18d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* 28d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP common peer/server definitions 361d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt * Copyright (c) 2004-2012, Jouni Malinen <j@w1.fi> 48d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 5c5ec7f57ead87efa365800228aa0b09a12d9e6c4Dmitry Shmidt * This software may be distributed under the terms of the BSD license. 6c5ec7f57ead87efa365800228aa0b09a12d9e6c4Dmitry Shmidt * See README for more details. 78d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 88d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 98d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#include "includes.h" 108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#include "common.h" 128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#include "eap_defs.h" 138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#include "eap_common.h" 148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/** 1661d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt * eap_hdr_len_valid - Validate EAP header length field 1761d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt * @msg: EAP frame (starting with EAP header) 1861d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt * @min_payload: Minimum payload length needed 1961d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt * Returns: 1 for valid header, 0 for invalid 2061d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt * 2161d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt * This is a helper function that does minimal validation of EAP messages. The 2261d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt * length field is verified to be large enough to include the header and not 2361d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt * too large to go beyond the end of the buffer. 2461d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt */ 2561d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidtint eap_hdr_len_valid(const struct wpabuf *msg, size_t min_payload) 2661d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt{ 2761d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt const struct eap_hdr *hdr; 2861d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt size_t len; 2961d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt 3061d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt if (msg == NULL) 3161d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt return 0; 3261d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt 3361d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt hdr = wpabuf_head(msg); 3461d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt 3561d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt if (wpabuf_len(msg) < sizeof(*hdr)) { 3661d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt wpa_printf(MSG_INFO, "EAP: Too short EAP frame"); 3761d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt return 0; 3861d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt } 3961d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt 4061d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt len = be_to_host16(hdr->length); 4161d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt if (len < sizeof(*hdr) + min_payload || len > wpabuf_len(msg)) { 4261d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt wpa_printf(MSG_INFO, "EAP: Invalid EAP length"); 4361d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt return 0; 4461d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt } 4561d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt 4661d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt return 1; 4761d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt} 4861d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt 4961d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt 5061d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt/** 518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * eap_hdr_validate - Validate EAP header 528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @vendor: Expected EAP Vendor-Id (0 = IETF) 538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @eap_type: Expected EAP type number 548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @msg: EAP frame (starting with EAP header) 558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @plen: Pointer to variable to contain the returned payload length 568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Returns: Pointer to EAP payload (after type field), or %NULL on failure 578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This is a helper function for EAP method implementations. This is usually 598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * called in the beginning of struct eap_method::process() function to verify 608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * that the received EAP request packet has a valid header. This function is 618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * able to process both legacy and expanded EAP headers and in most cases, the 628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * caller can just use the returned payload pointer (into *plen) for processing 638d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * the payload regardless of whether the packet used the expanded EAP header or 648d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * not. 658d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 668d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtconst u8 * eap_hdr_validate(int vendor, EapType eap_type, 678d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const struct wpabuf *msg, size_t *plen) 688d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt{ 698d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const struct eap_hdr *hdr; 708d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const u8 *pos; 718d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t len; 728d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 7361d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt if (!eap_hdr_len_valid(msg, 1)) 748d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt return NULL; 758d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 7661d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt hdr = wpabuf_head(msg); 778d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt len = be_to_host16(hdr->length); 788d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt pos = (const u8 *) (hdr + 1); 798d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 808d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt if (*pos == EAP_TYPE_EXPANDED) { 818d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int exp_vendor; 828d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u32 exp_type; 838d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt if (len < sizeof(*hdr) + 8) { 848d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt wpa_printf(MSG_INFO, "EAP: Invalid expanded EAP " 858d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt "length"); 868d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt return NULL; 878d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt } 888d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt pos++; 898d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt exp_vendor = WPA_GET_BE24(pos); 908d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt pos += 3; 918d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt exp_type = WPA_GET_BE32(pos); 928d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt pos += 4; 938d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt if (exp_vendor != vendor || exp_type != (u32) eap_type) { 948d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt wpa_printf(MSG_INFO, "EAP: Invalid expanded frame " 958d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt "type"); 968d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt return NULL; 978d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt } 988d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 998d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt *plen = len - sizeof(*hdr) - 8; 1008d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt return pos; 1018d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt } else { 1028d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt if (vendor != EAP_VENDOR_IETF || *pos != eap_type) { 1038d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt wpa_printf(MSG_INFO, "EAP: Invalid frame type"); 1048d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt return NULL; 1058d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt } 1068d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt *plen = len - sizeof(*hdr) - 1; 1078d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt return pos + 1; 1088d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt } 1098d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt} 1108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/** 1138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * eap_msg_alloc - Allocate a buffer for an EAP message 1148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @vendor: Vendor-Id (0 = IETF) 1158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @type: EAP type 1168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @payload_len: Payload length in bytes (data after Type) 1178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @code: Message Code (EAP_CODE_*) 1188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @identifier: Identifier 1198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Returns: Pointer to the allocated message buffer or %NULL on error 1208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This function can be used to allocate a buffer for an EAP message and fill 1228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * in the EAP header. This function is automatically using expanded EAP header 1238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * if the selected Vendor-Id is not IETF. In other words, most EAP methods do 1248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * not need to separately select which header type to use when using this 1258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * function to allocate the message buffers. The returned buffer has room for 1268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * payload_len bytes and has the EAP header and Type field already filled in. 1278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 1288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct wpabuf * eap_msg_alloc(int vendor, EapType type, size_t payload_len, 1298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 code, u8 identifier) 1308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt{ 1318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct wpabuf *buf; 1328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct eap_hdr *hdr; 1338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t len; 1348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt len = sizeof(struct eap_hdr) + (vendor == EAP_VENDOR_IETF ? 1 : 8) + 1368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt payload_len; 1378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt buf = wpabuf_alloc(len); 1388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt if (buf == NULL) 1398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt return NULL; 1408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt hdr = wpabuf_put(buf, sizeof(*hdr)); 1428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt hdr->code = code; 1438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt hdr->identifier = identifier; 1448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt hdr->length = host_to_be16(len); 1458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt if (vendor == EAP_VENDOR_IETF) { 1478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt wpabuf_put_u8(buf, type); 1488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt } else { 1498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt wpabuf_put_u8(buf, EAP_TYPE_EXPANDED); 1508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt wpabuf_put_be24(buf, vendor); 1518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt wpabuf_put_be32(buf, type); 1528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt } 1538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt return buf; 1558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt} 1568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/** 1598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * eap_update_len - Update EAP header length 1608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @msg: EAP message from eap_msg_alloc 1618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This function updates the length field in the EAP header to match with the 1638d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * current length for the buffer. This allows eap_msg_alloc() to be used to 1648d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * allocate a larger buffer than the exact message length (e.g., if exact 1658d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * message length is not yet known). 1668d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 1678d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtvoid eap_update_len(struct wpabuf *msg) 1688d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt{ 1698d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct eap_hdr *hdr; 1708d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt hdr = wpabuf_mhead(msg); 1718d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt if (wpabuf_len(msg) < sizeof(*hdr)) 1728d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt return; 1738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt hdr->length = host_to_be16(wpabuf_len(msg)); 1748d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt} 1758d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1768d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1778d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/** 1788d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * eap_get_id - Get EAP Identifier from wpabuf 1798d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @msg: Buffer starting with an EAP header 1808d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Returns: The Identifier field from the EAP header 1818d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 1828d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtu8 eap_get_id(const struct wpabuf *msg) 1838d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt{ 1848d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const struct eap_hdr *eap; 1858d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1868d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt if (wpabuf_len(msg) < sizeof(*eap)) 1878d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt return 0; 1888d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1898d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt eap = wpabuf_head(msg); 1908d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt return eap->identifier; 1918d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt} 1928d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1938d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1948d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/** 1958d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * eap_get_id - Get EAP Type from wpabuf 1968d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @msg: Buffer starting with an EAP header 1978d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Returns: The EAP Type after the EAP header 1988d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 1998d520ff1dc2da35cdca849e982051b86468016d8Dmitry ShmidtEapType eap_get_type(const struct wpabuf *msg) 2008d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt{ 2018d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt if (wpabuf_len(msg) < sizeof(struct eap_hdr) + 1) 2028d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt return EAP_TYPE_NONE; 2038d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2048d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt return ((const u8 *) wpabuf_head(msg))[sizeof(struct eap_hdr)]; 2058d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt} 206