm->m->isKeyAvailable(sm, sm->eap_method_priv)) {
403 		os_free(sm->eapKeyData);
404 		sm->eapKeyData = sm->m->getKey(sm, sm->eap_method_priv,
405 					       &sm->eapKeyDataLen);
406 	}
407 }
408 
409 
410 /*
411  * This state signals the lower layer that a response packet is ready to be
412  * sent.
413  */
414 SM_STATE(EAP, SEND_RESPONSE)
415 {
416 	SM_ENTRY(EAP, SEND_RESPONSE);
417 	wpabuf_free(sm->lastRespData);
418 	if (sm->eapRespData) {
419 		if (sm->workaround)
420 			os_memcpy(sm->last_md5, sm->req_md5, 16);
421 		sm->lastId = sm->reqId;
422 		sm->lastRespData = wpabuf_dup(sm->eapRespData);
423 		eapol_set_bool(sm, EAPOL_eapResp, TRUE);
424 	} else
425 		sm->lastRespData = NULL;
426 	eapol_set_bool(sm, EAPOL_eapReq, FALSE);
427 	eapol_set_int(sm, EAPOL_idleWhile, sm->ClientTimeout);
428 }
429 
430 
431 /*
432  * This state signals the lower layer that the request was discarded, and no
433  * response packet will be sent at this time.
434  */
435 SM_STATE(EAP, DISCARD)
436 {
437 	SM_ENTRY(EAP, DISCARD);
438 	eapol_set_bool(sm, EAPOL_eapReq, FALSE);
439 	eapol_set_bool(sm, EAPOL_eapNoResp, TRUE);
440 }
441 
442 
443 /*
444  * Handles requests for Identity method and builds a response.
445  */
446 SM_STATE(EAP, IDENTITY)
447 {
448 	const struct wpabuf *eapReqData;
449 
450 	SM_ENTRY(EAP, IDENTITY);
451 	eapReqData = eapol_get_eapReqData(sm);
452 	if (!eap_hdr_len_valid(eapReqData, 1))
453 		return;
454 	eap_sm_processIdentity(sm, eapReqData);
455 	wpabuf_free(sm->eapRespData);
456 	sm->eapRespData = NULL;
457 	sm->eapRespData = eap_sm_buildIdentity(sm, sm->reqId, 0);
458 }
459 
460 
461 /*
462  * Handles requests for Notification method and builds a response.
463  */
464 SM_STATE(EAP, NOTIFICATION)
465 {
466 	const struct wpabuf *eapReqData;
467 
468 	SM_ENTRY(EAP, NOTIFICATION);
469 	eapReqData = eapol_get_eapReqData(sm);
470 	if (!eap_hdr_len_valid(eapReqData, 1))
471 		return;
472 	eap_sm_processNotify(sm, eapReqData);
473 	wpabuf_free(sm->eapRespData);
474 	sm->eapRespData = NULL;
475 	sm->eapRespData = eap_sm_buildNotify(sm->reqId);
476 }
477 
478 
479 /*
480  * This state retransmits the previous response packet.
481  */
482 SM_STATE(EAP, RETRANSMIT)
483 {
484 	SM_ENTRY(EAP, RETRANSMIT);
485 	wpabuf_free(sm->eapRespData);
486 	if (sm->lastRespData)
487 		sm->eapRespData = wpabuf_dup(sm->lastRespData);
488 	else
489 		sm->eapRespData = NULL;
490 }
491 
492 
493 /*
494  * This state is entered in case of a successful completion of authentication
495  * and state machine waits here until port is disabled or EAP authentication is
496  * restarted.
497  */
498 SM_STATE(EAP, SUCCESS)
499 {
500 	SM_ENTRY(EAP, SUCCESS);
501 	if (sm->eapKeyData != NULL)
502 		sm->eapKeyAvailable = TRUE;
503 	eapol_set_bool(sm, EAPOL_eapSuccess, TRUE);
504 
505 	/*
506 	 * RFC 4137 does not clear eapReq here, but this seems to be required
507 	 * to avoid processing the same request twice when state machine is
508 	 * initialized.
509 	 */
510 	eapol_set_bool(sm, EAPOL_eapReq, FALSE);
511 
512 	/*
513 	 * RFC 4137 does not set eapNoResp here, but this seems to be required
514 	 * to get EAPOL Supplicant backend state machine into SUCCESS state. In
515 	 * addition, either eapResp or eapNoResp is required to be set after
516 	 * processing the received EAP frame.
517 	 */
518 	eapol_set_bool(sm, EAPOL_eapNoResp, TRUE);
519 
520 	wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_SUCCESS
521 		"EAP authentication completed successfully");
522 }
523 
524 
525 /*
526  * This state is entered in case of a failure and state machine waits here
527  * until port is disabled or EAP authentication is restarted.
528  */
529 SM_STATE(EAP, FAILURE)
530 {
531 	SM_ENTRY(EAP, FAILURE);
532 	eapol_set_bool(sm, EAPOL_eapFail, TRUE);
533 
534 	/*
535 	 * RFC 4137 does not clear eapReq here, but this seems to be required
536 	 * to avoid processing the same request twice when state machine is
537 	 * initialized.
538 	 */
539 	eapol_set_bool(sm, EAPOL_eapReq, FALSE);
540 
541 	/*
542 	 * RFC 4137 does not set eapNoResp here. However, either eapResp or
543 	 * eapNoResp is required to be set after processing the received EAP
544 	 * frame.
545 	 */
546 	eapol_set_bool(sm, EAPOL_eapNoResp, TRUE);
547 
548 	wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_FAILURE
549 		"EAP authentication failed");
550 
551 	sm->prev_failure = 1;
552 }
553 
554 
555 static int eap_success_workaround(struct eap_sm *sm, int reqId, int lastId)
556 {
557 	/*
558 	 * At least Microsoft IAS and Meetinghouse Aegis seem to be sending
559 	 * EAP-Success/Failure with lastId + 1 even though RFC 3748 and
560 	 * RFC 4137 require that reqId == lastId. In addition, it looks like
561 	 * Ringmaster v2.1.2.0 would be using lastId + 2 in EAP-Success.
562 	 *
563 	 * Accept this kind of Id if EAP workarounds are enabled. These are
564 	 * unauthenticated plaintext messages, so this should have minimal
565 	 * security implications (bit easier to fake EAP-Success/Failure).
566 	 */
567 	if (sm->workaround && (reqId == ((lastId + 1) & 0xff) ||
568 			       reqId == ((lastId + 2) & 0xff))) {
569 		wpa_printf(MSG_DEBUG, "EAP: Workaround for unexpected "
570 			   "identifier field in EAP Success: "
571 			   "reqId=%d lastId=%d (these are supposed to be "
572 			   "same)", reqId, lastId);
573 		return 1;
574 	}
575 	wpa_printf(MSG_DEBUG, "EAP: EAP-Success Id mismatch - reqId=%d "
576 		   "lastId=%d", reqId, lastId);
577 	return 0;
578 }
579 
580 
581 /*
582  * RFC 4137 - Appendix A.1: EAP Peer State Machine - State transitions
583  */
584 
585 static void eap_peer_sm_step_idle(struct eap_sm *sm)
586 {
587 	/*
588 	 * The first three transitions are from RFC 4137. The last two are
589 	 * local additions to handle special cases with LEAP and PEAP server
590 	 * not sending EAP-Success in some cases.
591 	 */
592 	if (eapol_get_bool(sm, EAPOL_eapReq))
593 		SM_ENTER(EAP, RECEIVED);
594 	else if ((eapol_get_bool(sm, EAPOL_altAccept) &&
595 		  sm->decision != DECISION_FAIL) ||
596 		 (eapol_get_int(sm, EAPOL_idleWhile) == 0 &&
597 		  sm->decision == DECISION_UNCOND_SUCC))
598 		SM_ENTER(EAP, SUCCESS);
599 	else if (eapol_get_bool(sm, EAPOL_altReject) ||
600 		 (eapol_get_int(sm, EAPOL_idleWhile) == 0 &&
601 		  sm->decision != DECISION_UNCOND_SUCC) ||
602 		 (eapol_get_bool(sm, EAPOL_altAccept) &&
603 		  sm->methodState != METHOD_CONT &&
604 		  sm->decision == DECISION_FAIL))
605 		SM_ENTER(EAP, FAILURE);
606 	else if (sm->selectedMethod == EAP_TYPE_LEAP &&
607 		 sm->leap_done && sm->decision != DECISION_FAIL &&
608 		 sm->methodState == METHOD_DONE)
609 		SM_ENTER(EAP, SUCCESS);
610 	else if (sm->selectedMethod == EAP_TYPE_PEAP &&
611 		 sm->peap_done && sm->decision != DECISION_FAIL &&
612 		 sm->methodState == METHOD_DONE)
613 		SM_ENTER(EAP, SUCCESS);
614 }
615 
616 
617 static int eap_peer_req_is_duplicate(struct eap_sm *sm)
618 {
619 	int duplicate;
620 
621 	duplicate = (sm->reqId == sm->lastId) && sm->rxReq;
622 	if (sm->workaround && duplicate &&
623 	    os_memcmp(sm->req_md5, sm->last_md5, 16) != 0) {
624 		/*
625 		 * RFC 4137 uses (reqId == lastId) as the only verification for
626 		 * duplicate EAP requests. However, this misses cases where the
627 		 * AS is incorrectly using the same id again; and
628 		 * unfortunately, such implementations exist. Use MD5 hash as
629 		 * an extra verification for the packets being duplicate to
630 		 * workaround these issues.
631 		 */
632 		wpa_printf(MSG_DEBUG, "EAP: AS used the same Id again, but "
633 			   "EAP packets were not identical");
634 		wpa_printf(MSG_DEBUG, "EAP: workaround - assume this is not a "
635 			   "duplicate packet");
636 		duplicate = 0;
637 	}
638 
639 	return duplicate;
640 }
641 
642 
643 static void eap_peer_sm_step_received(struct eap_sm *sm)
644 {
645 	int duplicate = eap_peer_req_is_duplicate(sm);
646 
647 	/*
648 	 * Two special cases below for LEAP are local additions to work around
649 	 * odd LEAP behavior (EAP-Success in the middle of authentication and
650 	 * then swapped roles). Other transitions are based on RFC 4137.
651 	 */
652 	if (sm->rxSuccess && sm->decision != DECISION_FAIL &&
653 	    (sm->reqId == sm->lastId ||
654 	     eap_success_workaround(sm, sm->reqId, sm->lastId)))
655 		SM_ENTER(EAP, SUCCESS);
656 	else if (sm->methodState != METHOD_CONT &&
657 		 ((sm->rxFailure &&
658 		   sm->decision != DECISION_UNCOND_SUCC) ||
659 		  (sm->rxSuccess && sm->decision == DECISION_FAIL &&
660 		   (sm->selectedMethod != EAP_TYPE_LEAP ||
661 		    sm->methodState != METHOD_MAY_CONT))) &&
662 		 (sm->reqId == sm->lastId ||
663 		  eap_success_workaround(sm, sm->reqId, sm->lastId)))
664 		SM_ENTER(EAP, FAILURE);
665 	else if (sm->rxReq && duplicate)
666 		SM_ENTER(EAP, RETRANSMIT);
667 	else if (sm->rxReq && !duplicate &&
668 		 sm->reqMethod == EAP_TYPE_NOTIFICATION &&
669 		 sm->allowNotifications)
670 		SM_ENTER(EAP, NOTIFICATION);
671 	else if (sm->rxReq && !duplicate &&
672 		 sm->selectedMethod == EAP_TYPE_NONE &&
673 		 sm->reqMethod == EAP_TYPE_IDENTITY)
674 		SM_ENTER(EAP, IDENTITY);
675 	else if (sm->rxReq && !duplicate &&
676 		 sm->selectedMethod == EAP_TYPE_NONE &&
677 		 sm->reqMethod != EAP_TYPE_IDENTITY &&
678 		 sm->reqMethod != EAP_TYPE_NOTIFICATION)
679 		SM_ENTER(EAP, GET_METHOD);
680 	else if (sm->rxReq && !duplicate &&
681 		 sm->reqMethod == sm->selectedMethod &&
682 		 sm->methodState != METHOD_DONE)
683 		SM_ENTER(EAP, METHOD);
684 	else if (sm->selectedMethod == EAP_TYPE_LEAP &&
685 		 (sm->rxSuccess || sm->rxResp))
686 		SM_ENTER(EAP, METHOD);
687 	else
688 		SM_ENTER(EAP, DISCARD);
689 }
690 
691 
692 static void eap_peer_sm_step_local(struct eap_sm *sm)
693 {
694 	switch (sm->EAP_state) {
695 	case EAP_INITIALIZE:
696 		SM_ENTER(EAP, IDLE);
697 		break;
698 	case EAP_DISABLED:
699 		if (eapol_get_bool(sm, EAPOL_portEnabled) &&
700 		    !sm->force_disabled)
701 			SM_ENTER(EAP, INITIALIZE);
702 		break;
703 	case EAP_IDLE:
704 		eap_peer_sm_step_idle(sm);
705 		break;
706 	case EAP_RECEIVED:
707 		eap_peer_sm_step_received(sm);
708 		break;
709 	case EAP_GET_METHOD:
710 		if (sm->selectedMethod == sm->reqMethod)
711 			SM_ENTER(EAP, METHOD);
712 		else
713 			SM_ENTER(EAP, SEND_RESPONSE);
714 		break;
715 	case EAP_METHOD:
716 		if (sm->ignore)
717 			SM_ENTER(EAP, DISCARD);
718 		else
719 			SM_ENTER(EAP, SEND_RESPONSE);
720 		break;
721 	case EAP_SEND_RESPONSE:
722 		SM_ENTER(EAP, IDLE);
723 		break;
724 	case EAP_DISCARD:
725 		SM_ENTER(EAP, IDLE);
726 		break;
727 	case EAP_IDENTITY:
728 		SM_ENTER(EAP, SEND_RESPONSE);
729 		break;
730 	case EAP_NOTIFICATION:
731 		SM_ENTER(EAP, SEND_RESPONSE);
732 		break;
733 	case EAP_RETRANSMIT:
734 		SM_ENTER(EAP, SEND_RESPONSE);
735 		break;
736 	case EAP_SUCCESS:
737 		break;
738 	case EAP_FAILURE:
739 		break;
740 	}
741 }
742 
743 
744 SM_STEP(EAP)
745 {
746 	/* Global transitions */
747 	if (eapol_get_bool(sm, EAPOL_eapRestart) &&
748 	    eapol_get_bool(sm, EAPOL_portEnabled))
749 		SM_ENTER_GLOBAL(EAP, INITIALIZE);
750 	else if (!eapol_get_bool(sm, EAPOL_portEnabled) || sm->force_disabled)
751 		SM_ENTER_GLOBAL(EAP, DISABLED);
752 	else if (sm->num_rounds > EAP_MAX_AUTH_ROUNDS) {
753 		/* RFC 4137 does not place any limit on number of EAP messages
754 		 * in an authentication session. However, some error cases have
755 		 * ended up in a state were EAP messages were sent between the
756 		 * peer and server in a loop (e.g., TLS ACK frame in both
757 		 * direction). Since this is quite undesired outcome, limit the
758 		 * total number of EAP round-trips and abort authentication if
759 		 * this limit is exceeded.
760 		 */
761 		if (sm->num_rounds == EAP_MAX_AUTH_ROUNDS + 1) {
762 			wpa_msg(sm->msg_ctx, MSG_INFO, "EAP: more than %d "
763 				"authentication rounds - abort",
764 				EAP_MAX_AUTH_ROUNDS);
765 			sm->num_rounds++;
766 			SM_ENTER_GLOBAL(EAP, FAILURE);
767 		}
768 	} else {
769 		/* Local transitions */
770 		eap_peer_sm_step_local(sm);
771 	}
772 }
773 
774 
775 static Boolean eap_sm_allowMethod(struct eap_sm *sm, int vendor,
776 				  EapType method)
777 {
778 	if (!eap_allowed_method(sm, vendor, method)) {
779 		wpa_printf(MSG_DEBUG, "EAP: configuration does not allow: "
780 			   "vendor %u method %u", vendor, method);
781 		return FALSE;
782 	}
783 	if (eap_peer_get_eap_method(vendor, method))
784 		return TRUE;
785 	wpa_printf(MSG_DEBUG, "EAP: not included in build: "
786 		   "vendor %u method %u", vendor, method);
787 	return FALSE;
788 }
789 
790 
791 static struct wpabuf * eap_sm_build_expanded_nak(
792 	struct eap_sm *sm, int id, const struct eap_method *methods,
793 	size_t count)
794 {
795 	struct wpabuf *resp;
796 	int found = 0;
797 	const struct eap_method *m;
798 
799 	wpa_printf(MSG_DEBUG, "EAP: Building expanded EAP-Nak");
800 
801 	/* RFC 3748 - 5.3.2: Expanded Nak */
802 	resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_EXPANDED,
803 			     8 + 8 * (count + 1), EAP_CODE_RESPONSE, id);
804 	if (resp == NULL)
805 		return NULL;
806 
807 	wpabuf_put_be24(resp, EAP_VENDOR_IETF);
808 	wpabuf_put_be32(resp, EAP_TYPE_NAK);
809 
810 	for (m = methods; m; m = m->next) {
811 		if (sm->reqVendor == m->vendor &&
812 		    sm->reqVendorMethod == m->method)
813 			continue; /* do not allow the current method again */
814 		if (eap_allowed_method(sm, m->vendor, m->method)) {
815 			wpa_printf(MSG_DEBUG, "EAP: allowed type: "
816 				   "vendor=%u method=%u",
817 				   m->vendor, m->method);
818 			wpabuf_put_u8(resp, EAP_TYPE_EXPANDED);
819 			wpabuf_put_be24(resp, m->vendor);
820 			wpabuf_put_be32(resp, m->method);
821 
822 			found++;
823 		}
824 	}
825 	if (!found) {
826 		wpa_printf(MSG_DEBUG, "EAP: no more allowed methods");
827 		wpabuf_put_u8(resp, EAP_TYPE_EXPANDED);
828 		wpabuf_put_be24(resp, EAP_VENDOR_IETF);
829 		wpabuf_put_be32(resp, EAP_TYPE_NONE);
830 	}
831 
832 	eap_update_len(resp);
833 
834 	return resp;
835 }
836 
837 
838 static struct wpabuf * eap_sm_buildNak(struct eap_sm *sm, int id)
839 {
840 	struct wpabuf *resp;
841 	u8 *start;
842 	int found = 0, expanded_found = 0;
843 	size_t count;
844 	const struct eap_method *methods, *m;
845 
846 	wpa_printf(MSG_DEBUG, "EAP: Building EAP-Nak (requested type %u "
847 		   "vendor=%u method=%u not allowed)", sm->reqMethod,
848 		   sm->reqVendor, sm->reqVendorMethod);
849 	methods = eap_peer_get_methods(&count);
850 	if (methods == NULL)
851 		return NULL;
852 	if (sm->reqMethod == EAP_TYPE_EXPANDED)
853 		return eap_sm_build_expanded_nak(sm, id, methods, count);
854 
855 	/* RFC 3748 - 5.3.1: Legacy Nak */
856 	resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_NAK,
857 			     sizeof(struct eap_hdr) + 1 + count + 1,
858 			     EAP_CODE_RESPONSE, id);
859 	if (resp == NULL)
860 		return NULL;
861 
862 	start = wpabuf_put(resp, 0);
863 	for (m = methods; m; m = m->next) {
864 		if (m->vendor == EAP_VENDOR_IETF && m->method == sm->reqMethod)
865 			continue; /* do not allow the current method again */
866 		if (eap_allowed_method(sm, m->vendor, m->method)) {
867 			if (m->vendor != EAP_VENDOR_IETF) {
868 				if (expanded_found)
869 					continue;
870 				expanded_found = 1;
871 				wpabuf_put_u8(resp, EAP_TYPE_EXPANDED);
872 			} else
873 				wpabuf_put_u8(resp, m->method);
874 			found++;
875 		}
876 	}
877 	if (!found)
878 		wpabuf_put_u8(resp, EAP_TYPE_NONE);
879 	wpa_hexdump(MSG_DEBUG, "EAP: allowed methods", start, found);
880 
881 	eap_update_len(resp);
882 
883 	return resp;
884 }
885 
886 
887 static void eap_sm_processIdentity(struct eap_sm *sm, const struct wpabuf *req)
888 {
889 	const u8 *pos;
890 	size_t msg_len;
891 
892 	wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_STARTED
893 		"EAP authentication started");
894 
895 	pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_IDENTITY, req,
896 			       &msg_len);
897 	if (pos == NULL)
898 		return;
899 
900 	/*
901 	 * RFC 3748 - 5.1: Identity
902 	 * Data field may contain a displayable message in UTF-8. If this
903 	 * includes NUL-character, only the data before that should be
904 	 * displayed. Some EAP implementasitons may piggy-back additional
905 	 * options after the NUL.
906 	 */
907 	/* TODO: could save displayable message so that it can be shown to the
908 	 * user in case of interaction is required */
909 	wpa_hexdump_ascii(MSG_DEBUG, "EAP: EAP-Request Identity data",
910 			  pos, msg_len);
911 }
912 
913 
914 #ifdef PCSC_FUNCS
915 
916 /*
917  * Rules for figuring out MNC length based on IMSI for SIM cards that do not
918  * include MNC length field.
919  */
920 static int mnc_len_from_imsi(const char *imsi)
921 {
922 	char mcc_str[4];
923 	unsigned int mcc;
924 
925 	os_memcpy(mcc_str, imsi, 3);
926 	mcc_str[3] = '\0';
927 	mcc = atoi(mcc_str);
928 
929 	if (mcc == 244)
930 		return 2; /* Networks in Finland use 2-digit MNC */
931 
932 	return -1;
933 }
934 
935 
936 static int eap_sm_append_3gpp_realm(struct eap_sm *sm, char *imsi,
937 				    size_t max_len, size_t *imsi_len)
938 {
939 	int mnc_len;
940 	char *pos, mnc[4];
941 
942 	if (*imsi_len + 36 > max_len) {
943 		wpa_printf(MSG_WARNING, "No room for realm in IMSI buffer");
944 		return -1;
945 	}
946 
947 	/* MNC (2 or 3 digits) */
948 	mnc_len = scard_get_mnc_len(sm->scard_ctx);
949 	if (mnc_len < 0)
950 		mnc_len = mnc_len_from_imsi(imsi);
951 	if (mnc_len < 0) {
952 		wpa_printf(MSG_INFO, "Failed to get MNC length from (U)SIM "
953 			   "assuming 3");
954 		mnc_len = 3;
955 	}
956 
957 	if (mnc_len == 2) {
958 		mnc[0] = '0';
959 		mnc[1] = imsi[3];
960 		mnc[2] = imsi[4];
961 	} else if (mnc_len == 3) {
962 		mnc[0] = imsi[3];
963 		mnc[1] = imsi[4];
964 		mnc[2] = imsi[5];
965 	}
966 	mnc[3] = '\0';
967 
968 	pos = imsi + *imsi_len;
969 	pos += os_snprintf(pos, imsi + max_len - pos,
970 			   "@wlan.mnc%s.mcc%c%c%c.3gppnetwork.org",
971 			   mnc, imsi[0], imsi[1], imsi[2]);
972 	*imsi_len = pos - imsi;
973 
974 	return 0;
975 }
976 
977 
978 static int eap_sm_imsi_identity(struct eap_sm *sm,
979 				struct eap_peer_config *conf)
980 {
981 	enum { EAP_SM_SIM, EAP_SM_AKA, EAP_SM_AKA_PRIME } method = EAP_SM_SIM;
982 	char imsi[100];
983 	size_t imsi_len;
984 	struct eap_method_type *m = conf->eap_methods;
985 	int i;
986 
987 	imsi_len = sizeof(imsi);
988 	if (scard_get_imsi(sm->scard_ctx, imsi, &imsi_len)) {
989 		wpa_printf(MSG_WARNING, "Failed to get IMSI from SIM");
990 		return -1;
991 	}
992 
993 	wpa_hexdump_ascii(MSG_DEBUG, "IMSI", (u8 *) imsi, imsi_len);
994 
995 	if (imsi_len < 7) {
996 		wpa_printf(MSG_WARNING, "Too short IMSI for SIM identity");
997 		return -1;
998 	}
999 
1000 	if (eap_sm_append_3gpp_realm(sm, imsi, sizeof(imsi), &imsi_len) < 0) {
1001 		wpa_printf(MSG_WARNING, "Could not add realm to SIM identity");
1002 		return -1;
1003 	}
1004 	wpa_hexdump_ascii(MSG_DEBUG, "IMSI + realm", (u8 *) imsi, imsi_len);
1005 
1006 	for (i = 0; m && (m[i].vendor != EAP_VENDOR_IETF ||
1007 			  m[i].method != EAP_TYPE_NONE); i++) {
1008 		if (m[i].vendor == EAP_VENDOR_IETF &&
1009 		    m[i].method == EAP_TYPE_AKA_PRIME) {
1010 			method = EAP_SM_AKA_PRIME;
1011 			break;
1012 		}
1013 
1014 		if (m[i].vendor == EAP_VENDOR_IETF &&
1015 		    m[i].method == EAP_TYPE_AKA) {
1016 			method = EAP_SM_AKA;
1017 			break;
1018 		}
1019 	}
1020 
1021 	os_free(conf->identity);
1022 	conf->identity = os_malloc(1 + imsi_len);
1023 	if (conf->identity == NULL) {
1024 		wpa_printf(MSG_WARNING, "Failed to allocate buffer for "
1025 			   "IMSI-based identity");
1026 		return -1;
1027 	}
1028 
1029 	switch (method) {
1030 	case EAP_SM_SIM:
1031 		conf->identity[0] = '1';
1032 		break;
1033 	case EAP_SM_AKA:
1034 		conf->identity[0] = '0';
1035 		break;
1036 	case EAP_SM_AKA_PRIME:
1037 		conf->identity[0] = '6';
1038 		break;
1039 	}
1040 	os_memcpy(conf->identity + 1, imsi, imsi_len);
1041 	conf->identity_len = 1 + imsi_len;
1042 
1043 	return 0;
1044 }
1045 
1046 #endif /* PCSC_FUNCS */
1047 
1048 
1049 static int eap_sm_set_scard_pin(struct eap_sm *sm,
1050 				struct eap_peer_config *conf)
1051 {
1052 #ifdef PCSC_FUNCS
1053 	if (scard_set_pin(sm->scard_ctx, conf->pin)) {
1054 		/*
1055 		 * Make sure the same PIN is not tried again in order to avoid
1056 		 * blocking SIM.
1057 		 */
1058 		os_free(conf->pin);
1059 		conf->pin = NULL;
1060 
1061 		wpa_printf(MSG_WARNING, "PIN validation failed");
1062 		eap_sm_request_pin(sm);
1063 		return -1;
1064 	}
1065 	return 0;
1066 #else /* PCSC_FUNCS */
1067 	return -1;
1068 #endif /* PCSC_FUNCS */
1069 }
1070 
1071 static int eap_sm_get_scard_identity(struct eap_sm *sm,
1072 				     struct eap_peer_config *conf)
1073 {
1074 #ifdef PCSC_FUNCS
1075 	if (eap_sm_set_scard_pin(sm, conf))
1076 		return -1;
1077 
1078 	return eap_sm_imsi_identity(sm, conf);
1079 #else /* PCSC_FUNCS */
1080 	return -1;
1081 #endif /* PCSC_FUNCS */
1082 }
1083 
1084 
1085 /**
1086  * eap_sm_buildIdentity - Build EAP-Identity/Response for the current network
1087  * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1088  * @id: EAP identifier for the packet
1089  * @encrypted: Whether the packet is for encrypted tunnel (EAP phase 2)
1090  * Returns: Pointer to the allocated EAP-Identity/Response packet or %NULL on
1091  * failure
1092  *
1093  * This function allocates and builds an EAP-Identity/Response packet for the
1094  * current network. The caller is responsible for freeing the returned data.
1095  */
1096 struct wpabuf * eap_sm_buildIdentity(struct eap_sm *sm, int id, int encrypted)
1097 {
1098 	struct eap_peer_config *config = eap_get_config(sm);
1099 	struct wpabuf *resp;
1100 	const u8 *identity;
1101 	size_t identity_len;
1102 
1103 	if (config == NULL) {
1104 		wpa_printf(MSG_WARNING, "EAP: buildIdentity: configuration "
1105 			   "was not available");
1106 		return NULL;
1107 	}
1108 
1109 	if (sm->m && sm->m->get_identity &&
1110 	    (identity = sm->m->get_identity(sm, sm->eap_method_priv,
1111 					    &identity_len)) != NULL) {
1112 		wpa_hexdump_ascii(MSG_DEBUG, "EAP: using method re-auth "
1113 				  "identity", identity, identity_len);
1114 	} else if (!encrypted && config->anonymous_identity) {
1115 		identity = config->anonymous_identity;
1116 		identity_len = config->anonymous_identity_len;
1117 		wpa_hexdump_ascii(MSG_DEBUG, "EAP: using anonymous identity",
1118 				  identity, identity_len);
1119 	} else {
1120 		identity = config->identity;
1121 		identity_len = config->identity_len;
1122 		wpa_hexdump_ascii(MSG_DEBUG, "EAP: using real identity",
1123 				  identity, identity_len);
1124 	}
1125 
1126 	if (identity == NULL) {
1127 		wpa_printf(MSG_WARNING, "EAP: buildIdentity: identity "
1128 			   "configuration was not available");
1129 		if (config->pcsc) {
1130 			if (eap_sm_get_scard_identity(sm, config) < 0)
1131 				return NULL;
1132 			identity = config->identity;
1133 			identity_len = config->identity_len;
1134 			wpa_hexdump_ascii(MSG_DEBUG, "permanent identity from "
1135 					  "IMSI", identity, identity_len);
1136 		} else {
1137 			eap_sm_request_identity(sm);
1138 			return NULL;
1139 		}
1140 	} else if (config->pcsc) {
1141 		if (eap_sm_set_scard_pin(sm, config) < 0)
1142 			return NULL;
1143 	}
1144 
1145 	resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_IDENTITY, identity_len,
1146 			     EAP_CODE_RESPONSE, id);
1147 	if (resp == NULL)
1148 		return NULL;
1149 
1150 	wpabuf_put_data(resp, identity, identity_len);
1151 
1152 	return resp;
1153 }
1154 
1155 
1156 static void eap_sm_processNotify(struct eap_sm *sm, const struct wpabuf *req)
1157 {
1158 	const u8 *pos;
1159 	char *msg;
1160 	size_t i, msg_len;
1161 
1162 	pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_NOTIFICATION, req,
1163 			       &msg_len);
1164 	if (pos == NULL)
1165 		return;
1166 	wpa_hexdump_ascii(MSG_DEBUG, "EAP: EAP-Request Notification data",
1167 			  pos, msg_len);
1168 
1169 	msg = os_malloc(msg_len + 1);
1170 	if (msg == NULL)
1171 		return;
1172 	for (i = 0; i < msg_len; i++)
1173 		msg[i] = isprint(pos[i]) ? (char) pos[i] : '_';
1174 	msg[msg_len] = '\0';
1175 	wpa_msg(sm->msg_ctx, MSG_INFO, "%s%s",
1176 		WPA_EVENT_EAP_NOTIFICATION, msg);
1177 	os_free(msg);
1178 }
1179 
1180 
1181 static struct wpabuf * eap_sm_buildNotify(int id)
1182 {
1183 	struct wpabuf *resp;
1184 
1185 	wpa_printf(MSG_DEBUG, "EAP: Generating EAP-Response Notification");
1186 	resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_NOTIFICATION, 0,
1187 			     EAP_CODE_RESPONSE, id);
1188 	if (resp == NULL)
1189 		return NULL;
1190 
1191 	return resp;
1192 }
1193 
1194 
1195 static void eap_sm_parseEapReq(struct eap_sm *sm, const struct wpabuf *req)
1196 {
1197 	const struct eap_hdr *hdr;
1198 	size_t plen;
1199 	const u8 *pos;
1200 
1201 	sm->rxReq = sm->rxResp = sm->rxSuccess = sm->rxFailure = FALSE;
1202 	sm->reqId = 0;
1203 	sm->reqMethod = EAP_TYPE_NONE;
1204 	sm->reqVendor = EAP_VENDOR_IETF;
1205 	sm->reqVendorMethod = EAP_TYPE_NONE;
1206 
1207 	if (req == NULL || wpabuf_len(req) < sizeof(*hdr))
1208 		return;
1209 
1210 	hdr = wpabuf_head(req);
1211 	plen = be_to_host16(hdr->length);
1212 	if (plen > wpabuf_len(req)) {
1213 		wpa_printf(MSG_DEBUG, "EAP: Ignored truncated EAP-Packet "
1214 			   "(len=%lu plen=%lu)",
1215 			   (unsigned long) wpabuf_len(req),
1216 			   (unsigned long) plen);
1217 		return;
1218 	}
1219 
1220 	sm->reqId = hdr->identifier;
1221 
1222 	if (sm->workaround) {
1223 		const u8 *addr[1];
1224 		addr[0] = wpabuf_head(req);
1225 		md5_vector(1, addr, &plen, sm->req_md5);
1226 	}
1227 
1228 	switch (hdr->code) {
1229 	case EAP_CODE_REQUEST:
1230 		if (plen < sizeof(*hdr) + 1) {
1231 			wpa_printf(MSG_DEBUG, "EAP: Too short EAP-Request - "
1232 				   "no Type field");
1233 			return;
1234 		}
1235 		sm->rxReq = TRUE;
1236 		pos = (const u8 *) (hdr + 1);
1237 		sm->reqMethod = *pos++;
1238 		if (sm->reqMethod == EAP_TYPE_EXPANDED) {
1239 			if (plen < sizeof(*hdr) + 8) {
1240 				wpa_printf(MSG_DEBUG, "EAP: Ignored truncated "
1241 					   "expanded EAP-Packet (plen=%lu)",
1242 					   (unsigned long) plen);
1243 				return;
1244 			}
1245 			sm->reqVendor = WPA_GET_BE24(pos);
1246 			pos += 3;
1247 			sm->reqVendorMethod = WPA_GET_BE32(pos);
1248 		}
1249 		wpa_printf(MSG_DEBUG, "EAP: Received EAP-Request id=%d "
1250 			   "method=%u vendor=%u vendorMethod=%u",
1251 			   sm->reqId, sm->reqMethod, sm->reqVendor,
1252 			   sm->reqVendorMethod);
1253 		break;
1254 	case EAP_CODE_RESPONSE:
1255 		if (sm->selectedMethod == EAP_TYPE_LEAP) {
1256 			/*
1257 			 * LEAP differs from RFC 4137 by using reversed roles
1258 			 * for mutual authentication and because of this, we
1259 			 * need to accept EAP-Response frames if LEAP is used.
1260 			 */
1261 			if (plen < sizeof(*hdr) + 1) {
1262 				wpa_printf(MSG_DEBUG, "EAP: Too short "
1263 					   "EAP-Response - no Type field");
1264 				return;
1265 			}
1266 			sm->rxResp = TRUE;
1267 			pos = (const u8 *) (hdr + 1);
1268 			sm->reqMethod = *pos;
1269 			wpa_printf(MSG_DEBUG, "EAP: Received EAP-Response for "
1270 				   "LEAP method=%d id=%d",
1271 				   sm->reqMethod, sm->reqId);
1272 			break;
1273 		}
1274 		wpa_printf(MSG_DEBUG, "EAP: Ignored EAP-Response");
1275 		break;
1276 	case EAP_CODE_SUCCESS:
1277 		wpa_printf(MSG_DEBUG, "EAP: Received EAP-Success");
1278 		eap_notify_status(sm, "completion", "success");
1279 		sm->rxSuccess = TRUE;
1280 		break;
1281 	case EAP_CODE_FAILURE:
1282 		wpa_printf(MSG_DEBUG, "EAP: Received EAP-Failure");
1283 		eap_notify_status(sm, "completion", "failure");
1284 		sm->rxFailure = TRUE;
1285 		break;
1286 	default:
1287 		wpa_printf(MSG_DEBUG, "EAP: Ignored EAP-Packet with unknown "
1288 			   "code %d", hdr->code);
1289 		break;
1290 	}
1291 }
1292 
1293 
1294 static void eap_peer_sm_tls_event(void *ctx, enum tls_event ev,
1295 				  union tls_event_data *data)
1296 {
1297 	struct eap_sm *sm = ctx;
1298 	char *hash_hex = NULL;
1299 
1300 	switch (ev) {
1301 	case TLS_CERT_CHAIN_SUCCESS:
1302 		eap_notify_status(sm, "remote certificate verification",
1303 				  "success");
1304 		break;
1305 	case TLS_CERT_CHAIN_FAILURE:
1306 		wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_TLS_CERT_ERROR
1307 			"reason=%d depth=%d subject='%s' err='%s'",
1308 			data->cert_fail.reason,
1309 			data->cert_fail.depth,
1310 			data->cert_fail.subject,
1311 			data->cert_fail.reason_txt);
1312 		eap_notify_status(sm, "remote certificate verification",
1313 				  data->cert_fail.reason_txt);
1314 		break;
1315 	case TLS_PEER_CERTIFICATE:
1316 		if (!sm->eapol_cb->notify_cert)
1317 			break;
1318 
1319 		if (data->peer_cert.hash) {
1320 			size_t len = data->peer_cert.hash_len * 2 + 1;
1321 			hash_hex = os_malloc(len);
1322 			if (hash_hex) {
1323 				wpa_snprintf_hex(hash_hex, len,
1324 						 data->peer_cert.hash,
1325 						 data->peer_cert.hash_len);
1326 			}
1327 		}
1328 
1329 		sm->eapol_cb->notify_cert(sm->eapol_ctx,
1330 					  data->peer_cert.depth,
1331 					  data->peer_cert.subject,
1332 					  hash_hex, data->peer_cert.cert);
1333 		break;
1334 	case TLS_ALERT:
1335 		if (data->alert.is_local)
1336 			eap_notify_status(sm, "local TLS alert",
1337 					  data->alert.description);
1338 		else
1339 			eap_notify_status(sm, "remote TLS alert",
1340 					  data->alert.description);
1341 		break;
1342 	}
1343 
1344 	os_free(hash_hex);
1345 }
1346 
1347 
1348 /**
1349  * eap_peer_sm_init - Allocate and initialize EAP peer state machine
1350  * @eapol_ctx: Context data to be used with eapol_cb calls
1351  * @eapol_cb: Pointer to EAPOL callback functions
1352  * @msg_ctx: Context data for wpa_msg() calls
1353  * @conf: EAP configuration
1354  * Returns: Pointer to the allocated EAP state machine or %NULL on failure
1355  *
1356  * This function allocates and initializes an EAP state machine. In addition,
1357  * this initializes TLS library for the new EAP state machine. eapol_cb pointer
1358  * will be in use until eap_peer_sm_deinit() is used to deinitialize this EAP
1359  * state machine. Consequently, the caller must make sure that this data
1360  * structure remains alive while the EAP state machine is active.
1361  */
1362 struct eap_sm * eap_peer_sm_init(void *eapol_ctx,
1363 				 struct eapol_callbacks *eapol_cb,
1364 				 void *msg_ctx, struct eap_config *conf)
1365 {
1366 	struct eap_sm *sm;
1367 	struct tls_config tlsconf;
1368 
1369 	sm = os_zalloc(sizeof(*sm));
1370 	if (sm == NULL)
1371 		return NULL;
1372 	sm->eapol_ctx = eapol_ctx;
1373 	sm->eapol_cb = eapol_cb;
1374 	sm->msg_ctx = msg_ctx;
1375 	sm->ClientTimeout = EAP_CLIENT_TIMEOUT_DEFAULT;
1376 	sm->wps = conf->wps;
1377 
1378 	os_memset(&tlsconf, 0, sizeof(tlsconf));
1379 	tlsconf.opensc_engine_path = conf->opensc_engine_path;
1380 	tlsconf.pkcs11_engine_path = conf->pkcs11_engine_path;
1381 	tlsconf.pkcs11_module_path = conf->pkcs11_module_path;
1382 #ifdef CONFIG_FIPS
1383 	tlsconf.fips_mode = 1;
1384 #endif /* CONFIG_FIPS */
1385 	tlsconf.event_cb = eap_peer_sm_tls_event;
1386 	tlsconf.cb_ctx = sm;
1387 	tlsconf.cert_in_cb = conf->cert_in_cb;
1388 	sm->ssl_ctx = tls_init(&tlsconf);
1389 	if (sm->ssl_ctx == NULL) {
1390 		wpa_printf(MSG_WARNING, "SSL: Failed to initialize TLS "
1391 			   "context.");
1392 		os_free(sm);
1393 		return NULL;
1394 	}
1395 
1396 	sm->ssl_ctx2 = tls_init(&tlsconf);
1397 	if (sm->ssl_ctx2 == NULL) {
1398 		wpa_printf(MSG_INFO, "SSL: Failed to initialize TLS "
1399 			   "context (2).");
1400 		/* Run without separate TLS context within TLS tunnel */
1401 	}
1402 
1403 	return sm;
1404 }
1405 
1406 
1407 /**
1408  * eap_peer_sm_deinit - Deinitialize and free an EAP peer state machine
1409  * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1410  *
1411  * This function deinitializes EAP state machine and frees all allocated
1412  * resources.
1413  */
1414 void eap_peer_sm_deinit(struct eap_sm *sm)
1415 {
1416 	if (sm == NULL)
1417 		return;
1418 	eap_deinit_prev_method(sm, "EAP deinit");
1419 	eap_sm_abort(sm);
1420 	if (sm->ssl_ctx2)
1421 		tls_deinit(sm->ssl_ctx2);
1422 	tls_deinit(sm->ssl_ctx);
1423 	os_free(sm);
1424 }
1425 
1426 
1427 /**
1428  * eap_peer_sm_step - Step EAP peer state machine
1429  * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1430  * Returns: 1 if EAP state was changed or 0 if not
1431  *
1432  * This function advances EAP state machine to a new state to match with the
1433  * current variables. This should be called whenever variables used by the EAP
1434  * state machine have changed.
1435  */
1436 int eap_peer_sm_step(struct eap_sm *sm)
1437 {
1438 	int res = 0;
1439 	do {
1440 		sm->changed = FALSE;
1441 		SM_STEP_RUN(EAP);
1442 		if (sm->changed)
1443 			res = 1;
1444 	} while (sm->changed);
1445 	return res;
1446 }
1447 
1448 
1449 /**
1450  * eap_sm_abort - Abort EAP authentication
1451  * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1452  *
1453  * Release system resources that have been allocated for the authentication
1454  * session without fully deinitializing the EAP state machine.
1455  */
1456 void eap_sm_abort(struct eap_sm *sm)
1457 {
1458 	wpabuf_free(sm->lastRespData);
1459 	sm->lastRespData = NULL;
1460 	wpabuf_free(sm->eapRespData);
1461 	sm->eapRespData = NULL;
1462 	os_free(sm->eapKeyData);
1463 	sm->eapKeyData = NULL;
1464 
1465 	/* This is not clearly specified in the EAP statemachines draft, but
1466 	 * it seems necessary to make sure that some of the EAPOL variables get
1467 	 * cleared for the next authentication. */
1468 	eapol_set_bool(sm, EAPOL_eapSuccess, FALSE);
1469 }
1470 
1471 
1472 #ifdef CONFIG_CTRL_IFACE
1473 static const char * eap_sm_state_txt(int state)
1474 {
1475 	switch (state) {
1476 	case EAP_INITIALIZE:
1477 		return "INITIALIZE";
1478 	case EAP_DISABLED:
1479 		return "DISABLED";
1480 	case EAP_IDLE:
1481 		return "IDLE";
1482 	case EAP_RECEIVED:
1483 		return "RECEIVED";
1484 	case EAP_GET_METHOD:
1485 		return "GET_METHOD";
1486 	case EAP_METHOD:
1487 		return "METHOD";
1488 	case EAP_SEND_RESPONSE:
1489 		return "SEND_RESPONSE";
1490 	case EAP_DISCARD:
1491 		return "DISCARD";
1492 	case EAP_IDENTITY:
1493 		return "IDENTITY";
1494 	case EAP_NOTIFICATION:
1495 		return "NOTIFICATION";
1496 	case EAP_RETRANSMIT:
1497 		return "RETRANSMIT";
1498 	case EAP_SUCCESS:
1499 		return "SUCCESS";
1500 	case EAP_FAILURE:
1501 		return "FAILURE";
1502 	default:
1503 		return "UNKNOWN";
1504 	}
1505 }
1506 #endif /* CONFIG_CTRL_IFACE */
1507 
1508 
1509 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
1510 static const char * eap_sm_method_state_txt(EapMethodState state)
1511 {
1512 	switch (state) {
1513 	case METHOD_NONE:
1514 		return "NONE";
1515 	case METHOD_INIT:
1516 		return "INIT";
1517 	case METHOD_CONT:
1518 		return "CONT";
1519 	case METHOD_MAY_CONT:
1520 		return "MAY_CONT";
1521 	case METHOD_DONE:
1522 		return "DONE";
1523 	default:
1524 		return "UNKNOWN";
1525 	}
1526 }
1527 
1528 
1529 static const char * eap_sm_decision_txt(EapDecision decision)
1530 {
1531 	switch (decision) {
1532 	case DECISION_FAIL:
1533 		return "FAIL";
1534 	case DECISION_COND_SUCC:
1535 		return "COND_SUCC";
1536 	case DECISION_UNCOND_SUCC:
1537 		return "UNCOND_SUCC";
1538 	default:
1539 		return "UNKNOWN";
1540 	}
1541 }
1542 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
1543 
1544 
1545 #ifdef CONFIG_CTRL_IFACE
1546 
1547 /**
1548  * eap_sm_get_status - Get EAP state machine status
1549  * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1550  * @buf: Buffer for status information
1551  * @buflen: Maximum buffer length
1552  * @verbose: Whether to include verbose status information
1553  * Returns: Number of bytes written to buf.
1554  *
1555  * Query EAP state machine for status information. This function fills in a
1556  * text area with current status information from the EAPOL state machine. If
1557  * the buffer (buf) is not large enough, status information will be truncated
1558  * to fit the buffer.
1559  */
1560 int eap_sm_get_status(struct eap_sm *sm, char *buf, size_t buflen, int verbose)
1561 {
1562 	int len, ret;
1563 
1564 	if (sm == NULL)
1565 		return 0;
1566 
1567 	len = os_snprintf(buf, buflen,
1568 			  "EAP state=%s\n",
1569 			  eap_sm_state_txt(sm->EAP_state));
1570 	if (len < 0 || (size_t) len >= buflen)
1571 		return 0;
1572 
1573 	if (sm->selectedMethod != EAP_TYPE_NONE) {
1574 		const char *name;
1575 		if (sm->m) {
1576 			name = sm->m->name;
1577 		} else {
1578 			const struct eap_method *m =
1579 				eap_peer_get_eap_method(EAP_VENDOR_IETF,
1580 							sm->selectedMethod);
1581 			if (m)
1582 				name = m->name;
1583 			else
1584 				name = "?";
1585 		}
1586 		ret = os_snprintf(buf + len, buflen - len,
1587 				  "selectedMethod=%d (EAP-%s)\n",
1588 				  sm->selectedMethod, name);
1589 		if (ret < 0 || (size_t) ret >= buflen - len)
1590 			return len;
1591 		len += ret;
1592 
1593 		if (sm->m && sm->m->get_status) {
1594 			len += sm->m->get_status(sm, sm->eap_method_priv,
1595 						 buf + len, buflen - len,
1596 						 verbose);
1597 		}
1598 	}
1599 
1600 	if (verbose) {
1601 		ret = os_snprintf(buf + len, buflen - len,
1602 				  "reqMethod=%d\n"
1603 				  "methodState=%s\n"
1604 				  "decision=%s\n"
1605 				  "ClientTimeout=%d\n",
1606 				  sm->reqMethod,
1607 				  eap_sm_method_state_txt(sm->methodState),
1608 				  eap_sm_decision_txt(sm->decision),
1609 				  sm->ClientTimeout);
1610 		if (ret < 0 || (size_t) ret >= buflen - len)
1611 			return len;
1612 		len += ret;
1613 	}
1614 
1615 	return len;
1616 }
1617 #endif /* CONFIG_CTRL_IFACE */
1618 
1619 
1620 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
1621 static void eap_sm_request(struct eap_sm *sm, enum wpa_ctrl_req_type field,
1622 			   const char *msg, size_t msglen)
1623 {
1624 	struct eap_peer_config *config;
1625 	char *txt = NULL, *tmp;
1626 
1627 	if (sm == NULL)
1628 		return;
1629 	config = eap_get_config(sm);
1630 	if (config == NULL)
1631 		return;
1632 
1633 	switch (field) {
1634 	case WPA_CTRL_REQ_EAP_IDENTITY:
1635 		config->pending_req_identity++;
1636 		break;
1637 	case WPA_CTRL_REQ_EAP_PASSWORD:
1638 		config->pending_req_password++;
1639 		break;
1640 	case WPA_CTRL_REQ_EAP_NEW_PASSWORD:
1641 		config->pending_req_new_password++;
1642 		break;
1643 	case WPA_CTRL_REQ_EAP_PIN:
1644 		config->pending_req_pin++;
1645 		break;
1646 	case WPA_CTRL_REQ_EAP_OTP:
1647 		if (msg) {
1648 			tmp = os_malloc(msglen + 3);
1649 			if (tmp == NULL)
1650 				return;
1651 			tmp[0] = '[';
1652 			os_memcpy(tmp + 1, msg, msglen);
1653 			tmp[msglen + 1] = ']';
1654 			tmp[msglen + 2] = '\0';
1655 			txt = tmp;
1656 			os_free(config->pending_req_otp);
1657 			config->pending_req_otp = tmp;
1658 			config->pending_req_otp_len = msglen + 3;
1659 		} else {
1660 			if (config->pending_req_otp == NULL)
1661 				return;
1662 			txt = config->pending_req_otp;
1663 		}
1664 		break;
1665 	case WPA_CTRL_REQ_EAP_PASSPHRASE:
1666 		config->pending_req_passphrase++;
1667 		break;
1668 	default:
1669 		return;
1670 	}
1671 
1672 	if (sm->eapol_cb->eap_param_needed)
1673 		sm->eapol_cb->eap_param_needed(sm->eapol_ctx, field, txt);
1674 }
1675 #else /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
1676 #define eap_sm_request(sm, type, msg, msglen) do { } while (0)
1677 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
1678 
1679 const char * eap_sm_get_method_name(struct eap_sm *sm)
1680 {
1681 	if (sm->m == NULL)
1682 		return "UNKNOWN";
1683 	return sm->m->name;
1684 }
1685 
1686 
1687 /**
1688  * eap_sm_request_identity - Request identity from user (ctrl_iface)
1689  * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1690  *
1691  * EAP methods can call this function to request identity information for the
1692  * current network. This is normally called when the identity is not included
1693  * in the network configuration. The request will be sent to monitor programs
1694  * through the control interface.
1695  */
1696 void eap_sm_request_identity(struct eap_sm *sm)
1697 {
1698 	eap_sm_request(sm, WPA_CTRL_REQ_EAP_IDENTITY, NULL, 0);
1699 }
1700 
1701 
1702 /**
1703  * eap_sm_request_password - Request password from user (ctrl_iface)
1704  * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1705  *
1706  * EAP methods can call this function to request password information for the
1707  * current network. This is normally called when the password is not included
1708  * in the network configuration. The request will be sent to monitor programs
1709  * through the control interface.
1710  */
1711 void eap_sm_request_password(struct eap_sm *sm)
1712 {
1713 	eap_sm_request(sm, WPA_CTRL_REQ_EAP_PASSWORD, NULL, 0);
1714 }
1715 
1716 
1717 /**
1718  * eap_sm_request_new_password - Request new password from user (ctrl_iface)
1719  * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1720  *
1721  * EAP methods can call this function to request new password information for
1722  * the current network. This is normally called when the EAP method indicates
1723  * that the current password has expired and password change is required. The
1724  * request will be sent to monitor programs through the control interface.
1725  */
1726 void eap_sm_request_new_password(struct eap_sm *sm)
1727 {
1728 	eap_sm_request(sm, WPA_CTRL_REQ_EAP_NEW_PASSWORD, NULL, 0);
1729 }
1730 
1731 
1732 /**
1733  * eap_sm_request_pin - Request SIM or smart card PIN from user (ctrl_iface)
1734  * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1735  *
1736  * EAP methods can call this function to request SIM or smart card PIN
1737  * information for the current network. This is normally called when the PIN is
1738  * not included in the network configuration. The request will be sent to
1739  * monitor programs through the control interface.
1740  */
1741 void eap_sm_request_pin(struct eap_sm *sm)
1742 {
1743 	eap_sm_request(sm, WPA_CTRL_REQ_EAP_PIN, NULL, 0);
1744 }
1745 
1746 
1747 /**
1748  * eap_sm_request_otp - Request one time password from user (ctrl_iface)
1749  * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1750  * @msg: Message to be displayed to the user when asking for OTP
1751  * @msg_len: Length of the user displayable message
1752  *
1753  * EAP methods can call this function to request open time password (OTP) for
1754  * the current network. The request will be sent to monitor programs through
1755  * the control interface.
1756  */
1757 void eap_sm_request_otp(struct eap_sm *sm, const char *msg, size_t msg_len)
1758 {
1759 	eap_sm_request(sm, WPA_CTRL_REQ_EAP_OTP, msg, msg_len);
1760 }
1761 
1762 
1763 /**
1764  * eap_sm_request_passphrase - Request passphrase from user (ctrl_iface)
1765  * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1766  *
1767  * EAP methods can call this function to request passphrase for a private key
1768  * for the current network. This is normally called when the passphrase is not
1769  * included in the network configuration. The request will be sent to monitor
1770  * programs through the control interface.
1771  */
1772 void eap_sm_request_passphrase(struct eap_sm *sm)
1773 {
1774 	eap_sm_request(sm, WPA_CTRL_REQ_EAP_PASSPHRASE, NULL, 0);
1775 }
1776 
1777 
1778 /**
1779  * eap_sm_notify_ctrl_attached - Notification of attached monitor
1780  * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1781  *
1782  * Notify EAP state machines that a monitor was attached to the control
1783  * interface to trigger re-sending of pending requests for user input.
1784  */
1785 void eap_sm_notify_ctrl_attached(struct eap_sm *sm)
1786 {
1787 	struct eap_peer_config *config = eap_get_config(sm);
1788 
1789 	if (config == NULL)
1790 		return;
1791 
1792 	/* Re-send any pending requests for user data since a new control
1793 	 * interface was added. This handles cases where the EAP authentication
1794 	 * starts immediately after system startup when the user interface is
1795 	 * not yet running. */
1796 	if (config->pending_req_identity)
1797 		eap_sm_request_identity(sm);
1798 	if (config->pending_req_password)
1799 		eap_sm_request_password(sm);
1800 	if (config->pending_req_new_password)
1801 		eap_sm_request_new_password(sm);
1802 	if (config->pending_req_otp)
1803 		eap_sm_request_otp(sm, NULL, 0);
1804 	if (config->pending_req_pin)
1805 		eap_sm_request_pin(sm);
1806 	if (config->pending_req_passphrase)
1807 		eap_sm_request_passphrase(sm);
1808 }
1809 
1810 
1811 static int eap_allowed_phase2_type(int vendor, int type)
1812 {
1813 	if (vendor != EAP_VENDOR_IETF)
1814 		return 0;
1815 	return type != EAP_TYPE_PEAP && type != EAP_TYPE_TTLS &&
1816 		type != EAP_TYPE_FAST;
1817 }
1818 
1819 
1820 /**
1821  * eap_get_phase2_type - Get EAP type for the given EAP phase 2 method name
1822  * @name: EAP method name, e.g., MD5
1823  * @vendor: Buffer for returning EAP Vendor-Id
1824  * Returns: EAP method type or %EAP_TYPE_NONE if not found
1825  *
1826  * This function maps EAP type names into EAP type numbers that are allowed for
1827  * Phase 2, i.e., for tunneled authentication. Phase 2 is used, e.g., with
1828  * EAP-PEAP, EAP-TTLS, and EAP-FAST.
1829  */
1830 u32 eap_get_phase2_type(const char *name, int *vendor)
1831 {
1832 	int v;
1833 	u8 type = eap_peer_get_type(name, &v);
1834 	if (eap_allowed_phase2_type(v, type)) {
1835 		*vendor = v;
1836 		return type;
1837 	}
1838 	*vendor = EAP_VENDOR_IETF;
1839 	return EAP_TYPE_NONE;
1840 }
1841 
1842 
1843 /**
1844  * eap_get_phase2_types - Get list of allowed EAP phase 2 types
1845  * @config: Pointer to a network configuration
1846  * @count: Pointer to a variable to be filled with number of returned EAP types
1847  * Returns: Pointer to allocated type list or %NULL on failure
1848  *
1849  * This function generates an array of allowed EAP phase 2 (tunneled) types for
1850  * the given network configuration.
1851  */
1852 struct eap_method_type * eap_get_phase2_types(struct eap_peer_config *config,
1853 					      size_t *count)
1854 {
1855 	struct eap_method_type *buf;
1856 	u32 method;
1857 	int vendor;
1858 	size_t mcount;
1859 	const struct eap_method *methods, *m;
1860 
1861 	methods = eap_peer_get_methods(&mcount);
1862 	if (methods == NULL)
1863 		return NULL;
1864 	*count = 0;
1865 	buf = os_malloc(mcount * sizeof(struct eap_method_type));
1866 	if (buf == NULL)
1867 		return NULL;
1868 
1869 	for (m = methods; m; m = m->next) {
1870 		vendor = m->vendor;
1871 		method = m->method;
1872 		if (eap_allowed_phase2_type(vendor, method)) {
1873 			if (vendor == EAP_VENDOR_IETF &&
1874 			    method == EAP_TYPE_TLS && config &&
1875 			    config->private_key2 == NULL)
1876 				continue;
1877 			buf[*count].vendor = vendor;
1878 			buf[*count].method = method;
1879 			(*count)++;
1880 		}
1881 	}
1882 
1883 	return buf;
1884 }
1885 
1886 
1887 /**
1888  * eap_set_fast_reauth - Update fast_reauth setting
1889  * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1890  * @enabled: 1 = Fast reauthentication is enabled, 0 = Disabled
1891  */
1892 void eap_set_fast_reauth(struct eap_sm *sm, int enabled)
1893 {
1894 	sm->fast_reauth = enabled;
1895 }
1896 
1897 
1898 /**
1899  * eap_set_workaround - Update EAP workarounds setting
1900  * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1901  * @workaround: 1 = Enable EAP workarounds, 0 = Disable EAP workarounds
1902  */
1903 void eap_set_workaround(struct eap_sm *sm, unsigned int workaround)
1904 {
1905 	sm->workaround = workaround;
1906 }
1907 
1908 
1909 /**
1910  * eap_get_config - Get current network configuration
1911  * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1912  * Returns: Pointer to the current network configuration or %NULL if not found
1913  *
1914  * EAP peer methods should avoid using this function if they can use other
1915  * access functions, like eap_get_config_identity() and
1916  * eap_get_config_password(), that do not require direct access to
1917  * struct eap_peer_config.
1918  */
1919 struct eap_peer_config * eap_get_config(struct eap_sm *sm)
1920 {
1921 	return sm->eapol_cb->get_config(sm->eapol_ctx);
1922 }
1923 
1924 
1925 /**
1926  * eap_get_config_identity - Get identity from the network configuration
1927  * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1928  * @len: Buffer for the length of the identity
1929  * Returns: Pointer to the identity or %NULL if not found
1930  */
1931 const u8 * eap_get_config_identity(struct eap_sm *sm, size_t *len)
1932 {
1933 	struct eap_peer_config *config = eap_get_config(sm);
1934 	if (config == NULL)
1935 		return NULL;
1936 	*len = config->identity_len;
1937 	return config->identity;
1938 }
1939 
1940 
1941 static int eap_get_ext_password(struct eap_sm *sm,
1942 				struct eap_peer_config *config)
1943 {
1944 	char *name;
1945 
1946 	if (config->password == NULL)
1947 		return -1;
1948 
1949 	name = os_zalloc(config->password_len + 1);
1950 	if (name == NULL)
1951 		return -1;
1952 	os_memcpy(name, config->password, config->password_len);
1953 
1954 	ext_password_free(sm->ext_pw_buf);
1955 	sm->ext_pw_buf = ext_password_get(sm->ext_pw, name);
1956 	os_free(name);
1957 
1958 	return sm->ext_pw_buf == NULL ? -1 : 0;
1959 }
1960 
1961 
1962 /**
1963  * eap_get_config_password - Get password from the network configuration
1964  * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1965  * @len: Buffer for the length of the password
1966  * Returns: Pointer to the password or %NULL if not found
1967  */
1968 const u8 * eap_get_config_password(struct eap_sm *sm, size_t *len)
1969 {
1970 	struct eap_peer_config *config = eap_get_config(sm);
1971 	if (config == NULL)
1972 		return NULL;
1973 
1974 	if (config->flags & EAP_CONFIG_FLAGS_EXT_PASSWORD) {
1975 		if (eap_get_ext_password(sm, config) < 0)
1976 			return NULL;
1977 		*len = wpabuf_len(sm->ext_pw_buf);
1978 		return wpabuf_head(sm->ext_pw_buf);
1979 	}
1980 
1981 	*len = config->password_len;
1982 	return config->password;
1983 }
1984 
1985 
1986 /**
1987  * eap_get_config_password2 - Get password from the network configuration
1988  * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1989  * @len: Buffer for the length of the password
1990  * @hash: Buffer for returning whether the password is stored as a
1991  * NtPasswordHash instead of plaintext password; can be %NULL if this
1992  * information is not needed
1993  * Returns: Pointer to the password or %NULL if not found
1994  */
1995 const u8 * eap_get_config_password2(struct eap_sm *sm, size_t *len, int *hash)
1996 {
1997 	struct eap_peer_config *config = eap_get_config(sm);
1998 	if (config == NULL)
1999 		return NULL;
2000 
2001 	if (config->flags & EAP_CONFIG_FLAGS_EXT_PASSWORD) {
2002 		if (eap_get_ext_password(sm, config) < 0)
2003 			return NULL;
2004 		*len = wpabuf_len(sm->ext_pw_buf);
2005 		return wpabuf_head(sm->ext_pw_buf);
2006 	}
2007 
2008 	*len = config->password_len;
2009 	if (hash)
2010 		*hash = !!(config->flags & EAP_CONFIG_FLAGS_PASSWORD_NTHASH);
2011 	return config->password;
2012 }
2013 
2014 
2015 /**
2016  * eap_get_config_new_password - Get new password from network configuration
2017  * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
2018  * @len: Buffer for the length of the new password
2019  * Returns: Pointer to the new password or %NULL if not found
2020  */
2021 const u8 * eap_get_config_new_password(struct eap_sm *sm, size_t *len)
2022 {
2023 	struct eap_peer_config *config = eap_get_config(sm);
2024 	if (config == NULL)
2025 		return NULL;
2026 	*len = config->new_password_len;
2027 	return config->new_password;
2028 }
2029 
2030 
2031 /**
2032  * eap_get_config_otp - Get one-time password from the network configuration
2033  * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
2034  * @len: Buffer for the length of the one-time password
2035  * Returns: Pointer to the one-time password or %NULL if not found
2036  */
2037 const u8 * eap_get_config_otp(struct eap_sm *sm, size_t *len)
2038 {
2039 	struct eap_peer_config *config = eap_get_config(sm);
2040 	if (config == NULL)
2041 		return NULL;
2042 	*len = config->otp_len;
2043 	return config->otp;
2044 }
2045 
2046 
2047 /**
2048  * eap_clear_config_otp - Clear used one-time password
2049  * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
2050  *
2051  * This function clears a used one-time password (OTP) from the current network
2052  * configuration. This should be called when the OTP has been used and is not
2053  * needed anymore.
2054  */
2055 void eap_clear_config_otp(struct eap_sm *sm)
2056 {
2057 	struct eap_peer_config *config = eap_get_config(sm);
2058 	if (config == NULL)
2059 		return;
2060 	os_memset(config->otp, 0, config->otp_len);
2061 	os_free(config->otp);
2062 	config->otp = NULL;
2063 	config->otp_len = 0;
2064 }
2065 
2066 
2067 /**
2068  * eap_get_config_phase1 - Get phase1 data from the network configuration
2069  * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
2070  * Returns: Pointer to the phase1 data or %NULL if not found
2071  */
2072 const char * eap_get_config_phase1(struct eap_sm *sm)
2073 {
2074 	struct eap_peer_config *config = eap_get_config(sm);
2075 	if (config == NULL)
2076 		return NULL;
2077 	return config->phase1;
2078 }
2079 
2080 
2081 /**
2082  * eap_get_config_phase2 - Get phase2 data from the network configuration
2083  * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
2084  * Returns: Pointer to the phase1 data or %NULL if not found
2085  */
2086 const char * eap_get_config_phase2(struct eap_sm *sm)
2087 {
2088 	struct eap_peer_config *config = eap_get_config(sm);
2089 	if (config == NULL)
2090 		return NULL;
2091 	return config->phase2;
2092 }
2093 
2094 
2095 int eap_get_config_fragment_size(struct eap_sm *sm)
2096 {
2097 	struct eap_peer_config *config = eap_get_config(sm);
2098 	if (config == NULL)
2099 		return -1;
2100 	return config->fragment_size;
2101 }
2102 
2103 
2104 /**
2105  * eap_key_available - Get key availability (eapKeyAvailable variable)
2106  * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
2107  * Returns: 1 if EAP keying material is available, 0 if not
2108  */
2109 int eap_key_available(struct eap_sm *sm)
2110 {
2111 	return sm ? sm->eapKeyAvailable : 0;
2112 }
2113 
2114 
2115 /**
2116  * eap_notify_success - Notify EAP state machine about external success trigger
2117  * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
2118  *
2119  * This function is called when external event, e.g., successful completion of
2120  * WPA-PSK key handshake, is indicating that EAP state machine should move to
2121  * success state. This is mainly used with security modes that do not use EAP
2122  * state machine (e.g., WPA-PSK).
2123  */
2124 void eap_notify_success(struct eap_sm *sm)
2125 {
2126 	if (sm) {
2127 		sm->decision = DECISION_COND_SUCC;
2128 		sm->EAP_state = EAP_SUCCESS;
2129 	}
2130 }
2131 
2132 
2133 /**
2134  * eap_notify_lower_layer_success - Notification of lower layer success
2135  * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
2136  *
2137  * Notify EAP state machines that a lower layer has detected a successful
2138  * authentication. This is used to recover from dropped EAP-Success messages.
2139  */
2140 void eap_notify_lower_layer_success(struct eap_sm *sm)
2141 {
2142 	if (sm == NULL)
2143 		return;
2144 
2145 	if (eapol_get_bool(sm, EAPOL_eapSuccess) ||
2146 	    sm->decision == DECISION_FAIL ||
2147 	    (sm->methodState != METHOD_MAY_CONT &&
2148 	     sm->methodState != METHOD_DONE))
2149 		return;
2150 
2151 	if (sm->eapKeyData != NULL)
2152 		sm->eapKeyAvailable = TRUE;
2153 	eapol_set_bool(sm, EAPOL_eapSuccess, TRUE);
2154 	wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_SUCCESS
2155 		"EAP authentication completed successfully (based on lower "
2156 		"layer success)");
2157 }
2158 
2159 
2160 /**
2161  * eap_get_eapKeyData - Get master session key (MSK) from EAP state machine
2162  * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
2163  * @len: Pointer to variable that will be set to number of bytes in the key
2164  * Returns: Pointer to the EAP keying data or %NULL on failure
2165  *
2166  * Fetch EAP keying material (MSK, eapKeyData) from the EAP state machine. The
2167  * key is available only after a successful authentication. EAP state machine
2168  * continues to manage the key data and the caller must not change or free the
2169  * returned data.
2170  */
2171 const u8 * eap_get_eapKeyData(struct eap_sm *sm, size_t *len)
2172 {
2173 	if (sm == NULL || sm->eapKeyData == NULL) {
2174 		*len = 0;
2175 		return NULL;
2176 	}
2177 
2178 	*len = sm->eapKeyDataLen;
2179 	return sm->eapKeyData;
2180 }
2181 
2182 
2183 /**
2184  * eap_get_eapKeyData - Get EAP response data
2185  * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
2186  * Returns: Pointer to the EAP response (eapRespData) or %NULL on failure
2187  *
2188  * Fetch EAP response (eapRespData) from the EAP state machine. This data is
2189  * available when EAP state machine has processed an incoming EAP request. The
2190  * EAP state machine does not maintain a reference to the response after this
2191  * function is called and the caller is responsible for freeing the data.
2192  */
2193 struct wpabuf * eap_get_eapRespData(struct eap_sm *sm)
2194 {
2195 	struct wpabuf *resp;
2196 
2197 	if (sm == NULL || sm->eapRespData == NULL)
2198 		return NULL;
2199 
2200 	resp = sm->eapRespData;
2201 	sm->eapRespData = NULL;
2202 
2203 	return resp;
2204 }
2205 
2206 
2207 /**
2208  * eap_sm_register_scard_ctx - Notification of smart card context
2209  * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
2210  * @ctx: Context data for smart card operations
2211  *
2212  * Notify EAP state machines of context data for smart card operations. This
2213  * context data will be used as a parameter for scard_*() functions.
2214  */
2215 void eap_register_scard_ctx(struct eap_sm *sm, void *ctx)
2216 {
2217 	if (sm)
2218 		sm->scard_ctx = ctx;
2219 }
2220 
2221 
2222 /**
2223  * eap_set_config_blob - Set or add a named configuration blob
2224  * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
2225  * @blob: New value for the blob
2226  *
2227  * Adds a new configuration blob or replaces the current value of an existing
2228  * blob.
2229  */
2230 void eap_set_config_blob(struct eap_sm *sm, struct wpa_config_blob *blob)
2231 {
2232 #ifndef CONFIG_NO_CONFIG_BLOBS
2233 	sm->eapol_cb->set_config_blob(sm->eapol_ctx, blob);
2234 #endif /* CONFIG_NO_CONFIG_BLOBS */
2235 }
2236 
2237 
2238 /**
2239  * eap_get_config_blob - Get a named configuration blob
2240  * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
2241  * @name: Name of the blob
2242  * Returns: Pointer to blob data or %NULL if not found
2243  */
2244 const struct wpa_config_blob * eap_get_config_blob(struct eap_sm *sm,
2245 						   const char *name)
2246 {
2247 #ifndef CONFIG_NO_CONFIG_BLOBS
2248 	return sm->eapol_cb->get_config_blob(sm->eapol_ctx, name);
2249 #else /* CONFIG_NO_CONFIG_BLOBS */
2250 	return NULL;
2251 #endif /* CONFIG_NO_CONFIG_BLOBS */
2252 }
2253 
2254 
2255 /**
2256  * eap_set_force_disabled - Set force_disabled flag
2257  * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
2258  * @disabled: 1 = EAP disabled, 0 = EAP enabled
2259  *
2260  * This function is used to force EAP state machine to be disabled when it is
2261  * not in use (e.g., with WPA-PSK or plaintext connections).
2262  */
2263 void eap_set_force_disabled(struct eap_sm *sm, int disabled)
2264 {
2265 	sm->force_disabled = disabled;
2266 }
2267 
2268 
2269  /**
2270  * eap_notify_pending - Notify that EAP method is ready to re-process a request
2271  * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
2272  *
2273  * An EAP method can perform a pending operation (e.g., to get a response from
2274  * an external process). Once the response is available, this function can be
2275  * used to request EAPOL state machine to retry delivering the previously
2276  * received (and still unanswered) EAP request to EAP state machine.
2277  */
2278 void eap_notify_pending(struct eap_sm *sm)
2279 {
2280 	sm->eapol_cb->notify_pending(sm->eapol_ctx);
2281 }
2282 
2283 
2284 /**
2285  * eap_invalidate_cached_session - Mark cached session data invalid
2286  * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
2287  */
2288 void eap_invalidate_cached_session(struct eap_sm *sm)
2289 {
2290 	if (sm)
2291 		eap_deinit_prev_method(sm, "invalidate");
2292 }
2293 
2294 
2295 int eap_is_wps_pbc_enrollee(struct eap_peer_config *conf)
2296 {
2297 	if (conf->identity_len != WSC_ID_ENROLLEE_LEN ||
2298 	    os_memcmp(conf->identity, WSC_ID_ENROLLEE, WSC_ID_ENROLLEE_LEN))
2299 		return 0; /* Not a WPS Enrollee */
2300 
2301 	if (conf->phase1 == NULL || os_strstr(conf->phase1, "pbc=1") == NULL)
2302 		return 0; /* Not using PBC */
2303 
2304 	return 1;
2305 }
2306 
2307 
2308 int eap_is_wps_pin_enrollee(struct eap_peer_config *conf)
2309 {
2310 	if (conf->identity_len != WSC_ID_ENROLLEE_LEN ||
2311 	    os_memcmp(conf->identity, WSC_ID_ENROLLEE, WSC_ID_ENROLLEE_LEN))
2312 		return 0; /* Not a WPS Enrollee */
2313 
2314 	if (conf->phase1 == NULL || os_strstr(conf->phase1, "pin=") == NULL)
2315 		return 0; /* Not using PIN */
2316 
2317 	return 1;
2318 }
2319 
2320 
2321 void eap_sm_set_ext_pw_ctx(struct eap_sm *sm, struct ext_password_data *ext)
2322 {
2323 	ext_password_free(sm->ext_pw_buf);
2324 	sm->ext_pw_buf = NULL;
2325 	sm->ext_pw = ext;
2326 }
2327 
2328 
2329 /**
2330  * eap_set_anon_id - Set or add anonymous identity
2331  * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
2332  * @id: Anonymous identity (e.g., EAP-SIM pseudonym) or %NULL to clear
2333  * @len: Length of anonymous identity in octets
2334  */
2335 void eap_set_anon_id(struct eap_sm *sm, const u8 *id, size_t len)
2336 {
2337 	if (sm->eapol_cb->set_anon_id)
2338 		sm->eapol_cb->set_anon_id(sm->eapol_ctx, id, len);
2339 }
2340