2 * hostapd / EAP Full Authenticator state machine (RFC 4137)
3 * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
14 * This state machine is based on the full authenticator state machine defined
15 * in RFC 4137. However, to support backend authentication in RADIUS
16 * authentication server functionality, parts of backend authenticator (also
17 * from RFC 4137) are mixed in. This functionality is enabled by setting
18 * backend_auth configuration variable to TRUE.
25 #include "state_machine.h"
26 #include "common/wpa_ctrl.h"
28 #define STATE_MACHINE_DATA struct eap_sm
29 #define STATE_MACHINE_DEBUG_PREFIX "EAP"
31 #define EAP_MAX_AUTH_ROUNDS 50
33 static void eap_user_free(struct eap_user *user);
36 /* EAP state machines are described in RFC 4137 */
38 static int eap_sm_calculateTimeout(struct eap_sm *sm, int retransCount,
39 int eapSRTT, int eapRTTVAR,
41 static void eap_sm_parseEapResp(struct eap_sm *sm, const struct wpabuf *resp);
42 static int eap_sm_getId(const struct wpabuf *data);
43 static struct wpabuf * eap_sm_buildSuccess(struct eap_sm *sm, u8 id);
44 static struct wpabuf * eap_sm_buildFailure(struct eap_sm *sm, u8 id);
45 static int eap_sm_nextId(struct eap_sm *sm, int id);
46 static void eap_sm_Policy_update(struct eap_sm *sm, const u8 *nak_list,
48 static EapType eap_sm_Policy_getNextMethod(struct eap_sm *sm, int *vendor);
49 static int eap_sm_Policy_getDecision(struct eap_sm *sm);
50 static Boolean eap_sm_Policy_doPickUp(struct eap_sm *sm, EapType method);
53 static int eap_copy_buf(struct wpabuf **dst, const struct wpabuf *src)
59 *dst = wpabuf_dup(src);
64 static int eap_copy_data(u8 **dst, size_t *dst_len,
65 const u8 *src, size_t src_len)
71 *dst = os_malloc(src_len);
73 os_memcpy(*dst, src, src_len);
82 #define EAP_COPY(dst, src) \
83 eap_copy_data((dst), (dst ## Len), (src), (src ## Len))
87 * eap_user_get - Fetch user information from the database
88 * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
89 * @identity: Identity (User-Name) of the user
90 * @identity_len: Length of identity in bytes
91 * @phase2: 0 = EAP phase1 user, 1 = EAP phase2 (tunneled) user
92 * Returns: 0 on success, or -1 on failure
94 * This function is used to fetch user information for EAP. The user will be
95 * selected based on the specified identity. sm->user and
96 * sm->user_eap_method_index are updated for the new user when a matching user
97 * is found. sm->user can be used to get user information (e.g., password).
99 int eap_user_get(struct eap_sm *sm, const u8 *identity, size_t identity_len,
102 struct eap_user *user;
104 if (sm == NULL || sm->eapol_cb == NULL ||
105 sm->eapol_cb->get_eap_user == NULL)
108 eap_user_free(sm->user);
111 user = os_zalloc(sizeof(*user));
115 if (sm->eapol_cb->get_eap_user(sm->eapol_ctx, identity,
116 identity_len, phase2, user) != 0) {
122 sm->user_eap_method_index = 0;
128 SM_STATE(EAP, DISABLED)
130 SM_ENTRY(EAP, DISABLED);
135 SM_STATE(EAP, INITIALIZE)
137 SM_ENTRY(EAP, INITIALIZE);
139 if (sm->eap_if.eapRestart && !sm->eap_server && sm->identity) {
141 * Need to allow internal Identity method to be used instead
142 * of passthrough at the beginning of reauthentication.
144 eap_server_clear_identity(sm);
148 sm->eap_if.eapSuccess = FALSE;
149 sm->eap_if.eapFail = FALSE;
150 sm->eap_if.eapTimeout = FALSE;
151 os_free(sm->eap_if.eapKeyData);
152 sm->eap_if.eapKeyData = NULL;
153 sm->eap_if.eapKeyDataLen = 0;
154 sm->eap_if.eapKeyAvailable = FALSE;
155 sm->eap_if.eapRestart = FALSE;
158 * This is not defined in RFC 4137, but method state needs to be
159 * reseted here so that it does not remain in success state when
160 * re-authentication starts.
162 if (sm->m && sm->eap_method_priv) {
163 sm->m->reset(sm, sm->eap_method_priv);
164 sm->eap_method_priv = NULL;
167 sm->user_eap_method_index = 0;
169 if (sm->backend_auth) {
170 sm->currentMethod = EAP_TYPE_NONE;
171 /* parse rxResp, respId, respMethod */
172 eap_sm_parseEapResp(sm, sm->eap_if.eapRespData);
174 sm->currentId = sm->respId;
178 sm->method_pending = METHOD_PENDING_NONE;
180 wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_STARTED
181 MACSTR, MAC2STR(sm->peer_addr));
185 SM_STATE(EAP, PICK_UP_METHOD)
187 SM_ENTRY(EAP, PICK_UP_METHOD);
189 if (eap_sm_Policy_doPickUp(sm, sm->respMethod)) {
190 sm->currentMethod = sm->respMethod;
191 if (sm->m && sm->eap_method_priv) {
192 sm->m->reset(sm, sm->eap_method_priv);
193 sm->eap_method_priv = NULL;
195 sm->m = eap_server_get_eap_method(EAP_VENDOR_IETF,
197 if (sm->m && sm->m->initPickUp) {
198 sm->eap_method_priv = sm->m->initPickUp(sm);
199 if (sm->eap_method_priv == NULL) {
200 wpa_printf(MSG_DEBUG, "EAP: Failed to "
201 "initialize EAP method %d",
204 sm->currentMethod = EAP_TYPE_NONE;
208 sm->currentMethod = EAP_TYPE_NONE;
212 wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_PROPOSED_METHOD
213 "method=%u", sm->currentMethod);
221 sm->eap_if.retransWhile = eap_sm_calculateTimeout(
222 sm, sm->retransCount, sm->eap_if.eapSRTT, sm->eap_if.eapRTTVAR,
227 SM_STATE(EAP, RETRANSMIT)
229 SM_ENTRY(EAP, RETRANSMIT);
232 if (sm->retransCount <= sm->MaxRetrans && sm->lastReqData) {
233 if (eap_copy_buf(&sm->eap_if.eapReqData, sm->lastReqData) == 0)
234 sm->eap_if.eapReq = TRUE;
239 SM_STATE(EAP, RECEIVED)
241 SM_ENTRY(EAP, RECEIVED);
243 /* parse rxResp, respId, respMethod */
244 eap_sm_parseEapResp(sm, sm->eap_if.eapRespData);
249 SM_STATE(EAP, DISCARD)
251 SM_ENTRY(EAP, DISCARD);
252 sm->eap_if.eapResp = FALSE;
253 sm->eap_if.eapNoReq = TRUE;
257 SM_STATE(EAP, SEND_REQUEST)
259 SM_ENTRY(EAP, SEND_REQUEST);
261 sm->retransCount = 0;
262 if (sm->eap_if.eapReqData) {
263 if (eap_copy_buf(&sm->lastReqData, sm->eap_if.eapReqData) == 0)
265 sm->eap_if.eapResp = FALSE;
266 sm->eap_if.eapReq = TRUE;
268 sm->eap_if.eapResp = FALSE;
269 sm->eap_if.eapReq = FALSE;
272 wpa_printf(MSG_INFO, "EAP: SEND_REQUEST - no eapReqData");
273 sm->eap_if.eapResp = FALSE;
274 sm->eap_if.eapReq = FALSE;
275 sm->eap_if.eapNoReq = TRUE;
280 SM_STATE(EAP, INTEGRITY_CHECK)
282 SM_ENTRY(EAP, INTEGRITY_CHECK);
285 sm->ignore = sm->m->check(sm, sm->eap_method_priv,
286 sm->eap_if.eapRespData);
291 SM_STATE(EAP, METHOD_REQUEST)
293 SM_ENTRY(EAP, METHOD_REQUEST);
296 wpa_printf(MSG_DEBUG, "EAP: method not initialized");
300 sm->currentId = eap_sm_nextId(sm, sm->currentId);
301 wpa_printf(MSG_DEBUG, "EAP: building EAP-Request: Identifier %d",
303 sm->lastId = sm->currentId;
304 wpabuf_free(sm->eap_if.eapReqData);
305 sm->eap_if.eapReqData = sm->m->buildReq(sm, sm->eap_method_priv,
307 if (sm->m->getTimeout)
308 sm->methodTimeout = sm->m->getTimeout(sm, sm->eap_method_priv);
310 sm->methodTimeout = 0;
314 SM_STATE(EAP, METHOD_RESPONSE)
316 SM_ENTRY(EAP, METHOD_RESPONSE);
318 sm->m->process(sm, sm->eap_method_priv, sm->eap_if.eapRespData);
319 if (sm->m->isDone(sm, sm->eap_method_priv)) {
320 eap_sm_Policy_update(sm, NULL, 0);
321 os_free(sm->eap_if.eapKeyData);
323 sm->eap_if.eapKeyData = sm->m->getKey(
324 sm, sm->eap_method_priv,
325 &sm->eap_if.eapKeyDataLen);
327 sm->eap_if.eapKeyData = NULL;
328 sm->eap_if.eapKeyDataLen = 0;
330 sm->methodState = METHOD_END;
332 sm->methodState = METHOD_CONTINUE;
337 SM_STATE(EAP, PROPOSE_METHOD)
342 SM_ENTRY(EAP, PROPOSE_METHOD);
344 type = eap_sm_Policy_getNextMethod(sm, &vendor);
345 if (vendor == EAP_VENDOR_IETF)
346 sm->currentMethod = type;
348 sm->currentMethod = EAP_TYPE_EXPANDED;
349 if (sm->m && sm->eap_method_priv) {
350 sm->m->reset(sm, sm->eap_method_priv);
351 sm->eap_method_priv = NULL;
353 sm->m = eap_server_get_eap_method(vendor, type);
355 sm->eap_method_priv = sm->m->init(sm);
356 if (sm->eap_method_priv == NULL) {
357 wpa_printf(MSG_DEBUG, "EAP: Failed to initialize EAP "
358 "method %d", sm->currentMethod);
360 sm->currentMethod = EAP_TYPE_NONE;
363 if (sm->currentMethod == EAP_TYPE_IDENTITY ||
364 sm->currentMethod == EAP_TYPE_NOTIFICATION)
365 sm->methodState = METHOD_CONTINUE;
367 sm->methodState = METHOD_PROPOSED;
369 wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_PROPOSED_METHOD
370 "vendor=%u method=%u", vendor, sm->currentMethod);
376 const struct eap_hdr *nak;
379 const u8 *nak_list = NULL;
383 if (sm->eap_method_priv) {
384 sm->m->reset(sm, sm->eap_method_priv);
385 sm->eap_method_priv = NULL;
389 nak = wpabuf_head(sm->eap_if.eapRespData);
390 if (nak && wpabuf_len(sm->eap_if.eapRespData) > sizeof(*nak)) {
391 len = be_to_host16(nak->length);
392 if (len > wpabuf_len(sm->eap_if.eapRespData))
393 len = wpabuf_len(sm->eap_if.eapRespData);
394 pos = (const u8 *) (nak + 1);
396 if (*pos == EAP_TYPE_NAK) {
402 eap_sm_Policy_update(sm, nak_list, len);
406 SM_STATE(EAP, SELECT_ACTION)
408 SM_ENTRY(EAP, SELECT_ACTION);
410 sm->decision = eap_sm_Policy_getDecision(sm);
414 SM_STATE(EAP, TIMEOUT_FAILURE)
416 SM_ENTRY(EAP, TIMEOUT_FAILURE);
418 sm->eap_if.eapTimeout = TRUE;
422 SM_STATE(EAP, FAILURE)
424 SM_ENTRY(EAP, FAILURE);
426 wpabuf_free(sm->eap_if.eapReqData);
427 sm->eap_if.eapReqData = eap_sm_buildFailure(sm, sm->currentId);
428 wpabuf_free(sm->lastReqData);
429 sm->lastReqData = NULL;
430 sm->eap_if.eapFail = TRUE;
432 wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_FAILURE
433 MACSTR, MAC2STR(sm->peer_addr));
437 SM_STATE(EAP, SUCCESS)
439 SM_ENTRY(EAP, SUCCESS);
441 wpabuf_free(sm->eap_if.eapReqData);
442 sm->eap_if.eapReqData = eap_sm_buildSuccess(sm, sm->currentId);
443 wpabuf_free(sm->lastReqData);
444 sm->lastReqData = NULL;
445 if (sm->eap_if.eapKeyData)
446 sm->eap_if.eapKeyAvailable = TRUE;
447 sm->eap_if.eapSuccess = TRUE;
449 wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_SUCCESS
450 MACSTR, MAC2STR(sm->peer_addr));
454 SM_STATE(EAP, INITIALIZE_PASSTHROUGH)
456 SM_ENTRY(EAP, INITIALIZE_PASSTHROUGH);
458 wpabuf_free(sm->eap_if.aaaEapRespData);
459 sm->eap_if.aaaEapRespData = NULL;
465 SM_ENTRY(EAP, IDLE2);
467 sm->eap_if.retransWhile = eap_sm_calculateTimeout(
468 sm, sm->retransCount, sm->eap_if.eapSRTT, sm->eap_if.eapRTTVAR,
473 SM_STATE(EAP, RETRANSMIT2)
475 SM_ENTRY(EAP, RETRANSMIT2);
478 if (sm->retransCount <= sm->MaxRetrans && sm->lastReqData) {
479 if (eap_copy_buf(&sm->eap_if.eapReqData, sm->lastReqData) == 0)
480 sm->eap_if.eapReq = TRUE;
485 SM_STATE(EAP, RECEIVED2)
487 SM_ENTRY(EAP, RECEIVED2);
489 /* parse rxResp, respId, respMethod */
490 eap_sm_parseEapResp(sm, sm->eap_if.eapRespData);
494 SM_STATE(EAP, DISCARD2)
496 SM_ENTRY(EAP, DISCARD2);
497 sm->eap_if.eapResp = FALSE;
498 sm->eap_if.eapNoReq = TRUE;
502 SM_STATE(EAP, SEND_REQUEST2)
504 SM_ENTRY(EAP, SEND_REQUEST2);
506 sm->retransCount = 0;
507 if (sm->eap_if.eapReqData) {
508 if (eap_copy_buf(&sm->lastReqData, sm->eap_if.eapReqData) == 0)
510 sm->eap_if.eapResp = FALSE;
511 sm->eap_if.eapReq = TRUE;
513 sm->eap_if.eapResp = FALSE;
514 sm->eap_if.eapReq = FALSE;
517 wpa_printf(MSG_INFO, "EAP: SEND_REQUEST2 - no eapReqData");
518 sm->eap_if.eapResp = FALSE;
519 sm->eap_if.eapReq = FALSE;
520 sm->eap_if.eapNoReq = TRUE;
525 SM_STATE(EAP, AAA_REQUEST)
527 SM_ENTRY(EAP, AAA_REQUEST);
529 if (sm->eap_if.eapRespData == NULL) {
530 wpa_printf(MSG_INFO, "EAP: AAA_REQUEST - no eapRespData");
535 * if (respMethod == IDENTITY)
536 * aaaIdentity = eapRespData
537 * This is already taken care of by the EAP-Identity method which
538 * stores the identity into sm->identity.
541 eap_copy_buf(&sm->eap_if.aaaEapRespData, sm->eap_if.eapRespData);
545 SM_STATE(EAP, AAA_RESPONSE)
547 SM_ENTRY(EAP, AAA_RESPONSE);
549 eap_copy_buf(&sm->eap_if.eapReqData, sm->eap_if.aaaEapReqData);
550 sm->currentId = eap_sm_getId(sm->eap_if.eapReqData);
551 sm->methodTimeout = sm->eap_if.aaaMethodTimeout;
555 SM_STATE(EAP, AAA_IDLE)
557 SM_ENTRY(EAP, AAA_IDLE);
559 sm->eap_if.aaaFail = FALSE;
560 sm->eap_if.aaaSuccess = FALSE;
561 sm->eap_if.aaaEapReq = FALSE;
562 sm->eap_if.aaaEapNoReq = FALSE;
563 sm->eap_if.aaaEapResp = TRUE;
567 SM_STATE(EAP, TIMEOUT_FAILURE2)
569 SM_ENTRY(EAP, TIMEOUT_FAILURE2);
571 sm->eap_if.eapTimeout = TRUE;
575 SM_STATE(EAP, FAILURE2)
577 SM_ENTRY(EAP, FAILURE2);
579 eap_copy_buf(&sm->eap_if.eapReqData, sm->eap_if.aaaEapReqData);
580 sm->eap_if.eapFail = TRUE;
584 SM_STATE(EAP, SUCCESS2)
586 SM_ENTRY(EAP, SUCCESS2);
588 eap_copy_buf(&sm->eap_if.eapReqData, sm->eap_if.aaaEapReqData);
590 sm->eap_if.eapKeyAvailable = sm->eap_if.aaaEapKeyAvailable;
591 if (sm->eap_if.aaaEapKeyAvailable) {
592 EAP_COPY(&sm->eap_if.eapKeyData, sm->eap_if.aaaEapKeyData);
594 os_free(sm->eap_if.eapKeyData);
595 sm->eap_if.eapKeyData = NULL;
596 sm->eap_if.eapKeyDataLen = 0;
599 sm->eap_if.eapSuccess = TRUE;
602 * Start reauthentication with identity request even though we know the
603 * previously used identity. This is needed to get reauthentication
606 sm->start_reauth = TRUE;
612 if (sm->eap_if.eapRestart && sm->eap_if.portEnabled)
613 SM_ENTER_GLOBAL(EAP, INITIALIZE);
614 else if (!sm->eap_if.portEnabled)
615 SM_ENTER_GLOBAL(EAP, DISABLED);
616 else if (sm->num_rounds > EAP_MAX_AUTH_ROUNDS) {
617 if (sm->num_rounds == EAP_MAX_AUTH_ROUNDS + 1) {
618 wpa_printf(MSG_DEBUG, "EAP: more than %d "
619 "authentication rounds - abort",
620 EAP_MAX_AUTH_ROUNDS);
622 SM_ENTER_GLOBAL(EAP, FAILURE);
624 } else switch (sm->EAP_state) {
626 if (sm->backend_auth) {
628 SM_ENTER(EAP, SELECT_ACTION);
629 else if (sm->rxResp &&
630 (sm->respMethod == EAP_TYPE_NAK ||
631 (sm->respMethod == EAP_TYPE_EXPANDED &&
632 sm->respVendor == EAP_VENDOR_IETF &&
633 sm->respVendorMethod == EAP_TYPE_NAK)))
636 SM_ENTER(EAP, PICK_UP_METHOD);
638 SM_ENTER(EAP, SELECT_ACTION);
641 case EAP_PICK_UP_METHOD:
642 if (sm->currentMethod == EAP_TYPE_NONE) {
643 SM_ENTER(EAP, SELECT_ACTION);
645 SM_ENTER(EAP, METHOD_RESPONSE);
649 if (sm->eap_if.portEnabled)
650 SM_ENTER(EAP, INITIALIZE);
653 if (sm->eap_if.retransWhile == 0)
654 SM_ENTER(EAP, RETRANSMIT);
655 else if (sm->eap_if.eapResp)
656 SM_ENTER(EAP, RECEIVED);
659 if (sm->retransCount > sm->MaxRetrans)
660 SM_ENTER(EAP, TIMEOUT_FAILURE);
665 if (sm->rxResp && (sm->respId == sm->currentId) &&
666 (sm->respMethod == EAP_TYPE_NAK ||
667 (sm->respMethod == EAP_TYPE_EXPANDED &&
668 sm->respVendor == EAP_VENDOR_IETF &&
669 sm->respVendorMethod == EAP_TYPE_NAK))
670 && (sm->methodState == METHOD_PROPOSED))
672 else if (sm->rxResp && (sm->respId == sm->currentId) &&
673 ((sm->respMethod == sm->currentMethod) ||
674 (sm->respMethod == EAP_TYPE_EXPANDED &&
675 sm->respVendor == EAP_VENDOR_IETF &&
676 sm->respVendorMethod == sm->currentMethod)))
677 SM_ENTER(EAP, INTEGRITY_CHECK);
679 wpa_printf(MSG_DEBUG, "EAP: RECEIVED->DISCARD: "
680 "rxResp=%d respId=%d currentId=%d "
681 "respMethod=%d currentMethod=%d",
682 sm->rxResp, sm->respId, sm->currentId,
683 sm->respMethod, sm->currentMethod);
684 SM_ENTER(EAP, DISCARD);
690 case EAP_SEND_REQUEST:
693 case EAP_INTEGRITY_CHECK:
695 SM_ENTER(EAP, DISCARD);
697 SM_ENTER(EAP, METHOD_RESPONSE);
699 case EAP_METHOD_REQUEST:
700 SM_ENTER(EAP, SEND_REQUEST);
702 case EAP_METHOD_RESPONSE:
704 * Note: Mechanism to allow EAP methods to wait while going
705 * through pending processing is an extension to RFC 4137
706 * which only defines the transits to SELECT_ACTION and
707 * METHOD_REQUEST from this METHOD_RESPONSE state.
709 if (sm->methodState == METHOD_END)
710 SM_ENTER(EAP, SELECT_ACTION);
711 else if (sm->method_pending == METHOD_PENDING_WAIT) {
712 wpa_printf(MSG_DEBUG, "EAP: Method has pending "
713 "processing - wait before proceeding to "
714 "METHOD_REQUEST state");
715 } else if (sm->method_pending == METHOD_PENDING_CONT) {
716 wpa_printf(MSG_DEBUG, "EAP: Method has completed "
717 "pending processing - reprocess pending "
719 sm->method_pending = METHOD_PENDING_NONE;
720 SM_ENTER(EAP, METHOD_RESPONSE);
722 SM_ENTER(EAP, METHOD_REQUEST);
724 case EAP_PROPOSE_METHOD:
726 * Note: Mechanism to allow EAP methods to wait while going
727 * through pending processing is an extension to RFC 4137
728 * which only defines the transit to METHOD_REQUEST from this
729 * PROPOSE_METHOD state.
731 if (sm->method_pending == METHOD_PENDING_WAIT) {
732 wpa_printf(MSG_DEBUG, "EAP: Method has pending "
733 "processing - wait before proceeding to "
734 "METHOD_REQUEST state");
735 if (sm->user_eap_method_index > 0)
736 sm->user_eap_method_index--;
737 } else if (sm->method_pending == METHOD_PENDING_CONT) {
738 wpa_printf(MSG_DEBUG, "EAP: Method has completed "
739 "pending processing - reprocess pending "
741 sm->method_pending = METHOD_PENDING_NONE;
742 SM_ENTER(EAP, PROPOSE_METHOD);
744 SM_ENTER(EAP, METHOD_REQUEST);
747 SM_ENTER(EAP, SELECT_ACTION);
749 case EAP_SELECT_ACTION:
750 if (sm->decision == DECISION_FAILURE)
751 SM_ENTER(EAP, FAILURE);
752 else if (sm->decision == DECISION_SUCCESS)
753 SM_ENTER(EAP, SUCCESS);
754 else if (sm->decision == DECISION_PASSTHROUGH)
755 SM_ENTER(EAP, INITIALIZE_PASSTHROUGH);
757 SM_ENTER(EAP, PROPOSE_METHOD);
759 case EAP_TIMEOUT_FAILURE:
766 case EAP_INITIALIZE_PASSTHROUGH:
767 if (sm->currentId == -1)
768 SM_ENTER(EAP, AAA_IDLE);
770 SM_ENTER(EAP, AAA_REQUEST);
773 if (sm->eap_if.eapResp)
774 SM_ENTER(EAP, RECEIVED2);
775 else if (sm->eap_if.retransWhile == 0)
776 SM_ENTER(EAP, RETRANSMIT2);
778 case EAP_RETRANSMIT2:
779 if (sm->retransCount > sm->MaxRetrans)
780 SM_ENTER(EAP, TIMEOUT_FAILURE2);
782 SM_ENTER(EAP, IDLE2);
785 if (sm->rxResp && (sm->respId == sm->currentId))
786 SM_ENTER(EAP, AAA_REQUEST);
788 SM_ENTER(EAP, DISCARD2);
791 SM_ENTER(EAP, IDLE2);
793 case EAP_SEND_REQUEST2:
794 SM_ENTER(EAP, IDLE2);
796 case EAP_AAA_REQUEST:
797 SM_ENTER(EAP, AAA_IDLE);
799 case EAP_AAA_RESPONSE:
800 SM_ENTER(EAP, SEND_REQUEST2);
803 if (sm->eap_if.aaaFail)
804 SM_ENTER(EAP, FAILURE2);
805 else if (sm->eap_if.aaaSuccess)
806 SM_ENTER(EAP, SUCCESS2);
807 else if (sm->eap_if.aaaEapReq)
808 SM_ENTER(EAP, AAA_RESPONSE);
809 else if (sm->eap_if.aaaTimeout)
810 SM_ENTER(EAP, TIMEOUT_FAILURE2);
812 case EAP_TIMEOUT_FAILURE2:
822 static int eap_sm_calculateTimeout(struct eap_sm *sm, int retransCount,
823 int eapSRTT, int eapRTTVAR,
830 * EAP method (either internal or through AAA server, provided
831 * timeout hint. Use that as-is as a timeout for retransmitting
832 * the EAP request if no response is received.
834 wpa_printf(MSG_DEBUG, "EAP: retransmit timeout %d seconds "
835 "(from EAP method hint)", methodTimeout);
836 return methodTimeout;
840 * RFC 3748 recommends algorithms described in RFC 2988 for estimation
841 * of the retransmission timeout. This should be implemented once
842 * round-trip time measurements are available. For nowm a simple
843 * backoff mechanism is used instead if there are no EAP method
846 * SRTT = smoothed round-trip time
847 * RTTVAR = round-trip time variation
848 * RTO = retransmission timeout
852 * RFC 2988, 2.1: before RTT measurement, set RTO to 3 seconds for
853 * initial retransmission and then double the RTO to provide back off
854 * per 5.5. Limit the maximum RTO to 20 seconds per RFC 3748, 4.3
858 for (i = 0; i < retransCount; i++) {
866 wpa_printf(MSG_DEBUG, "EAP: retransmit timeout %d seconds "
867 "(from dynamic back off; retransCount=%d)",
874 static void eap_sm_parseEapResp(struct eap_sm *sm, const struct wpabuf *resp)
876 const struct eap_hdr *hdr;
879 /* parse rxResp, respId, respMethod */
882 sm->respMethod = EAP_TYPE_NONE;
883 sm->respVendor = EAP_VENDOR_IETF;
884 sm->respVendorMethod = EAP_TYPE_NONE;
886 if (resp == NULL || wpabuf_len(resp) < sizeof(*hdr)) {
887 wpa_printf(MSG_DEBUG, "EAP: parseEapResp: invalid resp=%p "
889 resp ? (unsigned long) wpabuf_len(resp) : 0);
893 hdr = wpabuf_head(resp);
894 plen = be_to_host16(hdr->length);
895 if (plen > wpabuf_len(resp)) {
896 wpa_printf(MSG_DEBUG, "EAP: Ignored truncated EAP-Packet "
897 "(len=%lu plen=%lu)",
898 (unsigned long) wpabuf_len(resp),
899 (unsigned long) plen);
903 sm->respId = hdr->identifier;
905 if (hdr->code == EAP_CODE_RESPONSE)
908 if (plen > sizeof(*hdr)) {
909 u8 *pos = (u8 *) (hdr + 1);
910 sm->respMethod = *pos++;
911 if (sm->respMethod == EAP_TYPE_EXPANDED) {
912 if (plen < sizeof(*hdr) + 8) {
913 wpa_printf(MSG_DEBUG, "EAP: Ignored truncated "
914 "expanded EAP-Packet (plen=%lu)",
915 (unsigned long) plen);
918 sm->respVendor = WPA_GET_BE24(pos);
920 sm->respVendorMethod = WPA_GET_BE32(pos);
924 wpa_printf(MSG_DEBUG, "EAP: parseEapResp: rxResp=%d respId=%d "
925 "respMethod=%u respVendor=%u respVendorMethod=%u",
926 sm->rxResp, sm->respId, sm->respMethod, sm->respVendor,
927 sm->respVendorMethod);
931 static int eap_sm_getId(const struct wpabuf *data)
933 const struct eap_hdr *hdr;
935 if (data == NULL || wpabuf_len(data) < sizeof(*hdr))
938 hdr = wpabuf_head(data);
939 wpa_printf(MSG_DEBUG, "EAP: getId: id=%d", hdr->identifier);
940 return hdr->identifier;
944 static struct wpabuf * eap_sm_buildSuccess(struct eap_sm *sm, u8 id)
947 struct eap_hdr *resp;
948 wpa_printf(MSG_DEBUG, "EAP: Building EAP-Success (id=%d)", id);
950 msg = wpabuf_alloc(sizeof(*resp));
953 resp = wpabuf_put(msg, sizeof(*resp));
954 resp->code = EAP_CODE_SUCCESS;
955 resp->identifier = id;
956 resp->length = host_to_be16(sizeof(*resp));
962 static struct wpabuf * eap_sm_buildFailure(struct eap_sm *sm, u8 id)
965 struct eap_hdr *resp;
966 wpa_printf(MSG_DEBUG, "EAP: Building EAP-Failure (id=%d)", id);
968 msg = wpabuf_alloc(sizeof(*resp));
971 resp = wpabuf_put(msg, sizeof(*resp));
972 resp->code = EAP_CODE_FAILURE;
973 resp->identifier = id;
974 resp->length = host_to_be16(sizeof(*resp));
980 static int eap_sm_nextId(struct eap_sm *sm, int id)
983 /* RFC 3748 Ch 4.1: recommended to initialize Identifier with a
986 if (id != sm->lastId)
989 return (id + 1) & 0xff;
994 * eap_sm_process_nak - Process EAP-Response/Nak
995 * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
996 * @nak_list: Nak list (allowed methods) from the supplicant
997 * @len: Length of nak_list in bytes
999 * This function is called when EAP-Response/Nak is received from the
1000 * supplicant. This can happen for both phase 1 and phase 2 authentications.
1002 void eap_sm_process_nak(struct eap_sm *sm, const u8 *nak_list, size_t len)
1007 if (sm->user == NULL)
1010 wpa_printf(MSG_MSGDUMP, "EAP: processing NAK (current EAP method "
1011 "index %d)", sm->user_eap_method_index);
1013 wpa_hexdump(MSG_MSGDUMP, "EAP: configured methods",
1014 (u8 *) sm->user->methods,
1015 EAP_MAX_METHODS * sizeof(sm->user->methods[0]));
1016 wpa_hexdump(MSG_MSGDUMP, "EAP: list of methods supported by the peer",
1019 i = sm->user_eap_method_index;
1020 while (i < EAP_MAX_METHODS &&
1021 (sm->user->methods[i].vendor != EAP_VENDOR_IETF ||
1022 sm->user->methods[i].method != EAP_TYPE_NONE)) {
1023 if (sm->user->methods[i].vendor != EAP_VENDOR_IETF)
1025 for (j = 0; j < len; j++) {
1026 if (nak_list[j] == sm->user->methods[i].method) {
1038 /* not found - remove from the list */
1039 if (i + 1 < EAP_MAX_METHODS) {
1040 os_memmove(&sm->user->methods[i],
1041 &sm->user->methods[i + 1],
1042 (EAP_MAX_METHODS - i - 1) *
1043 sizeof(sm->user->methods[0]));
1045 sm->user->methods[EAP_MAX_METHODS - 1].vendor =
1047 sm->user->methods[EAP_MAX_METHODS - 1].method = EAP_TYPE_NONE;
1050 wpa_hexdump(MSG_MSGDUMP, "EAP: new list of configured methods",
1051 (u8 *) sm->user->methods, EAP_MAX_METHODS *
1052 sizeof(sm->user->methods[0]));
1056 static void eap_sm_Policy_update(struct eap_sm *sm, const u8 *nak_list,
1059 if (nak_list == NULL || sm == NULL || sm->user == NULL)
1062 if (sm->user->phase2) {
1063 wpa_printf(MSG_DEBUG, "EAP: EAP-Nak received after Phase2 user"
1064 " info was selected - reject");
1065 sm->decision = DECISION_FAILURE;
1069 eap_sm_process_nak(sm, nak_list, len);
1073 static EapType eap_sm_Policy_getNextMethod(struct eap_sm *sm, int *vendor)
1076 int idx = sm->user_eap_method_index;
1078 /* In theory, there should be no problems with starting
1079 * re-authentication with something else than EAP-Request/Identity and
1080 * this does indeed work with wpa_supplicant. However, at least Funk
1081 * Supplicant seemed to ignore re-auth if it skipped
1082 * EAP-Request/Identity.
1083 * Re-auth sets currentId == -1, so that can be used here to select
1084 * whether Identity needs to be requested again. */
1085 if (sm->identity == NULL || sm->currentId == -1) {
1086 *vendor = EAP_VENDOR_IETF;
1087 next = EAP_TYPE_IDENTITY;
1088 sm->update_user = TRUE;
1089 } else if (sm->user && idx < EAP_MAX_METHODS &&
1090 (sm->user->methods[idx].vendor != EAP_VENDOR_IETF ||
1091 sm->user->methods[idx].method != EAP_TYPE_NONE)) {
1092 *vendor = sm->user->methods[idx].vendor;
1093 next = sm->user->methods[idx].method;
1094 sm->user_eap_method_index++;
1096 *vendor = EAP_VENDOR_IETF;
1097 next = EAP_TYPE_NONE;
1099 wpa_printf(MSG_DEBUG, "EAP: getNextMethod: vendor %d type %d",
1105 static int eap_sm_Policy_getDecision(struct eap_sm *sm)
1107 if (!sm->eap_server && sm->identity && !sm->start_reauth) {
1108 wpa_printf(MSG_DEBUG, "EAP: getDecision: -> PASSTHROUGH");
1109 return DECISION_PASSTHROUGH;
1112 if (sm->m && sm->currentMethod != EAP_TYPE_IDENTITY &&
1113 sm->m->isSuccess(sm, sm->eap_method_priv)) {
1114 wpa_printf(MSG_DEBUG, "EAP: getDecision: method succeeded -> "
1116 sm->update_user = TRUE;
1117 return DECISION_SUCCESS;
1120 if (sm->m && sm->m->isDone(sm, sm->eap_method_priv) &&
1121 !sm->m->isSuccess(sm, sm->eap_method_priv)) {
1122 wpa_printf(MSG_DEBUG, "EAP: getDecision: method failed -> "
1124 sm->update_user = TRUE;
1125 return DECISION_FAILURE;
1128 if ((sm->user == NULL || sm->update_user) && sm->identity &&
1129 !sm->start_reauth) {
1131 * Allow Identity method to be started once to allow identity
1132 * selection hint to be sent from the authentication server,
1133 * but prevent a loop of Identity requests by only allowing
1134 * this to happen once.
1137 if (sm->user && sm->currentMethod == EAP_TYPE_IDENTITY &&
1138 sm->user->methods[0].vendor == EAP_VENDOR_IETF &&
1139 sm->user->methods[0].method == EAP_TYPE_IDENTITY)
1141 if (eap_user_get(sm, sm->identity, sm->identity_len, 0) != 0) {
1142 wpa_printf(MSG_DEBUG, "EAP: getDecision: user not "
1143 "found from database -> FAILURE");
1144 return DECISION_FAILURE;
1146 if (id_req && sm->user &&
1147 sm->user->methods[0].vendor == EAP_VENDOR_IETF &&
1148 sm->user->methods[0].method == EAP_TYPE_IDENTITY) {
1149 wpa_printf(MSG_DEBUG, "EAP: getDecision: stop "
1150 "identity request loop -> FAILURE");
1151 sm->update_user = TRUE;
1152 return DECISION_FAILURE;
1154 sm->update_user = FALSE;
1156 sm->start_reauth = FALSE;
1158 if (sm->user && sm->user_eap_method_index < EAP_MAX_METHODS &&
1159 (sm->user->methods[sm->user_eap_method_index].vendor !=
1161 sm->user->methods[sm->user_eap_method_index].method !=
1163 wpa_printf(MSG_DEBUG, "EAP: getDecision: another method "
1164 "available -> CONTINUE");
1165 return DECISION_CONTINUE;
1168 if (sm->identity == NULL || sm->currentId == -1) {
1169 wpa_printf(MSG_DEBUG, "EAP: getDecision: no identity known "
1171 return DECISION_CONTINUE;
1174 wpa_printf(MSG_DEBUG, "EAP: getDecision: no more methods available -> "
1176 return DECISION_FAILURE;
1180 static Boolean eap_sm_Policy_doPickUp(struct eap_sm *sm, EapType method)
1182 return method == EAP_TYPE_IDENTITY ? TRUE : FALSE;
1187 * eap_server_sm_step - Step EAP server state machine
1188 * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
1189 * Returns: 1 if EAP state was changed or 0 if not
1191 * This function advances EAP state machine to a new state to match with the
1192 * current variables. This should be called whenever variables used by the EAP
1193 * state machine have changed.
1195 int eap_server_sm_step(struct eap_sm *sm)
1199 sm->changed = FALSE;
1203 } while (sm->changed);
1208 static void eap_user_free(struct eap_user *user)
1212 os_free(user->password);
1213 user->password = NULL;
1219 * eap_server_sm_init - Allocate and initialize EAP server state machine
1220 * @eapol_ctx: Context data to be used with eapol_cb calls
1221 * @eapol_cb: Pointer to EAPOL callback functions
1222 * @conf: EAP configuration
1223 * Returns: Pointer to the allocated EAP state machine or %NULL on failure
1225 * This function allocates and initializes an EAP state machine.
1227 struct eap_sm * eap_server_sm_init(void *eapol_ctx,
1228 struct eapol_callbacks *eapol_cb,
1229 struct eap_config *conf)
1233 sm = os_zalloc(sizeof(*sm));
1236 sm->eapol_ctx = eapol_ctx;
1237 sm->eapol_cb = eapol_cb;
1238 sm->MaxRetrans = 5; /* RFC 3748: max 3-5 retransmissions suggested */
1239 sm->ssl_ctx = conf->ssl_ctx;
1240 sm->msg_ctx = conf->msg_ctx;
1241 sm->eap_sim_db_priv = conf->eap_sim_db_priv;
1242 sm->backend_auth = conf->backend_auth;
1243 sm->eap_server = conf->eap_server;
1244 if (conf->pac_opaque_encr_key) {
1245 sm->pac_opaque_encr_key = os_malloc(16);
1246 if (sm->pac_opaque_encr_key) {
1247 os_memcpy(sm->pac_opaque_encr_key,
1248 conf->pac_opaque_encr_key, 16);
1251 if (conf->eap_fast_a_id) {
1252 sm->eap_fast_a_id = os_malloc(conf->eap_fast_a_id_len);
1253 if (sm->eap_fast_a_id) {
1254 os_memcpy(sm->eap_fast_a_id, conf->eap_fast_a_id,
1255 conf->eap_fast_a_id_len);
1256 sm->eap_fast_a_id_len = conf->eap_fast_a_id_len;
1259 if (conf->eap_fast_a_id_info)
1260 sm->eap_fast_a_id_info = os_strdup(conf->eap_fast_a_id_info);
1261 sm->eap_fast_prov = conf->eap_fast_prov;
1262 sm->pac_key_lifetime = conf->pac_key_lifetime;
1263 sm->pac_key_refresh_time = conf->pac_key_refresh_time;
1264 sm->eap_sim_aka_result_ind = conf->eap_sim_aka_result_ind;
1265 sm->tnc = conf->tnc;
1266 sm->wps = conf->wps;
1267 if (conf->assoc_wps_ie)
1268 sm->assoc_wps_ie = wpabuf_dup(conf->assoc_wps_ie);
1269 if (conf->assoc_p2p_ie)
1270 sm->assoc_p2p_ie = wpabuf_dup(conf->assoc_p2p_ie);
1271 if (conf->peer_addr)
1272 os_memcpy(sm->peer_addr, conf->peer_addr, ETH_ALEN);
1273 sm->fragment_size = conf->fragment_size;
1274 sm->pwd_group = conf->pwd_group;
1275 sm->pbc_in_m1 = conf->pbc_in_m1;
1277 wpa_printf(MSG_DEBUG, "EAP: Server state machine created");
1284 * eap_server_sm_deinit - Deinitialize and free an EAP server state machine
1285 * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
1287 * This function deinitializes EAP state machine and frees all allocated
1290 void eap_server_sm_deinit(struct eap_sm *sm)
1294 wpa_printf(MSG_DEBUG, "EAP: Server state machine removed");
1295 if (sm->m && sm->eap_method_priv)
1296 sm->m->reset(sm, sm->eap_method_priv);
1297 wpabuf_free(sm->eap_if.eapReqData);
1298 os_free(sm->eap_if.eapKeyData);
1299 wpabuf_free(sm->lastReqData);
1300 wpabuf_free(sm->eap_if.eapRespData);
1301 os_free(sm->identity);
1302 os_free(sm->pac_opaque_encr_key);
1303 os_free(sm->eap_fast_a_id);
1304 os_free(sm->eap_fast_a_id_info);
1305 wpabuf_free(sm->eap_if.aaaEapReqData);
1306 wpabuf_free(sm->eap_if.aaaEapRespData);
1307 os_free(sm->eap_if.aaaEapKeyData);
1308 eap_user_free(sm->user);
1309 wpabuf_free(sm->assoc_wps_ie);
1310 wpabuf_free(sm->assoc_p2p_ie);
1316 * eap_sm_notify_cached - Notify EAP state machine of cached PMK
1317 * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
1319 * This function is called when PMKSA caching is used to skip EAP
1322 void eap_sm_notify_cached(struct eap_sm *sm)
1327 sm->EAP_state = EAP_SUCCESS;
1332 * eap_sm_pending_cb - EAP state machine callback for a pending EAP request
1333 * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
1335 * This function is called when data for a pending EAP-Request is received.
1337 void eap_sm_pending_cb(struct eap_sm *sm)
1341 wpa_printf(MSG_DEBUG, "EAP: Callback for pending request received");
1342 if (sm->method_pending == METHOD_PENDING_WAIT)
1343 sm->method_pending = METHOD_PENDING_CONT;
1348 * eap_sm_method_pending - Query whether EAP method is waiting for pending data
1349 * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
1350 * Returns: 1 if method is waiting for pending data or 0 if not
1352 int eap_sm_method_pending(struct eap_sm *sm)
1356 return sm->method_pending == METHOD_PENDING_WAIT;
1361 * eap_get_identity - Get the user identity (from EAP-Response/Identity)
1362 * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
1363 * @len: Buffer for returning identity length
1364 * Returns: Pointer to the user identity or %NULL if not available
1366 const u8 * eap_get_identity(struct eap_sm *sm, size_t *len)
1368 *len = sm->identity_len;
1369 return sm->identity;
1374 * eap_get_interface - Get pointer to EAP-EAPOL interface data
1375 * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
1376 * Returns: Pointer to the EAP-EAPOL interface data
1378 struct eap_eapol_interface * eap_get_interface(struct eap_sm *sm)
1385 * eap_server_clear_identity - Clear EAP identity information
1386 * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
1388 * This function can be used to clear the EAP identity information in the EAP
1389 * server context. This allows the EAP/Identity method to be used again after
1390 * EAPOL-Start or EAPOL-Logoff.
1392 void eap_server_clear_identity(struct eap_sm *sm)
1394 os_free(sm->identity);
1395 sm->identity = NULL;