1 /*
2  * hostapd / EAP Full Authenticator state machine (RFC 4137)
3  * Copyright (c) 2004-2014, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  *
8  * This state machine is based on the full authenticator state machine defined
9  * in RFC 4137. However, to support backend authentication in RADIUS
10  * authentication server functionality, parts of backend authenticator (also
11  * from RFC 4137) are mixed in. This functionality is enabled by setting
12  * backend_auth configuration variable to TRUE.
13  */
14 
15 #include "includes.h"
16 
17 #include "common.h"
18 #include "crypto/sha256.h"
19 #include "eap_i.h"
20 #include "state_machine.h"
21 #include "common/wpa_ctrl.h"
22 
23 #define STATE_MACHINE_DATA struct eap_sm
24 #define STATE_MACHINE_DEBUG_PREFIX "EAP"
25 
26 #define EAP_MAX_AUTH_ROUNDS 50
27 
28 static void eap_user_free(struct eap_user *user);
29 
30 
31 /* EAP state machines are described in RFC 4137 */
32 
33 static int eap_sm_calculateTimeout(struct eap_sm *sm, int retransCount,
34 				   int eapSRTT, int eapRTTVAR,
35 				   int methodTimeout);
36 static void eap_sm_parseEapResp(struct eap_sm *sm, const struct wpabuf *resp);
37 static int eap_sm_getId(const struct wpabuf *data);
38 static struct wpabuf * eap_sm_buildSuccess(struct eap_sm *sm, u8 id);
39 static struct wpabuf * eap_sm_buildFailure(struct eap_sm *sm, u8 id);
40 static int eap_sm_nextId(struct eap_sm *sm, int id);
41 static void eap_sm_Policy_update(struct eap_sm *sm, const u8 *nak_list,
42 				 size_t len);
43 static EapType eap_sm_Policy_getNextMethod(struct eap_sm *sm, int *vendor);
44 static int eap_sm_Policy_getDecision(struct eap_sm *sm);
45 static Boolean eap_sm_Policy_doPickUp(struct eap_sm *sm, EapType method);
46 
47 
eap_get_erp_send_reauth_start(struct eap_sm * sm)48 static int eap_get_erp_send_reauth_start(struct eap_sm *sm)
49 {
50 	if (sm->eapol_cb->get_erp_send_reauth_start)
51 		return sm->eapol_cb->get_erp_send_reauth_start(sm->eapol_ctx);
52 	return 0;
53 }
54 
55 
eap_get_erp_domain(struct eap_sm * sm)56 static const char * eap_get_erp_domain(struct eap_sm *sm)
57 {
58 	if (sm->eapol_cb->get_erp_domain)
59 		return sm->eapol_cb->get_erp_domain(sm->eapol_ctx);
60 	return NULL;
61 }
62 
63 
64 #ifdef CONFIG_ERP
65 
eap_erp_get_key(struct eap_sm * sm,const char * keyname)66 static struct eap_server_erp_key * eap_erp_get_key(struct eap_sm *sm,
67 						   const char *keyname)
68 {
69 	if (sm->eapol_cb->erp_get_key)
70 		return sm->eapol_cb->erp_get_key(sm->eapol_ctx, keyname);
71 	return NULL;
72 }
73 
74 
eap_erp_add_key(struct eap_sm * sm,struct eap_server_erp_key * erp)75 static int eap_erp_add_key(struct eap_sm *sm, struct eap_server_erp_key *erp)
76 {
77 	if (sm->eapol_cb->erp_add_key)
78 		return sm->eapol_cb->erp_add_key(sm->eapol_ctx, erp);
79 	return -1;
80 }
81 
82 #endif /* CONFIG_ERP */
83 
84 
eap_sm_buildInitiateReauthStart(struct eap_sm * sm,u8 id)85 static struct wpabuf * eap_sm_buildInitiateReauthStart(struct eap_sm *sm,
86 						       u8 id)
87 {
88 	const char *domain;
89 	size_t plen = 1;
90 	struct wpabuf *msg;
91 	size_t domain_len = 0;
92 
93 	domain = eap_get_erp_domain(sm);
94 	if (domain) {
95 		domain_len = os_strlen(domain);
96 		plen += 2 + domain_len;
97 	}
98 
99 	msg = eap_msg_alloc(EAP_VENDOR_IETF,
100 			    (EapType) EAP_ERP_TYPE_REAUTH_START, plen,
101 			    EAP_CODE_INITIATE, id);
102 	if (msg == NULL)
103 		return NULL;
104 	wpabuf_put_u8(msg, 0); /* Reserved */
105 	if (domain) {
106 		/* Domain name TLV */
107 		wpabuf_put_u8(msg, EAP_ERP_TLV_DOMAIN_NAME);
108 		wpabuf_put_u8(msg, domain_len);
109 		wpabuf_put_data(msg, domain, domain_len);
110 	}
111 
112 	return msg;
113 }
114 
115 
eap_copy_buf(struct wpabuf ** dst,const struct wpabuf * src)116 static int eap_copy_buf(struct wpabuf **dst, const struct wpabuf *src)
117 {
118 	if (src == NULL)
119 		return -1;
120 
121 	wpabuf_free(*dst);
122 	*dst = wpabuf_dup(src);
123 	return *dst ? 0 : -1;
124 }
125 
126 
eap_copy_data(u8 ** dst,size_t * dst_len,const u8 * src,size_t src_len)127 static int eap_copy_data(u8 **dst, size_t *dst_len,
128 			 const u8 *src, size_t src_len)
129 {
130 	if (src == NULL)
131 		return -1;
132 
133 	os_free(*dst);
134 	*dst = os_malloc(src_len);
135 	if (*dst) {
136 		os_memcpy(*dst, src, src_len);
137 		*dst_len = src_len;
138 		return 0;
139 	} else {
140 		*dst_len = 0;
141 		return -1;
142 	}
143 }
144 
145 #define EAP_COPY(dst, src) \
146 	eap_copy_data((dst), (dst ## Len), (src), (src ## Len))
147 
148 
149 /**
150  * eap_user_get - Fetch user information from the database
151  * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
152  * @identity: Identity (User-Name) of the user
153  * @identity_len: Length of identity in bytes
154  * @phase2: 0 = EAP phase1 user, 1 = EAP phase2 (tunneled) user
155  * Returns: 0 on success, or -1 on failure
156  *
157  * This function is used to fetch user information for EAP. The user will be
158  * selected based on the specified identity. sm->user and
159  * sm->user_eap_method_index are updated for the new user when a matching user
160  * is found. sm->user can be used to get user information (e.g., password).
161  */
eap_user_get(struct eap_sm * sm,const u8 * identity,size_t identity_len,int phase2)162 int eap_user_get(struct eap_sm *sm, const u8 *identity, size_t identity_len,
163 		 int phase2)
164 {
165 	struct eap_user *user;
166 
167 	if (sm == NULL || sm->eapol_cb == NULL ||
168 	    sm->eapol_cb->get_eap_user == NULL)
169 		return -1;
170 
171 	eap_user_free(sm->user);
172 	sm->user = NULL;
173 
174 	user = os_zalloc(sizeof(*user));
175 	if (user == NULL)
176 	    return -1;
177 
178 	if (sm->eapol_cb->get_eap_user(sm->eapol_ctx, identity,
179 				       identity_len, phase2, user) != 0) {
180 		eap_user_free(user);
181 		return -1;
182 	}
183 
184 	sm->user = user;
185 	sm->user_eap_method_index = 0;
186 
187 	return 0;
188 }
189 
190 
eap_log_msg(struct eap_sm * sm,const char * fmt,...)191 void eap_log_msg(struct eap_sm *sm, const char *fmt, ...)
192 {
193 	va_list ap;
194 	char *buf;
195 	int buflen;
196 
197 	if (sm == NULL || sm->eapol_cb == NULL || sm->eapol_cb->log_msg == NULL)
198 		return;
199 
200 	va_start(ap, fmt);
201 	buflen = vsnprintf(NULL, 0, fmt, ap) + 1;
202 	va_end(ap);
203 
204 	buf = os_malloc(buflen);
205 	if (buf == NULL)
206 		return;
207 	va_start(ap, fmt);
208 	vsnprintf(buf, buflen, fmt, ap);
209 	va_end(ap);
210 
211 	sm->eapol_cb->log_msg(sm->eapol_ctx, buf);
212 
213 	os_free(buf);
214 }
215 
216 
SM_STATE(EAP,DISABLED)217 SM_STATE(EAP, DISABLED)
218 {
219 	SM_ENTRY(EAP, DISABLED);
220 	sm->num_rounds = 0;
221 }
222 
223 
SM_STATE(EAP,INITIALIZE)224 SM_STATE(EAP, INITIALIZE)
225 {
226 	SM_ENTRY(EAP, INITIALIZE);
227 
228 	if (sm->eap_if.eapRestart && !sm->eap_server && sm->identity) {
229 		/*
230 		 * Need to allow internal Identity method to be used instead
231 		 * of passthrough at the beginning of reauthentication.
232 		 */
233 		eap_server_clear_identity(sm);
234 	}
235 
236 	sm->try_initiate_reauth = FALSE;
237 	sm->currentId = -1;
238 	sm->eap_if.eapSuccess = FALSE;
239 	sm->eap_if.eapFail = FALSE;
240 	sm->eap_if.eapTimeout = FALSE;
241 	bin_clear_free(sm->eap_if.eapKeyData, sm->eap_if.eapKeyDataLen);
242 	sm->eap_if.eapKeyData = NULL;
243 	sm->eap_if.eapKeyDataLen = 0;
244 	os_free(sm->eap_if.eapSessionId);
245 	sm->eap_if.eapSessionId = NULL;
246 	sm->eap_if.eapSessionIdLen = 0;
247 	sm->eap_if.eapKeyAvailable = FALSE;
248 	sm->eap_if.eapRestart = FALSE;
249 
250 	/*
251 	 * This is not defined in RFC 4137, but method state needs to be
252 	 * reseted here so that it does not remain in success state when
253 	 * re-authentication starts.
254 	 */
255 	if (sm->m && sm->eap_method_priv) {
256 		sm->m->reset(sm, sm->eap_method_priv);
257 		sm->eap_method_priv = NULL;
258 	}
259 	sm->m = NULL;
260 	sm->user_eap_method_index = 0;
261 
262 	if (sm->backend_auth) {
263 		sm->currentMethod = EAP_TYPE_NONE;
264 		/* parse rxResp, respId, respMethod */
265 		eap_sm_parseEapResp(sm, sm->eap_if.eapRespData);
266 		if (sm->rxResp) {
267 			sm->currentId = sm->respId;
268 		}
269 	}
270 	sm->num_rounds = 0;
271 	sm->method_pending = METHOD_PENDING_NONE;
272 
273 	wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_STARTED
274 		MACSTR, MAC2STR(sm->peer_addr));
275 }
276 
277 
SM_STATE(EAP,PICK_UP_METHOD)278 SM_STATE(EAP, PICK_UP_METHOD)
279 {
280 	SM_ENTRY(EAP, PICK_UP_METHOD);
281 
282 	if (eap_sm_Policy_doPickUp(sm, sm->respMethod)) {
283 		sm->currentMethod = sm->respMethod;
284 		if (sm->m && sm->eap_method_priv) {
285 			sm->m->reset(sm, sm->eap_method_priv);
286 			sm->eap_method_priv = NULL;
287 		}
288 		sm->m = eap_server_get_eap_method(EAP_VENDOR_IETF,
289 						  sm->currentMethod);
290 		if (sm->m && sm->m->initPickUp) {
291 			sm->eap_method_priv = sm->m->initPickUp(sm);
292 			if (sm->eap_method_priv == NULL) {
293 				wpa_printf(MSG_DEBUG, "EAP: Failed to "
294 					   "initialize EAP method %d",
295 					   sm->currentMethod);
296 				sm->m = NULL;
297 				sm->currentMethod = EAP_TYPE_NONE;
298 			}
299 		} else {
300 			sm->m = NULL;
301 			sm->currentMethod = EAP_TYPE_NONE;
302 		}
303 	}
304 
305 	wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_PROPOSED_METHOD
306 		"method=%u", sm->currentMethod);
307 }
308 
309 
SM_STATE(EAP,IDLE)310 SM_STATE(EAP, IDLE)
311 {
312 	SM_ENTRY(EAP, IDLE);
313 
314 	sm->eap_if.retransWhile = eap_sm_calculateTimeout(
315 		sm, sm->retransCount, sm->eap_if.eapSRTT, sm->eap_if.eapRTTVAR,
316 		sm->methodTimeout);
317 }
318 
319 
SM_STATE(EAP,RETRANSMIT)320 SM_STATE(EAP, RETRANSMIT)
321 {
322 	SM_ENTRY(EAP, RETRANSMIT);
323 
324 	sm->retransCount++;
325 	if (sm->retransCount <= sm->MaxRetrans && sm->lastReqData) {
326 		if (eap_copy_buf(&sm->eap_if.eapReqData, sm->lastReqData) == 0)
327 			sm->eap_if.eapReq = TRUE;
328 	}
329 }
330 
331 
SM_STATE(EAP,RECEIVED)332 SM_STATE(EAP, RECEIVED)
333 {
334 	SM_ENTRY(EAP, RECEIVED);
335 
336 	/* parse rxResp, respId, respMethod */
337 	eap_sm_parseEapResp(sm, sm->eap_if.eapRespData);
338 	sm->num_rounds++;
339 }
340 
341 
SM_STATE(EAP,DISCARD)342 SM_STATE(EAP, DISCARD)
343 {
344 	SM_ENTRY(EAP, DISCARD);
345 	sm->eap_if.eapResp = FALSE;
346 	sm->eap_if.eapNoReq = TRUE;
347 }
348 
349 
SM_STATE(EAP,SEND_REQUEST)350 SM_STATE(EAP, SEND_REQUEST)
351 {
352 	SM_ENTRY(EAP, SEND_REQUEST);
353 
354 	sm->retransCount = 0;
355 	if (sm->eap_if.eapReqData) {
356 		if (eap_copy_buf(&sm->lastReqData, sm->eap_if.eapReqData) == 0)
357 		{
358 			sm->eap_if.eapResp = FALSE;
359 			sm->eap_if.eapReq = TRUE;
360 		} else {
361 			sm->eap_if.eapResp = FALSE;
362 			sm->eap_if.eapReq = FALSE;
363 		}
364 	} else {
365 		wpa_printf(MSG_INFO, "EAP: SEND_REQUEST - no eapReqData");
366 		sm->eap_if.eapResp = FALSE;
367 		sm->eap_if.eapReq = FALSE;
368 		sm->eap_if.eapNoReq = TRUE;
369 	}
370 }
371 
372 
SM_STATE(EAP,INTEGRITY_CHECK)373 SM_STATE(EAP, INTEGRITY_CHECK)
374 {
375 	SM_ENTRY(EAP, INTEGRITY_CHECK);
376 
377 	if (!eap_hdr_len_valid(sm->eap_if.eapRespData, 1)) {
378 		sm->ignore = TRUE;
379 		return;
380 	}
381 
382 	if (sm->m->check) {
383 		sm->ignore = sm->m->check(sm, sm->eap_method_priv,
384 					  sm->eap_if.eapRespData);
385 	}
386 }
387 
388 
SM_STATE(EAP,METHOD_REQUEST)389 SM_STATE(EAP, METHOD_REQUEST)
390 {
391 	SM_ENTRY(EAP, METHOD_REQUEST);
392 
393 	if (sm->m == NULL) {
394 		wpa_printf(MSG_DEBUG, "EAP: method not initialized");
395 		return;
396 	}
397 
398 	sm->currentId = eap_sm_nextId(sm, sm->currentId);
399 	wpa_printf(MSG_DEBUG, "EAP: building EAP-Request: Identifier %d",
400 		   sm->currentId);
401 	sm->lastId = sm->currentId;
402 	wpabuf_free(sm->eap_if.eapReqData);
403 	sm->eap_if.eapReqData = sm->m->buildReq(sm, sm->eap_method_priv,
404 						sm->currentId);
405 	if (sm->m->getTimeout)
406 		sm->methodTimeout = sm->m->getTimeout(sm, sm->eap_method_priv);
407 	else
408 		sm->methodTimeout = 0;
409 }
410 
411 
eap_server_erp_init(struct eap_sm * sm)412 static void eap_server_erp_init(struct eap_sm *sm)
413 {
414 #ifdef CONFIG_ERP
415 	u8 *emsk = NULL;
416 	size_t emsk_len = 0;
417 	u8 EMSKname[EAP_EMSK_NAME_LEN];
418 	u8 len[2], ctx[3];
419 	const char *domain;
420 	size_t domain_len, nai_buf_len;
421 	struct eap_server_erp_key *erp = NULL;
422 	int pos;
423 
424 	domain = eap_get_erp_domain(sm);
425 	if (!domain)
426 		return;
427 
428 	domain_len = os_strlen(domain);
429 
430 	nai_buf_len = 2 * EAP_EMSK_NAME_LEN + 1 + domain_len;
431 	if (nai_buf_len > 253) {
432 		/*
433 		 * keyName-NAI has a maximum length of 253 octet to fit in
434 		 * RADIUS attributes.
435 		 */
436 		wpa_printf(MSG_DEBUG,
437 			   "EAP: Too long realm for ERP keyName-NAI maximum length");
438 		return;
439 	}
440 	nai_buf_len++; /* null termination */
441 	erp = os_zalloc(sizeof(*erp) + nai_buf_len);
442 	if (erp == NULL)
443 		goto fail;
444 	erp->recv_seq = (u32) -1;
445 
446 	emsk = sm->m->get_emsk(sm, sm->eap_method_priv, &emsk_len);
447 	if (!emsk || emsk_len == 0 || emsk_len > ERP_MAX_KEY_LEN) {
448 		wpa_printf(MSG_DEBUG,
449 			   "EAP: No suitable EMSK available for ERP");
450 		goto fail;
451 	}
452 
453 	wpa_hexdump_key(MSG_DEBUG, "EAP: EMSK", emsk, emsk_len);
454 
455 	WPA_PUT_BE16(len, EAP_EMSK_NAME_LEN);
456 	if (hmac_sha256_kdf(sm->eap_if.eapSessionId, sm->eap_if.eapSessionIdLen,
457 			    "EMSK", len, sizeof(len),
458 			    EMSKname, EAP_EMSK_NAME_LEN) < 0) {
459 		wpa_printf(MSG_DEBUG, "EAP: Could not derive EMSKname");
460 		goto fail;
461 	}
462 	wpa_hexdump(MSG_DEBUG, "EAP: EMSKname", EMSKname, EAP_EMSK_NAME_LEN);
463 
464 	pos = wpa_snprintf_hex(erp->keyname_nai, nai_buf_len,
465 			       EMSKname, EAP_EMSK_NAME_LEN);
466 	erp->keyname_nai[pos] = '@';
467 	os_memcpy(&erp->keyname_nai[pos + 1], domain, domain_len);
468 
469 	WPA_PUT_BE16(len, emsk_len);
470 	if (hmac_sha256_kdf(emsk, emsk_len,
471 			    "EAP Re-authentication Root Key@ietf.org",
472 			    len, sizeof(len), erp->rRK, emsk_len) < 0) {
473 		wpa_printf(MSG_DEBUG, "EAP: Could not derive rRK for ERP");
474 		goto fail;
475 	}
476 	erp->rRK_len = emsk_len;
477 	wpa_hexdump_key(MSG_DEBUG, "EAP: ERP rRK", erp->rRK, erp->rRK_len);
478 
479 	ctx[0] = EAP_ERP_CS_HMAC_SHA256_128;
480 	WPA_PUT_BE16(&ctx[1], erp->rRK_len);
481 	if (hmac_sha256_kdf(erp->rRK, erp->rRK_len,
482 			    "Re-authentication Integrity Key@ietf.org",
483 			    ctx, sizeof(ctx), erp->rIK, erp->rRK_len) < 0) {
484 		wpa_printf(MSG_DEBUG, "EAP: Could not derive rIK for ERP");
485 		goto fail;
486 	}
487 	erp->rIK_len = erp->rRK_len;
488 	wpa_hexdump_key(MSG_DEBUG, "EAP: ERP rIK", erp->rIK, erp->rIK_len);
489 
490 	if (eap_erp_add_key(sm, erp) == 0) {
491 		wpa_printf(MSG_DEBUG, "EAP: Stored ERP keys %s",
492 			   erp->keyname_nai);
493 		erp = NULL;
494 	}
495 
496 fail:
497 	bin_clear_free(emsk, emsk_len);
498 	bin_clear_free(erp, sizeof(*erp));
499 #endif /* CONFIG_ERP */
500 }
501 
502 
SM_STATE(EAP,METHOD_RESPONSE)503 SM_STATE(EAP, METHOD_RESPONSE)
504 {
505 	SM_ENTRY(EAP, METHOD_RESPONSE);
506 
507 	if (!eap_hdr_len_valid(sm->eap_if.eapRespData, 1))
508 		return;
509 
510 	sm->m->process(sm, sm->eap_method_priv, sm->eap_if.eapRespData);
511 	if (sm->m->isDone(sm, sm->eap_method_priv)) {
512 		eap_sm_Policy_update(sm, NULL, 0);
513 		bin_clear_free(sm->eap_if.eapKeyData, sm->eap_if.eapKeyDataLen);
514 		if (sm->m->getKey) {
515 			sm->eap_if.eapKeyData = sm->m->getKey(
516 				sm, sm->eap_method_priv,
517 				&sm->eap_if.eapKeyDataLen);
518 		} else {
519 			sm->eap_if.eapKeyData = NULL;
520 			sm->eap_if.eapKeyDataLen = 0;
521 		}
522 		os_free(sm->eap_if.eapSessionId);
523 		sm->eap_if.eapSessionId = NULL;
524 		if (sm->m->getSessionId) {
525 			sm->eap_if.eapSessionId = sm->m->getSessionId(
526 				sm, sm->eap_method_priv,
527 				&sm->eap_if.eapSessionIdLen);
528 			wpa_hexdump(MSG_DEBUG, "EAP: Session-Id",
529 				    sm->eap_if.eapSessionId,
530 				    sm->eap_if.eapSessionIdLen);
531 		}
532 		if (sm->erp && sm->m->get_emsk && sm->eap_if.eapSessionId)
533 			eap_server_erp_init(sm);
534 		sm->methodState = METHOD_END;
535 	} else {
536 		sm->methodState = METHOD_CONTINUE;
537 	}
538 }
539 
540 
SM_STATE(EAP,PROPOSE_METHOD)541 SM_STATE(EAP, PROPOSE_METHOD)
542 {
543 	int vendor;
544 	EapType type;
545 
546 	SM_ENTRY(EAP, PROPOSE_METHOD);
547 
548 	sm->try_initiate_reauth = FALSE;
549 try_another_method:
550 	type = eap_sm_Policy_getNextMethod(sm, &vendor);
551 	if (vendor == EAP_VENDOR_IETF)
552 		sm->currentMethod = type;
553 	else
554 		sm->currentMethod = EAP_TYPE_EXPANDED;
555 	if (sm->m && sm->eap_method_priv) {
556 		sm->m->reset(sm, sm->eap_method_priv);
557 		sm->eap_method_priv = NULL;
558 	}
559 	sm->m = eap_server_get_eap_method(vendor, type);
560 	if (sm->m) {
561 		sm->eap_method_priv = sm->m->init(sm);
562 		if (sm->eap_method_priv == NULL) {
563 			wpa_printf(MSG_DEBUG, "EAP: Failed to initialize EAP "
564 				   "method %d", sm->currentMethod);
565 			sm->m = NULL;
566 			sm->currentMethod = EAP_TYPE_NONE;
567 			goto try_another_method;
568 		}
569 	}
570 	if (sm->m == NULL) {
571 		wpa_printf(MSG_DEBUG, "EAP: Could not find suitable EAP method");
572 		eap_log_msg(sm, "Could not find suitable EAP method");
573 		sm->decision = DECISION_FAILURE;
574 		return;
575 	}
576 	if (sm->currentMethod == EAP_TYPE_IDENTITY ||
577 	    sm->currentMethod == EAP_TYPE_NOTIFICATION)
578 		sm->methodState = METHOD_CONTINUE;
579 	else
580 		sm->methodState = METHOD_PROPOSED;
581 
582 	wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_PROPOSED_METHOD
583 		"vendor=%u method=%u", vendor, sm->currentMethod);
584 	eap_log_msg(sm, "Propose EAP method vendor=%u method=%u",
585 		    vendor, sm->currentMethod);
586 }
587 
588 
SM_STATE(EAP,NAK)589 SM_STATE(EAP, NAK)
590 {
591 	const struct eap_hdr *nak;
592 	size_t len = 0;
593 	const u8 *pos;
594 	const u8 *nak_list = NULL;
595 
596 	SM_ENTRY(EAP, NAK);
597 
598 	if (sm->eap_method_priv) {
599 		sm->m->reset(sm, sm->eap_method_priv);
600 		sm->eap_method_priv = NULL;
601 	}
602 	sm->m = NULL;
603 
604 	if (!eap_hdr_len_valid(sm->eap_if.eapRespData, 1))
605 		return;
606 
607 	nak = wpabuf_head(sm->eap_if.eapRespData);
608 	if (nak && wpabuf_len(sm->eap_if.eapRespData) > sizeof(*nak)) {
609 		len = be_to_host16(nak->length);
610 		if (len > wpabuf_len(sm->eap_if.eapRespData))
611 			len = wpabuf_len(sm->eap_if.eapRespData);
612 		pos = (const u8 *) (nak + 1);
613 		len -= sizeof(*nak);
614 		if (*pos == EAP_TYPE_NAK) {
615 			pos++;
616 			len--;
617 			nak_list = pos;
618 		}
619 	}
620 	eap_sm_Policy_update(sm, nak_list, len);
621 }
622 
623 
SM_STATE(EAP,SELECT_ACTION)624 SM_STATE(EAP, SELECT_ACTION)
625 {
626 	SM_ENTRY(EAP, SELECT_ACTION);
627 
628 	sm->decision = eap_sm_Policy_getDecision(sm);
629 }
630 
631 
SM_STATE(EAP,TIMEOUT_FAILURE)632 SM_STATE(EAP, TIMEOUT_FAILURE)
633 {
634 	SM_ENTRY(EAP, TIMEOUT_FAILURE);
635 
636 	sm->eap_if.eapTimeout = TRUE;
637 }
638 
639 
SM_STATE(EAP,FAILURE)640 SM_STATE(EAP, FAILURE)
641 {
642 	SM_ENTRY(EAP, FAILURE);
643 
644 	wpabuf_free(sm->eap_if.eapReqData);
645 	sm->eap_if.eapReqData = eap_sm_buildFailure(sm, sm->currentId);
646 	wpabuf_free(sm->lastReqData);
647 	sm->lastReqData = NULL;
648 	sm->eap_if.eapFail = TRUE;
649 
650 	wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_FAILURE
651 		MACSTR, MAC2STR(sm->peer_addr));
652 }
653 
654 
SM_STATE(EAP,SUCCESS)655 SM_STATE(EAP, SUCCESS)
656 {
657 	SM_ENTRY(EAP, SUCCESS);
658 
659 	wpabuf_free(sm->eap_if.eapReqData);
660 	sm->eap_if.eapReqData = eap_sm_buildSuccess(sm, sm->currentId);
661 	wpabuf_free(sm->lastReqData);
662 	sm->lastReqData = NULL;
663 	if (sm->eap_if.eapKeyData)
664 		sm->eap_if.eapKeyAvailable = TRUE;
665 	sm->eap_if.eapSuccess = TRUE;
666 
667 	wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_SUCCESS
668 		MACSTR, MAC2STR(sm->peer_addr));
669 }
670 
671 
SM_STATE(EAP,INITIATE_REAUTH_START)672 SM_STATE(EAP, INITIATE_REAUTH_START)
673 {
674 	SM_ENTRY(EAP, INITIATE_REAUTH_START);
675 
676 	sm->initiate_reauth_start_sent = TRUE;
677 	sm->try_initiate_reauth = TRUE;
678 	sm->currentId = eap_sm_nextId(sm, sm->currentId);
679 	wpa_printf(MSG_DEBUG,
680 		   "EAP: building EAP-Initiate-Re-auth-Start: Identifier %d",
681 		   sm->currentId);
682 	sm->lastId = sm->currentId;
683 	wpabuf_free(sm->eap_if.eapReqData);
684 	sm->eap_if.eapReqData = eap_sm_buildInitiateReauthStart(sm,
685 								sm->currentId);
686 	wpabuf_free(sm->lastReqData);
687 	sm->lastReqData = NULL;
688 }
689 
690 
691 #ifdef CONFIG_ERP
692 
erp_send_finish_reauth(struct eap_sm * sm,struct eap_server_erp_key * erp,u8 id,u8 flags,u16 seq,const char * nai)693 static void erp_send_finish_reauth(struct eap_sm *sm,
694 				   struct eap_server_erp_key *erp, u8 id,
695 				   u8 flags, u16 seq, const char *nai)
696 {
697 	size_t plen;
698 	struct wpabuf *msg;
699 	u8 hash[SHA256_MAC_LEN];
700 	size_t hash_len;
701 	u8 seed[4];
702 
703 	if (erp) {
704 		switch (erp->cryptosuite) {
705 		case EAP_ERP_CS_HMAC_SHA256_256:
706 			hash_len = 32;
707 			break;
708 		case EAP_ERP_CS_HMAC_SHA256_128:
709 			hash_len = 16;
710 			break;
711 		default:
712 			return;
713 		}
714 	} else
715 		hash_len = 0;
716 
717 	plen = 1 + 2 + 2 + os_strlen(nai);
718 	if (hash_len)
719 		plen += 1 + hash_len;
720 	msg = eap_msg_alloc(EAP_VENDOR_IETF, (EapType) EAP_ERP_TYPE_REAUTH,
721 			    plen, EAP_CODE_FINISH, id);
722 	if (msg == NULL)
723 		return;
724 	wpabuf_put_u8(msg, flags);
725 	wpabuf_put_be16(msg, seq);
726 
727 	wpabuf_put_u8(msg, EAP_ERP_TLV_KEYNAME_NAI);
728 	wpabuf_put_u8(msg, os_strlen(nai));
729 	wpabuf_put_str(msg, nai);
730 
731 	if (erp) {
732 		wpabuf_put_u8(msg, erp->cryptosuite);
733 		if (hmac_sha256(erp->rIK, erp->rIK_len,
734 				wpabuf_head(msg), wpabuf_len(msg), hash) < 0) {
735 			wpabuf_free(msg);
736 			return;
737 		}
738 		wpabuf_put_data(msg, hash, hash_len);
739 	}
740 
741 	wpa_printf(MSG_DEBUG, "EAP: Send EAP-Finish/Re-auth (%s)",
742 		   flags & 0x80 ? "failure" : "success");
743 
744 	sm->lastId = sm->currentId;
745 	sm->currentId = id;
746 	wpabuf_free(sm->eap_if.eapReqData);
747 	sm->eap_if.eapReqData = msg;
748 	wpabuf_free(sm->lastReqData);
749 	sm->lastReqData = NULL;
750 
751 	if ((flags & 0x80) || !erp) {
752 		sm->eap_if.eapFail = TRUE;
753 		wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_FAILURE
754 			MACSTR, MAC2STR(sm->peer_addr));
755 		return;
756 	}
757 
758 	bin_clear_free(sm->eap_if.eapKeyData, sm->eap_if.eapKeyDataLen);
759 	sm->eap_if.eapKeyDataLen = 0;
760 	sm->eap_if.eapKeyData = os_malloc(erp->rRK_len);
761 	if (!sm->eap_if.eapKeyData)
762 		return;
763 
764 	WPA_PUT_BE16(seed, seq);
765 	WPA_PUT_BE16(&seed[2], erp->rRK_len);
766 	if (hmac_sha256_kdf(erp->rRK, erp->rRK_len,
767 			    "Re-authentication Master Session Key@ietf.org",
768 			    seed, sizeof(seed),
769 			    sm->eap_if.eapKeyData, erp->rRK_len) < 0) {
770 		wpa_printf(MSG_DEBUG, "EAP: Could not derive rMSK for ERP");
771 		bin_clear_free(sm->eap_if.eapKeyData, erp->rRK_len);
772 		sm->eap_if.eapKeyData = NULL;
773 		return;
774 	}
775 	sm->eap_if.eapKeyDataLen = erp->rRK_len;
776 	sm->eap_if.eapKeyAvailable = TRUE;
777 	wpa_hexdump_key(MSG_DEBUG, "EAP: ERP rMSK",
778 			sm->eap_if.eapKeyData, sm->eap_if.eapKeyDataLen);
779 	sm->eap_if.eapSuccess = TRUE;
780 
781 	wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_SUCCESS
782 		MACSTR, MAC2STR(sm->peer_addr));
783 }
784 
785 
SM_STATE(EAP,INITIATE_RECEIVED)786 SM_STATE(EAP, INITIATE_RECEIVED)
787 {
788 	const u8 *pos, *end, *start, *tlvs, *hdr;
789 	const struct eap_hdr *ehdr;
790 	size_t len;
791 	u8 flags;
792 	u16 seq;
793 	char nai[254];
794 	struct eap_server_erp_key *erp;
795 	int max_len;
796 	u8 hash[SHA256_MAC_LEN];
797 	size_t hash_len;
798 	struct erp_tlvs parse;
799 	u8 resp_flags = 0x80; /* default to failure; cleared on success */
800 
801 	SM_ENTRY(EAP, INITIATE_RECEIVED);
802 
803 	sm->rxInitiate = FALSE;
804 
805 	pos = eap_hdr_validate(EAP_VENDOR_IETF, (EapType) EAP_ERP_TYPE_REAUTH,
806 			       sm->eap_if.eapRespData, &len);
807 	if (pos == NULL) {
808 		wpa_printf(MSG_INFO, "EAP-Initiate: Invalid frame");
809 		goto fail;
810 	}
811 	hdr = wpabuf_head(sm->eap_if.eapRespData);
812 	ehdr = wpabuf_head(sm->eap_if.eapRespData);
813 
814 	wpa_hexdump(MSG_DEBUG, "EAP: EAP-Initiate/Re-Auth", pos, len);
815 	if (len < 4) {
816 		wpa_printf(MSG_INFO, "EAP: Too short EAP-Initiate/Re-auth");
817 		goto fail;
818 	}
819 	end = pos + len;
820 
821 	flags = *pos++;
822 	seq = WPA_GET_BE16(pos);
823 	pos += 2;
824 	wpa_printf(MSG_DEBUG, "EAP: Flags=0x%x SEQ=%u", flags, seq);
825 	tlvs = pos;
826 
827 	/*
828 	 * Parse TVs/TLVs. Since we do not yet know the length of the
829 	 * Authentication Tag, stop parsing if an unknown TV/TLV is seen and
830 	 * just try to find the keyName-NAI first so that we can check the
831 	 * Authentication Tag.
832 	 */
833 	if (erp_parse_tlvs(tlvs, end, &parse, 1) < 0)
834 		goto fail;
835 
836 	if (!parse.keyname) {
837 		wpa_printf(MSG_DEBUG,
838 			   "EAP: No keyName-NAI in EAP-Initiate/Re-auth Packet");
839 		goto fail;
840 	}
841 
842 	wpa_hexdump_ascii(MSG_DEBUG, "EAP: EAP-Initiate/Re-auth - keyName-NAI",
843 			  parse.keyname, parse.keyname_len);
844 	if (parse.keyname_len > 253) {
845 		wpa_printf(MSG_DEBUG,
846 			   "EAP: Too long keyName-NAI in EAP-Initiate/Re-auth");
847 		goto fail;
848 	}
849 	os_memcpy(nai, parse.keyname, parse.keyname_len);
850 	nai[parse.keyname_len] = '\0';
851 
852 	if (!sm->eap_server) {
853 		/*
854 		 * In passthrough case, EAP-Initiate/Re-auth replaces
855 		 * EAP Identity exchange. Use keyName-NAI as the user identity
856 		 * and forward EAP-Initiate/Re-auth to the backend
857 		 * authentication server.
858 		 */
859 		wpa_printf(MSG_DEBUG,
860 			   "EAP: Use keyName-NAI as user identity for backend authentication");
861 		eap_server_clear_identity(sm);
862 		sm->identity = (u8 *) dup_binstr(parse.keyname,
863 						 parse.keyname_len);
864 		if (!sm->identity)
865 			goto fail;
866 		sm->identity_len = parse.keyname_len;
867 		return;
868 	}
869 
870 	erp = eap_erp_get_key(sm, nai);
871 	if (!erp) {
872 		wpa_printf(MSG_DEBUG, "EAP: No matching ERP key found for %s",
873 			   nai);
874 		goto report_error;
875 	}
876 
877 	if (erp->recv_seq != (u32) -1 && erp->recv_seq >= seq) {
878 		wpa_printf(MSG_DEBUG,
879 			   "EAP: SEQ=%u replayed (already received SEQ=%u)",
880 			   seq, erp->recv_seq);
881 		goto fail;
882 	}
883 
884 	/* Is there enough room for Cryptosuite and Authentication Tag? */
885 	start = parse.keyname + parse.keyname_len;
886 	max_len = end - start;
887 	if (max_len <
888 	    1 + (erp->cryptosuite == EAP_ERP_CS_HMAC_SHA256_256 ? 32 : 16)) {
889 		wpa_printf(MSG_DEBUG,
890 			   "EAP: Not enough room for Authentication Tag");
891 		goto fail;
892 	}
893 
894 	switch (erp->cryptosuite) {
895 	case EAP_ERP_CS_HMAC_SHA256_256:
896 		if (end[-33] != erp->cryptosuite) {
897 			wpa_printf(MSG_DEBUG,
898 				   "EAP: Different Cryptosuite used");
899 			goto fail;
900 		}
901 		hash_len = 32;
902 		break;
903 	case EAP_ERP_CS_HMAC_SHA256_128:
904 		if (end[-17] != erp->cryptosuite) {
905 			wpa_printf(MSG_DEBUG,
906 				   "EAP: Different Cryptosuite used");
907 			goto fail;
908 		}
909 		hash_len = 16;
910 		break;
911 	default:
912 		hash_len = 0;
913 		break;
914 	}
915 
916 	if (hash_len) {
917 		if (hmac_sha256(erp->rIK, erp->rIK_len, hdr,
918 				end - hdr - hash_len, hash) < 0)
919 			goto fail;
920 		if (os_memcmp(end - hash_len, hash, hash_len) != 0) {
921 			wpa_printf(MSG_DEBUG,
922 				   "EAP: Authentication Tag mismatch");
923 			goto fail;
924 		}
925 	}
926 
927 	/* Check if any supported CS results in matching tag */
928 	if (!hash_len && max_len >= 1 + 32 &&
929 	    end[-33] == EAP_ERP_CS_HMAC_SHA256_256) {
930 		if (hmac_sha256(erp->rIK, erp->rIK_len, hdr,
931 				end - hdr - 32, hash) < 0)
932 			goto fail;
933 		if (os_memcmp(end - 32, hash, 32) == 0) {
934 			wpa_printf(MSG_DEBUG,
935 				   "EAP: Authentication Tag match using HMAC-SHA256-256");
936 			hash_len = 32;
937 			erp->cryptosuite = EAP_ERP_CS_HMAC_SHA256_256;
938 		}
939 	}
940 
941 	if (!hash_len && end[-17] == EAP_ERP_CS_HMAC_SHA256_128) {
942 		if (hmac_sha256(erp->rIK, erp->rIK_len, hdr,
943 				end - hdr - 16, hash) < 0)
944 			goto fail;
945 		if (os_memcmp(end - 16, hash, 16) == 0) {
946 			wpa_printf(MSG_DEBUG,
947 				   "EAP: Authentication Tag match using HMAC-SHA256-128");
948 			hash_len = 16;
949 			erp->cryptosuite = EAP_ERP_CS_HMAC_SHA256_128;
950 		}
951 	}
952 
953 	if (!hash_len) {
954 		wpa_printf(MSG_DEBUG,
955 			   "EAP: No supported cryptosuite matched Authentication Tag");
956 		goto fail;
957 	}
958 	end -= 1 + hash_len;
959 
960 	/*
961 	 * Parse TVs/TLVs again now that we know the exact part of the buffer
962 	 * that contains them.
963 	 */
964 	wpa_hexdump(MSG_DEBUG, "EAP: EAP-Initiate/Re-Auth TVs/TLVs",
965 		    tlvs, end - tlvs);
966 	if (erp_parse_tlvs(tlvs, end, &parse, 0) < 0)
967 		goto fail;
968 
969 	wpa_printf(MSG_DEBUG, "EAP: ERP key %s SEQ updated to %u",
970 		   erp->keyname_nai, seq);
971 	erp->recv_seq = seq;
972 	resp_flags &= ~0x80; /* R=0 - success */
973 
974 report_error:
975 	erp_send_finish_reauth(sm, erp, ehdr->identifier, resp_flags, seq, nai);
976 	return;
977 
978 fail:
979 	sm->ignore = TRUE;
980 }
981 
982 #endif /* CONFIG_ERP */
983 
984 
SM_STATE(EAP,INITIALIZE_PASSTHROUGH)985 SM_STATE(EAP, INITIALIZE_PASSTHROUGH)
986 {
987 	SM_ENTRY(EAP, INITIALIZE_PASSTHROUGH);
988 
989 	wpabuf_free(sm->eap_if.aaaEapRespData);
990 	sm->eap_if.aaaEapRespData = NULL;
991 	sm->try_initiate_reauth = FALSE;
992 }
993 
994 
SM_STATE(EAP,IDLE2)995 SM_STATE(EAP, IDLE2)
996 {
997 	SM_ENTRY(EAP, IDLE2);
998 
999 	sm->eap_if.retransWhile = eap_sm_calculateTimeout(
1000 		sm, sm->retransCount, sm->eap_if.eapSRTT, sm->eap_if.eapRTTVAR,
1001 		sm->methodTimeout);
1002 }
1003 
1004 
SM_STATE(EAP,RETRANSMIT2)1005 SM_STATE(EAP, RETRANSMIT2)
1006 {
1007 	SM_ENTRY(EAP, RETRANSMIT2);
1008 
1009 	sm->retransCount++;
1010 	if (sm->retransCount <= sm->MaxRetrans && sm->lastReqData) {
1011 		if (eap_copy_buf(&sm->eap_if.eapReqData, sm->lastReqData) == 0)
1012 			sm->eap_if.eapReq = TRUE;
1013 	}
1014 }
1015 
1016 
SM_STATE(EAP,RECEIVED2)1017 SM_STATE(EAP, RECEIVED2)
1018 {
1019 	SM_ENTRY(EAP, RECEIVED2);
1020 
1021 	/* parse rxResp, respId, respMethod */
1022 	eap_sm_parseEapResp(sm, sm->eap_if.eapRespData);
1023 }
1024 
1025 
SM_STATE(EAP,DISCARD2)1026 SM_STATE(EAP, DISCARD2)
1027 {
1028 	SM_ENTRY(EAP, DISCARD2);
1029 	sm->eap_if.eapResp = FALSE;
1030 	sm->eap_if.eapNoReq = TRUE;
1031 }
1032 
1033 
SM_STATE(EAP,SEND_REQUEST2)1034 SM_STATE(EAP, SEND_REQUEST2)
1035 {
1036 	SM_ENTRY(EAP, SEND_REQUEST2);
1037 
1038 	sm->retransCount = 0;
1039 	if (sm->eap_if.eapReqData) {
1040 		if (eap_copy_buf(&sm->lastReqData, sm->eap_if.eapReqData) == 0)
1041 		{
1042 			sm->eap_if.eapResp = FALSE;
1043 			sm->eap_if.eapReq = TRUE;
1044 		} else {
1045 			sm->eap_if.eapResp = FALSE;
1046 			sm->eap_if.eapReq = FALSE;
1047 		}
1048 	} else {
1049 		wpa_printf(MSG_INFO, "EAP: SEND_REQUEST2 - no eapReqData");
1050 		sm->eap_if.eapResp = FALSE;
1051 		sm->eap_if.eapReq = FALSE;
1052 		sm->eap_if.eapNoReq = TRUE;
1053 	}
1054 }
1055 
1056 
SM_STATE(EAP,AAA_REQUEST)1057 SM_STATE(EAP, AAA_REQUEST)
1058 {
1059 	SM_ENTRY(EAP, AAA_REQUEST);
1060 
1061 	if (sm->eap_if.eapRespData == NULL) {
1062 		wpa_printf(MSG_INFO, "EAP: AAA_REQUEST - no eapRespData");
1063 		return;
1064 	}
1065 
1066 	/*
1067 	 * if (respMethod == IDENTITY)
1068 	 *	aaaIdentity = eapRespData
1069 	 * This is already taken care of by the EAP-Identity method which
1070 	 * stores the identity into sm->identity.
1071 	 */
1072 
1073 	eap_copy_buf(&sm->eap_if.aaaEapRespData, sm->eap_if.eapRespData);
1074 }
1075 
1076 
SM_STATE(EAP,AAA_RESPONSE)1077 SM_STATE(EAP, AAA_RESPONSE)
1078 {
1079 	SM_ENTRY(EAP, AAA_RESPONSE);
1080 
1081 	eap_copy_buf(&sm->eap_if.eapReqData, sm->eap_if.aaaEapReqData);
1082 	sm->currentId = eap_sm_getId(sm->eap_if.eapReqData);
1083 	sm->methodTimeout = sm->eap_if.aaaMethodTimeout;
1084 }
1085 
1086 
SM_STATE(EAP,AAA_IDLE)1087 SM_STATE(EAP, AAA_IDLE)
1088 {
1089 	SM_ENTRY(EAP, AAA_IDLE);
1090 
1091 	sm->eap_if.aaaFail = FALSE;
1092 	sm->eap_if.aaaSuccess = FALSE;
1093 	sm->eap_if.aaaEapReq = FALSE;
1094 	sm->eap_if.aaaEapNoReq = FALSE;
1095 	sm->eap_if.aaaEapResp = TRUE;
1096 }
1097 
1098 
SM_STATE(EAP,TIMEOUT_FAILURE2)1099 SM_STATE(EAP, TIMEOUT_FAILURE2)
1100 {
1101 	SM_ENTRY(EAP, TIMEOUT_FAILURE2);
1102 
1103 	sm->eap_if.eapTimeout = TRUE;
1104 }
1105 
1106 
SM_STATE(EAP,FAILURE2)1107 SM_STATE(EAP, FAILURE2)
1108 {
1109 	SM_ENTRY(EAP, FAILURE2);
1110 
1111 	eap_copy_buf(&sm->eap_if.eapReqData, sm->eap_if.aaaEapReqData);
1112 	sm->eap_if.eapFail = TRUE;
1113 }
1114 
1115 
SM_STATE(EAP,SUCCESS2)1116 SM_STATE(EAP, SUCCESS2)
1117 {
1118 	SM_ENTRY(EAP, SUCCESS2);
1119 
1120 	eap_copy_buf(&sm->eap_if.eapReqData, sm->eap_if.aaaEapReqData);
1121 
1122 	sm->eap_if.eapKeyAvailable = sm->eap_if.aaaEapKeyAvailable;
1123 	if (sm->eap_if.aaaEapKeyAvailable) {
1124 		EAP_COPY(&sm->eap_if.eapKeyData, sm->eap_if.aaaEapKeyData);
1125 	} else {
1126 		bin_clear_free(sm->eap_if.eapKeyData, sm->eap_if.eapKeyDataLen);
1127 		sm->eap_if.eapKeyData = NULL;
1128 		sm->eap_if.eapKeyDataLen = 0;
1129 	}
1130 
1131 	sm->eap_if.eapSuccess = TRUE;
1132 
1133 	/*
1134 	 * Start reauthentication with identity request even though we know the
1135 	 * previously used identity. This is needed to get reauthentication
1136 	 * started properly.
1137 	 */
1138 	sm->start_reauth = TRUE;
1139 }
1140 
1141 
SM_STEP(EAP)1142 SM_STEP(EAP)
1143 {
1144 	if (sm->eap_if.eapRestart && sm->eap_if.portEnabled)
1145 		SM_ENTER_GLOBAL(EAP, INITIALIZE);
1146 	else if (!sm->eap_if.portEnabled)
1147 		SM_ENTER_GLOBAL(EAP, DISABLED);
1148 	else if (sm->num_rounds > EAP_MAX_AUTH_ROUNDS) {
1149 		if (sm->num_rounds == EAP_MAX_AUTH_ROUNDS + 1) {
1150 			wpa_printf(MSG_DEBUG, "EAP: more than %d "
1151 				   "authentication rounds - abort",
1152 				   EAP_MAX_AUTH_ROUNDS);
1153 			sm->num_rounds++;
1154 			SM_ENTER_GLOBAL(EAP, FAILURE);
1155 		}
1156 	} else switch (sm->EAP_state) {
1157 	case EAP_INITIALIZE:
1158 		if (sm->backend_auth) {
1159 			if (!sm->rxResp)
1160 				SM_ENTER(EAP, SELECT_ACTION);
1161 			else if (sm->rxResp &&
1162 				 (sm->respMethod == EAP_TYPE_NAK ||
1163 				  (sm->respMethod == EAP_TYPE_EXPANDED &&
1164 				   sm->respVendor == EAP_VENDOR_IETF &&
1165 				   sm->respVendorMethod == EAP_TYPE_NAK)))
1166 				SM_ENTER(EAP, NAK);
1167 			else
1168 				SM_ENTER(EAP, PICK_UP_METHOD);
1169 		} else {
1170 			SM_ENTER(EAP, SELECT_ACTION);
1171 		}
1172 		break;
1173 	case EAP_PICK_UP_METHOD:
1174 		if (sm->currentMethod == EAP_TYPE_NONE) {
1175 			SM_ENTER(EAP, SELECT_ACTION);
1176 		} else {
1177 			SM_ENTER(EAP, METHOD_RESPONSE);
1178 		}
1179 		break;
1180 	case EAP_DISABLED:
1181 		if (sm->eap_if.portEnabled)
1182 			SM_ENTER(EAP, INITIALIZE);
1183 		break;
1184 	case EAP_IDLE:
1185 		if (sm->eap_if.retransWhile == 0) {
1186 			if (sm->try_initiate_reauth) {
1187 				sm->try_initiate_reauth = FALSE;
1188 				SM_ENTER(EAP, SELECT_ACTION);
1189 			} else {
1190 				SM_ENTER(EAP, RETRANSMIT);
1191 			}
1192 		} else if (sm->eap_if.eapResp)
1193 			SM_ENTER(EAP, RECEIVED);
1194 		break;
1195 	case EAP_RETRANSMIT:
1196 		if (sm->retransCount > sm->MaxRetrans)
1197 			SM_ENTER(EAP, TIMEOUT_FAILURE);
1198 		else
1199 			SM_ENTER(EAP, IDLE);
1200 		break;
1201 	case EAP_RECEIVED:
1202 		if (sm->rxResp && (sm->respId == sm->currentId) &&
1203 		    (sm->respMethod == EAP_TYPE_NAK ||
1204 		     (sm->respMethod == EAP_TYPE_EXPANDED &&
1205 		      sm->respVendor == EAP_VENDOR_IETF &&
1206 		      sm->respVendorMethod == EAP_TYPE_NAK))
1207 		    && (sm->methodState == METHOD_PROPOSED))
1208 			SM_ENTER(EAP, NAK);
1209 		else if (sm->rxResp && (sm->respId == sm->currentId) &&
1210 			 ((sm->respMethod == sm->currentMethod) ||
1211 			  (sm->respMethod == EAP_TYPE_EXPANDED &&
1212 			   sm->respVendor == EAP_VENDOR_IETF &&
1213 			   sm->respVendorMethod == sm->currentMethod)))
1214 			SM_ENTER(EAP, INTEGRITY_CHECK);
1215 #ifdef CONFIG_ERP
1216 		else if (sm->rxInitiate)
1217 			SM_ENTER(EAP, INITIATE_RECEIVED);
1218 #endif /* CONFIG_ERP */
1219 		else {
1220 			wpa_printf(MSG_DEBUG, "EAP: RECEIVED->DISCARD: "
1221 				   "rxResp=%d respId=%d currentId=%d "
1222 				   "respMethod=%d currentMethod=%d",
1223 				   sm->rxResp, sm->respId, sm->currentId,
1224 				   sm->respMethod, sm->currentMethod);
1225 			eap_log_msg(sm, "Discard received EAP message");
1226 			SM_ENTER(EAP, DISCARD);
1227 		}
1228 		break;
1229 	case EAP_DISCARD:
1230 		SM_ENTER(EAP, IDLE);
1231 		break;
1232 	case EAP_SEND_REQUEST:
1233 		SM_ENTER(EAP, IDLE);
1234 		break;
1235 	case EAP_INTEGRITY_CHECK:
1236 		if (sm->ignore)
1237 			SM_ENTER(EAP, DISCARD);
1238 		else
1239 			SM_ENTER(EAP, METHOD_RESPONSE);
1240 		break;
1241 	case EAP_METHOD_REQUEST:
1242 		if (sm->m == NULL) {
1243 			/*
1244 			 * This transition is not mentioned in RFC 4137, but it
1245 			 * is needed to handle cleanly a case where EAP method
1246 			 * initialization fails.
1247 			 */
1248 			SM_ENTER(EAP, FAILURE);
1249 			break;
1250 		}
1251 		SM_ENTER(EAP, SEND_REQUEST);
1252 		if (sm->eap_if.eapNoReq && !sm->eap_if.eapReq) {
1253 			/*
1254 			 * This transition is not mentioned in RFC 4137, but it
1255 			 * is needed to handle cleanly a case where EAP method
1256 			 * buildReq fails.
1257 			 */
1258 			wpa_printf(MSG_DEBUG,
1259 				   "EAP: Method did not return a request");
1260 			SM_ENTER(EAP, FAILURE);
1261 			break;
1262 		}
1263 		break;
1264 	case EAP_METHOD_RESPONSE:
1265 		/*
1266 		 * Note: Mechanism to allow EAP methods to wait while going
1267 		 * through pending processing is an extension to RFC 4137
1268 		 * which only defines the transits to SELECT_ACTION and
1269 		 * METHOD_REQUEST from this METHOD_RESPONSE state.
1270 		 */
1271 		if (sm->methodState == METHOD_END)
1272 			SM_ENTER(EAP, SELECT_ACTION);
1273 		else if (sm->method_pending == METHOD_PENDING_WAIT) {
1274 			wpa_printf(MSG_DEBUG, "EAP: Method has pending "
1275 				   "processing - wait before proceeding to "
1276 				   "METHOD_REQUEST state");
1277 		} else if (sm->method_pending == METHOD_PENDING_CONT) {
1278 			wpa_printf(MSG_DEBUG, "EAP: Method has completed "
1279 				   "pending processing - reprocess pending "
1280 				   "EAP message");
1281 			sm->method_pending = METHOD_PENDING_NONE;
1282 			SM_ENTER(EAP, METHOD_RESPONSE);
1283 		} else
1284 			SM_ENTER(EAP, METHOD_REQUEST);
1285 		break;
1286 	case EAP_PROPOSE_METHOD:
1287 		/*
1288 		 * Note: Mechanism to allow EAP methods to wait while going
1289 		 * through pending processing is an extension to RFC 4137
1290 		 * which only defines the transit to METHOD_REQUEST from this
1291 		 * PROPOSE_METHOD state.
1292 		 */
1293 		if (sm->method_pending == METHOD_PENDING_WAIT) {
1294 			wpa_printf(MSG_DEBUG, "EAP: Method has pending "
1295 				   "processing - wait before proceeding to "
1296 				   "METHOD_REQUEST state");
1297 			if (sm->user_eap_method_index > 0)
1298 				sm->user_eap_method_index--;
1299 		} else if (sm->method_pending == METHOD_PENDING_CONT) {
1300 			wpa_printf(MSG_DEBUG, "EAP: Method has completed "
1301 				   "pending processing - reprocess pending "
1302 				   "EAP message");
1303 			sm->method_pending = METHOD_PENDING_NONE;
1304 			SM_ENTER(EAP, PROPOSE_METHOD);
1305 		} else
1306 			SM_ENTER(EAP, METHOD_REQUEST);
1307 		break;
1308 	case EAP_NAK:
1309 		SM_ENTER(EAP, SELECT_ACTION);
1310 		break;
1311 	case EAP_SELECT_ACTION:
1312 		if (sm->decision == DECISION_FAILURE)
1313 			SM_ENTER(EAP, FAILURE);
1314 		else if (sm->decision == DECISION_SUCCESS)
1315 			SM_ENTER(EAP, SUCCESS);
1316 		else if (sm->decision == DECISION_PASSTHROUGH)
1317 			SM_ENTER(EAP, INITIALIZE_PASSTHROUGH);
1318 		else if (sm->decision == DECISION_INITIATE_REAUTH_START)
1319 			SM_ENTER(EAP, INITIATE_REAUTH_START);
1320 #ifdef CONFIG_ERP
1321 		else if (sm->eap_server && sm->erp && sm->rxInitiate)
1322 			SM_ENTER(EAP, INITIATE_RECEIVED);
1323 #endif /* CONFIG_ERP */
1324 		else
1325 			SM_ENTER(EAP, PROPOSE_METHOD);
1326 		break;
1327 	case EAP_INITIATE_REAUTH_START:
1328 		SM_ENTER(EAP, SEND_REQUEST);
1329 		break;
1330 	case EAP_INITIATE_RECEIVED:
1331 		if (!sm->eap_server)
1332 			SM_ENTER(EAP, SELECT_ACTION);
1333 		break;
1334 	case EAP_TIMEOUT_FAILURE:
1335 		break;
1336 	case EAP_FAILURE:
1337 		break;
1338 	case EAP_SUCCESS:
1339 		break;
1340 
1341 	case EAP_INITIALIZE_PASSTHROUGH:
1342 		if (sm->currentId == -1)
1343 			SM_ENTER(EAP, AAA_IDLE);
1344 		else
1345 			SM_ENTER(EAP, AAA_REQUEST);
1346 		break;
1347 	case EAP_IDLE2:
1348 		if (sm->eap_if.eapResp)
1349 			SM_ENTER(EAP, RECEIVED2);
1350 		else if (sm->eap_if.retransWhile == 0)
1351 			SM_ENTER(EAP, RETRANSMIT2);
1352 		break;
1353 	case EAP_RETRANSMIT2:
1354 		if (sm->retransCount > sm->MaxRetrans)
1355 			SM_ENTER(EAP, TIMEOUT_FAILURE2);
1356 		else
1357 			SM_ENTER(EAP, IDLE2);
1358 		break;
1359 	case EAP_RECEIVED2:
1360 		if (sm->rxResp && (sm->respId == sm->currentId))
1361 			SM_ENTER(EAP, AAA_REQUEST);
1362 		else
1363 			SM_ENTER(EAP, DISCARD2);
1364 		break;
1365 	case EAP_DISCARD2:
1366 		SM_ENTER(EAP, IDLE2);
1367 		break;
1368 	case EAP_SEND_REQUEST2:
1369 		SM_ENTER(EAP, IDLE2);
1370 		break;
1371 	case EAP_AAA_REQUEST:
1372 		SM_ENTER(EAP, AAA_IDLE);
1373 		break;
1374 	case EAP_AAA_RESPONSE:
1375 		SM_ENTER(EAP, SEND_REQUEST2);
1376 		break;
1377 	case EAP_AAA_IDLE:
1378 		if (sm->eap_if.aaaFail)
1379 			SM_ENTER(EAP, FAILURE2);
1380 		else if (sm->eap_if.aaaSuccess)
1381 			SM_ENTER(EAP, SUCCESS2);
1382 		else if (sm->eap_if.aaaEapReq)
1383 			SM_ENTER(EAP, AAA_RESPONSE);
1384 		else if (sm->eap_if.aaaTimeout)
1385 			SM_ENTER(EAP, TIMEOUT_FAILURE2);
1386 		break;
1387 	case EAP_TIMEOUT_FAILURE2:
1388 		break;
1389 	case EAP_FAILURE2:
1390 		break;
1391 	case EAP_SUCCESS2:
1392 		break;
1393 	}
1394 }
1395 
1396 
eap_sm_calculateTimeout(struct eap_sm * sm,int retransCount,int eapSRTT,int eapRTTVAR,int methodTimeout)1397 static int eap_sm_calculateTimeout(struct eap_sm *sm, int retransCount,
1398 				   int eapSRTT, int eapRTTVAR,
1399 				   int methodTimeout)
1400 {
1401 	int rto, i;
1402 
1403 	if (sm->try_initiate_reauth) {
1404 		wpa_printf(MSG_DEBUG,
1405 			   "EAP: retransmit timeout 1 second for EAP-Initiate-Re-auth-Start");
1406 		return 1;
1407 	}
1408 
1409 	if (methodTimeout) {
1410 		/*
1411 		 * EAP method (either internal or through AAA server, provided
1412 		 * timeout hint. Use that as-is as a timeout for retransmitting
1413 		 * the EAP request if no response is received.
1414 		 */
1415 		wpa_printf(MSG_DEBUG, "EAP: retransmit timeout %d seconds "
1416 			   "(from EAP method hint)", methodTimeout);
1417 		return methodTimeout;
1418 	}
1419 
1420 	/*
1421 	 * RFC 3748 recommends algorithms described in RFC 2988 for estimation
1422 	 * of the retransmission timeout. This should be implemented once
1423 	 * round-trip time measurements are available. For nowm a simple
1424 	 * backoff mechanism is used instead if there are no EAP method
1425 	 * specific hints.
1426 	 *
1427 	 * SRTT = smoothed round-trip time
1428 	 * RTTVAR = round-trip time variation
1429 	 * RTO = retransmission timeout
1430 	 */
1431 
1432 	/*
1433 	 * RFC 2988, 2.1: before RTT measurement, set RTO to 3 seconds for
1434 	 * initial retransmission and then double the RTO to provide back off
1435 	 * per 5.5. Limit the maximum RTO to 20 seconds per RFC 3748, 4.3
1436 	 * modified RTOmax.
1437 	 */
1438 	rto = 3;
1439 	for (i = 0; i < retransCount; i++) {
1440 		rto *= 2;
1441 		if (rto >= 20) {
1442 			rto = 20;
1443 			break;
1444 		}
1445 	}
1446 
1447 	wpa_printf(MSG_DEBUG, "EAP: retransmit timeout %d seconds "
1448 		   "(from dynamic back off; retransCount=%d)",
1449 		   rto, retransCount);
1450 
1451 	return rto;
1452 }
1453 
1454 
eap_sm_parseEapResp(struct eap_sm * sm,const struct wpabuf * resp)1455 static void eap_sm_parseEapResp(struct eap_sm *sm, const struct wpabuf *resp)
1456 {
1457 	const struct eap_hdr *hdr;
1458 	size_t plen;
1459 
1460 	/* parse rxResp, respId, respMethod */
1461 	sm->rxResp = FALSE;
1462 	sm->rxInitiate = FALSE;
1463 	sm->respId = -1;
1464 	sm->respMethod = EAP_TYPE_NONE;
1465 	sm->respVendor = EAP_VENDOR_IETF;
1466 	sm->respVendorMethod = EAP_TYPE_NONE;
1467 
1468 	if (resp == NULL || wpabuf_len(resp) < sizeof(*hdr)) {
1469 		wpa_printf(MSG_DEBUG, "EAP: parseEapResp: invalid resp=%p "
1470 			   "len=%lu", resp,
1471 			   resp ? (unsigned long) wpabuf_len(resp) : 0);
1472 		return;
1473 	}
1474 
1475 	hdr = wpabuf_head(resp);
1476 	plen = be_to_host16(hdr->length);
1477 	if (plen > wpabuf_len(resp)) {
1478 		wpa_printf(MSG_DEBUG, "EAP: Ignored truncated EAP-Packet "
1479 			   "(len=%lu plen=%lu)",
1480 			   (unsigned long) wpabuf_len(resp),
1481 			   (unsigned long) plen);
1482 		return;
1483 	}
1484 
1485 	sm->respId = hdr->identifier;
1486 
1487 	if (hdr->code == EAP_CODE_RESPONSE)
1488 		sm->rxResp = TRUE;
1489 	else if (hdr->code == EAP_CODE_INITIATE)
1490 		sm->rxInitiate = TRUE;
1491 
1492 	if (plen > sizeof(*hdr)) {
1493 		u8 *pos = (u8 *) (hdr + 1);
1494 		sm->respMethod = *pos++;
1495 		if (sm->respMethod == EAP_TYPE_EXPANDED) {
1496 			if (plen < sizeof(*hdr) + 8) {
1497 				wpa_printf(MSG_DEBUG, "EAP: Ignored truncated "
1498 					   "expanded EAP-Packet (plen=%lu)",
1499 					   (unsigned long) plen);
1500 				return;
1501 			}
1502 			sm->respVendor = WPA_GET_BE24(pos);
1503 			pos += 3;
1504 			sm->respVendorMethod = WPA_GET_BE32(pos);
1505 		}
1506 	}
1507 
1508 	wpa_printf(MSG_DEBUG,
1509 		   "EAP: parseEapResp: rxResp=%d rxInitiate=%d respId=%d respMethod=%u respVendor=%u respVendorMethod=%u",
1510 		   sm->rxResp, sm->rxInitiate, sm->respId, sm->respMethod,
1511 		   sm->respVendor, sm->respVendorMethod);
1512 }
1513 
1514 
eap_sm_getId(const struct wpabuf * data)1515 static int eap_sm_getId(const struct wpabuf *data)
1516 {
1517 	const struct eap_hdr *hdr;
1518 
1519 	if (data == NULL || wpabuf_len(data) < sizeof(*hdr))
1520 		return -1;
1521 
1522 	hdr = wpabuf_head(data);
1523 	wpa_printf(MSG_DEBUG, "EAP: getId: id=%d", hdr->identifier);
1524 	return hdr->identifier;
1525 }
1526 
1527 
eap_sm_buildSuccess(struct eap_sm * sm,u8 id)1528 static struct wpabuf * eap_sm_buildSuccess(struct eap_sm *sm, u8 id)
1529 {
1530 	struct wpabuf *msg;
1531 	struct eap_hdr *resp;
1532 	wpa_printf(MSG_DEBUG, "EAP: Building EAP-Success (id=%d)", id);
1533 
1534 	msg = wpabuf_alloc(sizeof(*resp));
1535 	if (msg == NULL)
1536 		return NULL;
1537 	resp = wpabuf_put(msg, sizeof(*resp));
1538 	resp->code = EAP_CODE_SUCCESS;
1539 	resp->identifier = id;
1540 	resp->length = host_to_be16(sizeof(*resp));
1541 
1542 	return msg;
1543 }
1544 
1545 
eap_sm_buildFailure(struct eap_sm * sm,u8 id)1546 static struct wpabuf * eap_sm_buildFailure(struct eap_sm *sm, u8 id)
1547 {
1548 	struct wpabuf *msg;
1549 	struct eap_hdr *resp;
1550 	wpa_printf(MSG_DEBUG, "EAP: Building EAP-Failure (id=%d)", id);
1551 
1552 	msg = wpabuf_alloc(sizeof(*resp));
1553 	if (msg == NULL)
1554 		return NULL;
1555 	resp = wpabuf_put(msg, sizeof(*resp));
1556 	resp->code = EAP_CODE_FAILURE;
1557 	resp->identifier = id;
1558 	resp->length = host_to_be16(sizeof(*resp));
1559 
1560 	return msg;
1561 }
1562 
1563 
eap_sm_nextId(struct eap_sm * sm,int id)1564 static int eap_sm_nextId(struct eap_sm *sm, int id)
1565 {
1566 	if (id < 0) {
1567 		/* RFC 3748 Ch 4.1: recommended to initialize Identifier with a
1568 		 * random number */
1569 		id = rand() & 0xff;
1570 		if (id != sm->lastId)
1571 			return id;
1572 	}
1573 	return (id + 1) & 0xff;
1574 }
1575 
1576 
1577 /**
1578  * eap_sm_process_nak - Process EAP-Response/Nak
1579  * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
1580  * @nak_list: Nak list (allowed methods) from the supplicant
1581  * @len: Length of nak_list in bytes
1582  *
1583  * This function is called when EAP-Response/Nak is received from the
1584  * supplicant. This can happen for both phase 1 and phase 2 authentications.
1585  */
eap_sm_process_nak(struct eap_sm * sm,const u8 * nak_list,size_t len)1586 void eap_sm_process_nak(struct eap_sm *sm, const u8 *nak_list, size_t len)
1587 {
1588 	int i;
1589 	size_t j;
1590 
1591 	if (sm->user == NULL)
1592 		return;
1593 
1594 	wpa_printf(MSG_MSGDUMP, "EAP: processing NAK (current EAP method "
1595 		   "index %d)", sm->user_eap_method_index);
1596 
1597 	wpa_hexdump(MSG_MSGDUMP, "EAP: configured methods",
1598 		    (u8 *) sm->user->methods,
1599 		    EAP_MAX_METHODS * sizeof(sm->user->methods[0]));
1600 	wpa_hexdump(MSG_MSGDUMP, "EAP: list of methods supported by the peer",
1601 		    nak_list, len);
1602 
1603 	i = sm->user_eap_method_index;
1604 	while (i < EAP_MAX_METHODS &&
1605 	       (sm->user->methods[i].vendor != EAP_VENDOR_IETF ||
1606 		sm->user->methods[i].method != EAP_TYPE_NONE)) {
1607 		if (sm->user->methods[i].vendor != EAP_VENDOR_IETF)
1608 			goto not_found;
1609 		for (j = 0; j < len; j++) {
1610 			if (nak_list[j] == sm->user->methods[i].method) {
1611 				break;
1612 			}
1613 		}
1614 
1615 		if (j < len) {
1616 			/* found */
1617 			i++;
1618 			continue;
1619 		}
1620 
1621 	not_found:
1622 		/* not found - remove from the list */
1623 		if (i + 1 < EAP_MAX_METHODS) {
1624 			os_memmove(&sm->user->methods[i],
1625 				   &sm->user->methods[i + 1],
1626 				   (EAP_MAX_METHODS - i - 1) *
1627 				   sizeof(sm->user->methods[0]));
1628 		}
1629 		sm->user->methods[EAP_MAX_METHODS - 1].vendor =
1630 			EAP_VENDOR_IETF;
1631 		sm->user->methods[EAP_MAX_METHODS - 1].method = EAP_TYPE_NONE;
1632 	}
1633 
1634 	wpa_hexdump(MSG_MSGDUMP, "EAP: new list of configured methods",
1635 		    (u8 *) sm->user->methods, EAP_MAX_METHODS *
1636 		    sizeof(sm->user->methods[0]));
1637 }
1638 
1639 
eap_sm_Policy_update(struct eap_sm * sm,const u8 * nak_list,size_t len)1640 static void eap_sm_Policy_update(struct eap_sm *sm, const u8 *nak_list,
1641 				 size_t len)
1642 {
1643 	if (nak_list == NULL || sm == NULL || sm->user == NULL)
1644 		return;
1645 
1646 	if (sm->user->phase2) {
1647 		wpa_printf(MSG_DEBUG, "EAP: EAP-Nak received after Phase2 user"
1648 			   " info was selected - reject");
1649 		sm->decision = DECISION_FAILURE;
1650 		return;
1651 	}
1652 
1653 	eap_sm_process_nak(sm, nak_list, len);
1654 }
1655 
1656 
eap_sm_Policy_getNextMethod(struct eap_sm * sm,int * vendor)1657 static EapType eap_sm_Policy_getNextMethod(struct eap_sm *sm, int *vendor)
1658 {
1659 	EapType next;
1660 	int idx = sm->user_eap_method_index;
1661 
1662 	/* In theory, there should be no problems with starting
1663 	 * re-authentication with something else than EAP-Request/Identity and
1664 	 * this does indeed work with wpa_supplicant. However, at least Funk
1665 	 * Supplicant seemed to ignore re-auth if it skipped
1666 	 * EAP-Request/Identity.
1667 	 * Re-auth sets currentId == -1, so that can be used here to select
1668 	 * whether Identity needs to be requested again. */
1669 	if (sm->identity == NULL || sm->currentId == -1) {
1670 		*vendor = EAP_VENDOR_IETF;
1671 		next = EAP_TYPE_IDENTITY;
1672 		sm->update_user = TRUE;
1673 	} else if (sm->user && idx < EAP_MAX_METHODS &&
1674 		   (sm->user->methods[idx].vendor != EAP_VENDOR_IETF ||
1675 		    sm->user->methods[idx].method != EAP_TYPE_NONE)) {
1676 		*vendor = sm->user->methods[idx].vendor;
1677 		next = sm->user->methods[idx].method;
1678 		sm->user_eap_method_index++;
1679 	} else {
1680 		*vendor = EAP_VENDOR_IETF;
1681 		next = EAP_TYPE_NONE;
1682 	}
1683 	wpa_printf(MSG_DEBUG, "EAP: getNextMethod: vendor %d type %d",
1684 		   *vendor, next);
1685 	return next;
1686 }
1687 
1688 
eap_sm_Policy_getDecision(struct eap_sm * sm)1689 static int eap_sm_Policy_getDecision(struct eap_sm *sm)
1690 {
1691 	if (!sm->eap_server && sm->identity && !sm->start_reauth) {
1692 		wpa_printf(MSG_DEBUG, "EAP: getDecision: -> PASSTHROUGH");
1693 		return DECISION_PASSTHROUGH;
1694 	}
1695 
1696 	if (sm->m && sm->currentMethod != EAP_TYPE_IDENTITY &&
1697 	    sm->m->isSuccess(sm, sm->eap_method_priv)) {
1698 		wpa_printf(MSG_DEBUG, "EAP: getDecision: method succeeded -> "
1699 			   "SUCCESS");
1700 		sm->update_user = TRUE;
1701 		return DECISION_SUCCESS;
1702 	}
1703 
1704 	if (sm->m && sm->m->isDone(sm, sm->eap_method_priv) &&
1705 	    !sm->m->isSuccess(sm, sm->eap_method_priv)) {
1706 		wpa_printf(MSG_DEBUG, "EAP: getDecision: method failed -> "
1707 			   "FAILURE");
1708 		sm->update_user = TRUE;
1709 		return DECISION_FAILURE;
1710 	}
1711 
1712 	if ((sm->user == NULL || sm->update_user) && sm->identity &&
1713 	    !sm->start_reauth) {
1714 		/*
1715 		 * Allow Identity method to be started once to allow identity
1716 		 * selection hint to be sent from the authentication server,
1717 		 * but prevent a loop of Identity requests by only allowing
1718 		 * this to happen once.
1719 		 */
1720 		int id_req = 0;
1721 		if (sm->user && sm->currentMethod == EAP_TYPE_IDENTITY &&
1722 		    sm->user->methods[0].vendor == EAP_VENDOR_IETF &&
1723 		    sm->user->methods[0].method == EAP_TYPE_IDENTITY)
1724 			id_req = 1;
1725 		if (eap_user_get(sm, sm->identity, sm->identity_len, 0) != 0) {
1726 			wpa_printf(MSG_DEBUG, "EAP: getDecision: user not "
1727 				   "found from database -> FAILURE");
1728 			return DECISION_FAILURE;
1729 		}
1730 		if (id_req && sm->user &&
1731 		    sm->user->methods[0].vendor == EAP_VENDOR_IETF &&
1732 		    sm->user->methods[0].method == EAP_TYPE_IDENTITY) {
1733 			wpa_printf(MSG_DEBUG, "EAP: getDecision: stop "
1734 				   "identity request loop -> FAILURE");
1735 			sm->update_user = TRUE;
1736 			return DECISION_FAILURE;
1737 		}
1738 		sm->update_user = FALSE;
1739 	}
1740 	sm->start_reauth = FALSE;
1741 
1742 	if (sm->user && sm->user_eap_method_index < EAP_MAX_METHODS &&
1743 	    (sm->user->methods[sm->user_eap_method_index].vendor !=
1744 	     EAP_VENDOR_IETF ||
1745 	     sm->user->methods[sm->user_eap_method_index].method !=
1746 	     EAP_TYPE_NONE)) {
1747 		wpa_printf(MSG_DEBUG, "EAP: getDecision: another method "
1748 			   "available -> CONTINUE");
1749 		return DECISION_CONTINUE;
1750 	}
1751 
1752 	if (!sm->identity && eap_get_erp_send_reauth_start(sm) &&
1753 	    !sm->initiate_reauth_start_sent) {
1754 		wpa_printf(MSG_DEBUG,
1755 			   "EAP: getDecision: send EAP-Initiate/Re-auth-Start");
1756 		return DECISION_INITIATE_REAUTH_START;
1757 	}
1758 
1759 	if (sm->identity == NULL || sm->currentId == -1) {
1760 		wpa_printf(MSG_DEBUG, "EAP: getDecision: no identity known "
1761 			   "yet -> CONTINUE");
1762 		return DECISION_CONTINUE;
1763 	}
1764 
1765 	wpa_printf(MSG_DEBUG, "EAP: getDecision: no more methods available -> "
1766 		   "FAILURE");
1767 	return DECISION_FAILURE;
1768 }
1769 
1770 
eap_sm_Policy_doPickUp(struct eap_sm * sm,EapType method)1771 static Boolean eap_sm_Policy_doPickUp(struct eap_sm *sm, EapType method)
1772 {
1773 	return method == EAP_TYPE_IDENTITY ? TRUE : FALSE;
1774 }
1775 
1776 
1777 /**
1778  * eap_server_sm_step - Step EAP server state machine
1779  * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
1780  * Returns: 1 if EAP state was changed or 0 if not
1781  *
1782  * This function advances EAP state machine to a new state to match with the
1783  * current variables. This should be called whenever variables used by the EAP
1784  * state machine have changed.
1785  */
eap_server_sm_step(struct eap_sm * sm)1786 int eap_server_sm_step(struct eap_sm *sm)
1787 {
1788 	int res = 0;
1789 	do {
1790 		sm->changed = FALSE;
1791 		SM_STEP_RUN(EAP);
1792 		if (sm->changed)
1793 			res = 1;
1794 	} while (sm->changed);
1795 	return res;
1796 }
1797 
1798 
eap_user_free(struct eap_user * user)1799 static void eap_user_free(struct eap_user *user)
1800 {
1801 	if (user == NULL)
1802 		return;
1803 	bin_clear_free(user->password, user->password_len);
1804 	user->password = NULL;
1805 	os_free(user);
1806 }
1807 
1808 
1809 /**
1810  * eap_server_sm_init - Allocate and initialize EAP server state machine
1811  * @eapol_ctx: Context data to be used with eapol_cb calls
1812  * @eapol_cb: Pointer to EAPOL callback functions
1813  * @conf: EAP configuration
1814  * Returns: Pointer to the allocated EAP state machine or %NULL on failure
1815  *
1816  * This function allocates and initializes an EAP state machine.
1817  */
eap_server_sm_init(void * eapol_ctx,const struct eapol_callbacks * eapol_cb,struct eap_config * conf)1818 struct eap_sm * eap_server_sm_init(void *eapol_ctx,
1819 				   const struct eapol_callbacks *eapol_cb,
1820 				   struct eap_config *conf)
1821 {
1822 	struct eap_sm *sm;
1823 
1824 	sm = os_zalloc(sizeof(*sm));
1825 	if (sm == NULL)
1826 		return NULL;
1827 	sm->eapol_ctx = eapol_ctx;
1828 	sm->eapol_cb = eapol_cb;
1829 	sm->MaxRetrans = 5; /* RFC 3748: max 3-5 retransmissions suggested */
1830 	sm->ssl_ctx = conf->ssl_ctx;
1831 	sm->msg_ctx = conf->msg_ctx;
1832 	sm->eap_sim_db_priv = conf->eap_sim_db_priv;
1833 	sm->backend_auth = conf->backend_auth;
1834 	sm->eap_server = conf->eap_server;
1835 	if (conf->pac_opaque_encr_key) {
1836 		sm->pac_opaque_encr_key = os_malloc(16);
1837 		if (sm->pac_opaque_encr_key) {
1838 			os_memcpy(sm->pac_opaque_encr_key,
1839 				  conf->pac_opaque_encr_key, 16);
1840 		}
1841 	}
1842 	if (conf->eap_fast_a_id) {
1843 		sm->eap_fast_a_id = os_malloc(conf->eap_fast_a_id_len);
1844 		if (sm->eap_fast_a_id) {
1845 			os_memcpy(sm->eap_fast_a_id, conf->eap_fast_a_id,
1846 				  conf->eap_fast_a_id_len);
1847 			sm->eap_fast_a_id_len = conf->eap_fast_a_id_len;
1848 		}
1849 	}
1850 	if (conf->eap_fast_a_id_info)
1851 		sm->eap_fast_a_id_info = os_strdup(conf->eap_fast_a_id_info);
1852 	sm->eap_fast_prov = conf->eap_fast_prov;
1853 	sm->pac_key_lifetime = conf->pac_key_lifetime;
1854 	sm->pac_key_refresh_time = conf->pac_key_refresh_time;
1855 	sm->eap_sim_aka_result_ind = conf->eap_sim_aka_result_ind;
1856 	sm->tnc = conf->tnc;
1857 	sm->wps = conf->wps;
1858 	if (conf->assoc_wps_ie)
1859 		sm->assoc_wps_ie = wpabuf_dup(conf->assoc_wps_ie);
1860 	if (conf->assoc_p2p_ie)
1861 		sm->assoc_p2p_ie = wpabuf_dup(conf->assoc_p2p_ie);
1862 	if (conf->peer_addr)
1863 		os_memcpy(sm->peer_addr, conf->peer_addr, ETH_ALEN);
1864 	sm->fragment_size = conf->fragment_size;
1865 	sm->pwd_group = conf->pwd_group;
1866 	sm->pbc_in_m1 = conf->pbc_in_m1;
1867 	sm->server_id = conf->server_id;
1868 	sm->server_id_len = conf->server_id_len;
1869 	sm->erp = conf->erp;
1870 	sm->tls_session_lifetime = conf->tls_session_lifetime;
1871 
1872 #ifdef CONFIG_TESTING_OPTIONS
1873 	sm->tls_test_flags = conf->tls_test_flags;
1874 #endif /* CONFIG_TESTING_OPTIONS */
1875 
1876 	wpa_printf(MSG_DEBUG, "EAP: Server state machine created");
1877 
1878 	return sm;
1879 }
1880 
1881 
1882 /**
1883  * eap_server_sm_deinit - Deinitialize and free an EAP server state machine
1884  * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
1885  *
1886  * This function deinitializes EAP state machine and frees all allocated
1887  * resources.
1888  */
eap_server_sm_deinit(struct eap_sm * sm)1889 void eap_server_sm_deinit(struct eap_sm *sm)
1890 {
1891 	if (sm == NULL)
1892 		return;
1893 	wpa_printf(MSG_DEBUG, "EAP: Server state machine removed");
1894 	if (sm->m && sm->eap_method_priv)
1895 		sm->m->reset(sm, sm->eap_method_priv);
1896 	wpabuf_free(sm->eap_if.eapReqData);
1897 	bin_clear_free(sm->eap_if.eapKeyData, sm->eap_if.eapKeyDataLen);
1898 	os_free(sm->eap_if.eapSessionId);
1899 	wpabuf_free(sm->lastReqData);
1900 	wpabuf_free(sm->eap_if.eapRespData);
1901 	os_free(sm->identity);
1902 	os_free(sm->pac_opaque_encr_key);
1903 	os_free(sm->eap_fast_a_id);
1904 	os_free(sm->eap_fast_a_id_info);
1905 	wpabuf_free(sm->eap_if.aaaEapReqData);
1906 	wpabuf_free(sm->eap_if.aaaEapRespData);
1907 	bin_clear_free(sm->eap_if.aaaEapKeyData, sm->eap_if.aaaEapKeyDataLen);
1908 	eap_user_free(sm->user);
1909 	wpabuf_free(sm->assoc_wps_ie);
1910 	wpabuf_free(sm->assoc_p2p_ie);
1911 	os_free(sm);
1912 }
1913 
1914 
1915 /**
1916  * eap_sm_notify_cached - Notify EAP state machine of cached PMK
1917  * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
1918  *
1919  * This function is called when PMKSA caching is used to skip EAP
1920  * authentication.
1921  */
eap_sm_notify_cached(struct eap_sm * sm)1922 void eap_sm_notify_cached(struct eap_sm *sm)
1923 {
1924 	if (sm == NULL)
1925 		return;
1926 
1927 	sm->EAP_state = EAP_SUCCESS;
1928 }
1929 
1930 
1931 /**
1932  * eap_sm_pending_cb - EAP state machine callback for a pending EAP request
1933  * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
1934  *
1935  * This function is called when data for a pending EAP-Request is received.
1936  */
eap_sm_pending_cb(struct eap_sm * sm)1937 void eap_sm_pending_cb(struct eap_sm *sm)
1938 {
1939 	if (sm == NULL)
1940 		return;
1941 	wpa_printf(MSG_DEBUG, "EAP: Callback for pending request received");
1942 	if (sm->method_pending == METHOD_PENDING_WAIT)
1943 		sm->method_pending = METHOD_PENDING_CONT;
1944 }
1945 
1946 
1947 /**
1948  * eap_sm_method_pending - Query whether EAP method is waiting for pending data
1949  * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
1950  * Returns: 1 if method is waiting for pending data or 0 if not
1951  */
eap_sm_method_pending(struct eap_sm * sm)1952 int eap_sm_method_pending(struct eap_sm *sm)
1953 {
1954 	if (sm == NULL)
1955 		return 0;
1956 	return sm->method_pending == METHOD_PENDING_WAIT;
1957 }
1958 
1959 
1960 /**
1961  * eap_get_identity - Get the user identity (from EAP-Response/Identity)
1962  * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
1963  * @len: Buffer for returning identity length
1964  * Returns: Pointer to the user identity or %NULL if not available
1965  */
eap_get_identity(struct eap_sm * sm,size_t * len)1966 const u8 * eap_get_identity(struct eap_sm *sm, size_t *len)
1967 {
1968 	*len = sm->identity_len;
1969 	return sm->identity;
1970 }
1971 
1972 
eap_erp_update_identity(struct eap_sm * sm,const u8 * eap,size_t len)1973 void eap_erp_update_identity(struct eap_sm *sm, const u8 *eap, size_t len)
1974 {
1975 #ifdef CONFIG_ERP
1976 	const struct eap_hdr *hdr;
1977 	const u8 *pos, *end;
1978 	struct erp_tlvs parse;
1979 
1980 	if (len < sizeof(*hdr) + 1)
1981 		return;
1982 	hdr = (const struct eap_hdr *) eap;
1983 	end = eap + len;
1984 	pos = (const u8 *) (hdr + 1);
1985 	if (hdr->code != EAP_CODE_INITIATE || *pos != EAP_ERP_TYPE_REAUTH)
1986 		return;
1987 	pos++;
1988 	if (pos + 3 > end)
1989 		return;
1990 
1991 	/* Skip Flags and SEQ */
1992 	pos += 3;
1993 
1994 	if (erp_parse_tlvs(pos, end, &parse, 1) < 0 || !parse.keyname)
1995 		return;
1996 	wpa_hexdump_ascii(MSG_DEBUG,
1997 			  "EAP: Update identity based on EAP-Initiate/Re-auth keyName-NAI",
1998 			  parse.keyname, parse.keyname_len);
1999 	os_free(sm->identity);
2000 	sm->identity = os_malloc(parse.keyname_len);
2001 	if (sm->identity) {
2002 		os_memcpy(sm->identity, parse.keyname, parse.keyname_len);
2003 		sm->identity_len = parse.keyname_len;
2004 	} else {
2005 		sm->identity_len = 0;
2006 	}
2007 #endif /* CONFIG_ERP */
2008 }
2009 
2010 
2011 /**
2012  * eap_get_interface - Get pointer to EAP-EAPOL interface data
2013  * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
2014  * Returns: Pointer to the EAP-EAPOL interface data
2015  */
eap_get_interface(struct eap_sm * sm)2016 struct eap_eapol_interface * eap_get_interface(struct eap_sm *sm)
2017 {
2018 	return &sm->eap_if;
2019 }
2020 
2021 
2022 /**
2023  * eap_server_clear_identity - Clear EAP identity information
2024  * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
2025  *
2026  * This function can be used to clear the EAP identity information in the EAP
2027  * server context. This allows the EAP/Identity method to be used again after
2028  * EAPOL-Start or EAPOL-Logoff.
2029  */
eap_server_clear_identity(struct eap_sm * sm)2030 void eap_server_clear_identity(struct eap_sm *sm)
2031 {
2032 	os_free(sm->identity);
2033 	sm->identity = NULL;
2034 }
2035 
2036 
2037 #ifdef CONFIG_TESTING_OPTIONS
eap_server_mschap_rx_callback(struct eap_sm * sm,const char * source,const u8 * username,size_t username_len,const u8 * challenge,const u8 * response)2038 void eap_server_mschap_rx_callback(struct eap_sm *sm, const char *source,
2039 				   const u8 *username, size_t username_len,
2040 				   const u8 *challenge, const u8 *response)
2041 {
2042 	char hex_challenge[30], hex_response[90], user[100];
2043 
2044 	/* Print out Challenge and Response in format supported by asleap. */
2045 	if (username)
2046 		printf_encode(user, sizeof(user), username, username_len);
2047 	else
2048 		user[0] = '\0';
2049 	wpa_snprintf_hex_sep(hex_challenge, sizeof(hex_challenge),
2050 			     challenge, sizeof(challenge), ':');
2051 	wpa_snprintf_hex_sep(hex_response, sizeof(hex_response), response, 24,
2052 			     ':');
2053 	wpa_printf(MSG_DEBUG, "[%s/user=%s] asleap -C %s -R %s",
2054 		   source, user, hex_challenge, hex_response);
2055 }
2056 #endif /* CONFIG_TESTING_OPTIONS */
2057