eap_server.c revision ebd93af924f6e54fb4982b3312ff875a4896b62b
1/*
2 * hostapd / EAP Full Authenticator state machine (RFC 4137)
3 * Copyright (c) 2004-2014, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 *
8 * This state machine is based on the full authenticator state machine defined
9 * in RFC 4137. However, to support backend authentication in RADIUS
10 * authentication server functionality, parts of backend authenticator (also
11 * from RFC 4137) are mixed in. This functionality is enabled by setting
12 * backend_auth configuration variable to TRUE.
13 */
14
15#include "includes.h"
16
17#include "common.h"
18#include "crypto/sha256.h"
19#include "eap_i.h"
20#include "state_machine.h"
21#include "common/wpa_ctrl.h"
22
23#define STATE_MACHINE_DATA struct eap_sm
24#define STATE_MACHINE_DEBUG_PREFIX "EAP"
25
26#define EAP_MAX_AUTH_ROUNDS 50
27
28static void eap_user_free(struct eap_user *user);
29
30
31/* EAP state machines are described in RFC 4137 */
32
33static int eap_sm_calculateTimeout(struct eap_sm *sm, int retransCount,
34				   int eapSRTT, int eapRTTVAR,
35				   int methodTimeout);
36static void eap_sm_parseEapResp(struct eap_sm *sm, const struct wpabuf *resp);
37static int eap_sm_getId(const struct wpabuf *data);
38static struct wpabuf * eap_sm_buildSuccess(struct eap_sm *sm, u8 id);
39static struct wpabuf * eap_sm_buildFailure(struct eap_sm *sm, u8 id);
40static int eap_sm_nextId(struct eap_sm *sm, int id);
41static void eap_sm_Policy_update(struct eap_sm *sm, const u8 *nak_list,
42				 size_t len);
43static EapType eap_sm_Policy_getNextMethod(struct eap_sm *sm, int *vendor);
44static int eap_sm_Policy_getDecision(struct eap_sm *sm);
45static Boolean eap_sm_Policy_doPickUp(struct eap_sm *sm, EapType method);
46
47
48static int eap_get_erp_send_reauth_start(struct eap_sm *sm)
49{
50	if (sm->eapol_cb->get_erp_send_reauth_start)
51		return sm->eapol_cb->get_erp_send_reauth_start(sm->eapol_ctx);
52	return 0;
53}
54
55
56static const char * eap_get_erp_domain(struct eap_sm *sm)
57{
58	if (sm->eapol_cb->get_erp_domain)
59		return sm->eapol_cb->get_erp_domain(sm->eapol_ctx);
60	return NULL;
61}
62
63
64#ifdef CONFIG_ERP
65
66static struct eap_server_erp_key * eap_erp_get_key(struct eap_sm *sm,
67						   const char *keyname)
68{
69	if (sm->eapol_cb->erp_get_key)
70		return sm->eapol_cb->erp_get_key(sm->eapol_ctx, keyname);
71	return NULL;
72}
73
74
75static int eap_erp_add_key(struct eap_sm *sm, struct eap_server_erp_key *erp)
76{
77	if (sm->eapol_cb->erp_add_key)
78		return sm->eapol_cb->erp_add_key(sm->eapol_ctx, erp);
79	return -1;
80}
81
82#endif /* CONFIG_ERP */
83
84
85static struct wpabuf * eap_sm_buildInitiateReauthStart(struct eap_sm *sm,
86						       u8 id)
87{
88	const char *domain;
89	size_t plen = 1;
90	struct wpabuf *msg;
91	size_t domain_len = 0;
92
93	domain = eap_get_erp_domain(sm);
94	if (domain) {
95		domain_len = os_strlen(domain);
96		plen += 2 + domain_len;
97	}
98
99	msg = eap_msg_alloc(EAP_VENDOR_IETF,
100			    (EapType) EAP_ERP_TYPE_REAUTH_START, plen,
101			    EAP_CODE_INITIATE, id);
102	if (msg == NULL)
103		return NULL;
104	wpabuf_put_u8(msg, 0); /* Reserved */
105	if (domain) {
106		/* Domain name TLV */
107		wpabuf_put_u8(msg, EAP_ERP_TLV_DOMAIN_NAME);
108		wpabuf_put_u8(msg, domain_len);
109		wpabuf_put_data(msg, domain, domain_len);
110	}
111
112	return msg;
113}
114
115
116static int eap_copy_buf(struct wpabuf **dst, const struct wpabuf *src)
117{
118	if (src == NULL)
119		return -1;
120
121	wpabuf_free(*dst);
122	*dst = wpabuf_dup(src);
123	return *dst ? 0 : -1;
124}
125
126
127static int eap_copy_data(u8 **dst, size_t *dst_len,
128			 const u8 *src, size_t src_len)
129{
130	if (src == NULL)
131		return -1;
132
133	os_free(*dst);
134	*dst = os_malloc(src_len);
135	if (*dst) {
136		os_memcpy(*dst, src, src_len);
137		*dst_len = src_len;
138		return 0;
139	} else {
140		*dst_len = 0;
141		return -1;
142	}
143}
144
145#define EAP_COPY(dst, src) \
146	eap_copy_data((dst), (dst ## Len), (src), (src ## Len))
147
148
149/**
150 * eap_user_get - Fetch user information from the database
151 * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
152 * @identity: Identity (User-Name) of the user
153 * @identity_len: Length of identity in bytes
154 * @phase2: 0 = EAP phase1 user, 1 = EAP phase2 (tunneled) user
155 * Returns: 0 on success, or -1 on failure
156 *
157 * This function is used to fetch user information for EAP. The user will be
158 * selected based on the specified identity. sm->user and
159 * sm->user_eap_method_index are updated for the new user when a matching user
160 * is found. sm->user can be used to get user information (e.g., password).
161 */
162int eap_user_get(struct eap_sm *sm, const u8 *identity, size_t identity_len,
163		 int phase2)
164{
165	struct eap_user *user;
166
167	if (sm == NULL || sm->eapol_cb == NULL ||
168	    sm->eapol_cb->get_eap_user == NULL)
169		return -1;
170
171	eap_user_free(sm->user);
172	sm->user = NULL;
173
174	user = os_zalloc(sizeof(*user));
175	if (user == NULL)
176	    return -1;
177
178	if (sm->eapol_cb->get_eap_user(sm->eapol_ctx, identity,
179				       identity_len, phase2, user) != 0) {
180		eap_user_free(user);
181		return -1;
182	}
183
184	sm->user = user;
185	sm->user_eap_method_index = 0;
186
187	return 0;
188}
189
190
191void eap_log_msg(struct eap_sm *sm, const char *fmt, ...)
192{
193	va_list ap;
194	char *buf;
195	int buflen;
196
197	if (sm == NULL || sm->eapol_cb == NULL || sm->eapol_cb->log_msg == NULL)
198		return;
199
200	va_start(ap, fmt);
201	buflen = vsnprintf(NULL, 0, fmt, ap) + 1;
202	va_end(ap);
203
204	buf = os_malloc(buflen);
205	if (buf == NULL)
206		return;
207	va_start(ap, fmt);
208	vsnprintf(buf, buflen, fmt, ap);
209	va_end(ap);
210
211	sm->eapol_cb->log_msg(sm->eapol_ctx, buf);
212
213	os_free(buf);
214}
215
216
217SM_STATE(EAP, DISABLED)
218{
219	SM_ENTRY(EAP, DISABLED);
220	sm->num_rounds = 0;
221}
222
223
224SM_STATE(EAP, INITIALIZE)
225{
226	SM_ENTRY(EAP, INITIALIZE);
227
228	if (sm->eap_if.eapRestart && !sm->eap_server && sm->identity) {
229		/*
230		 * Need to allow internal Identity method to be used instead
231		 * of passthrough at the beginning of reauthentication.
232		 */
233		eap_server_clear_identity(sm);
234	}
235
236	sm->try_initiate_reauth = FALSE;
237	sm->currentId = -1;
238	sm->eap_if.eapSuccess = FALSE;
239	sm->eap_if.eapFail = FALSE;
240	sm->eap_if.eapTimeout = FALSE;
241	bin_clear_free(sm->eap_if.eapKeyData, sm->eap_if.eapKeyDataLen);
242	sm->eap_if.eapKeyData = NULL;
243	sm->eap_if.eapKeyDataLen = 0;
244	os_free(sm->eap_if.eapSessionId);
245	sm->eap_if.eapSessionId = NULL;
246	sm->eap_if.eapSessionIdLen = 0;
247	sm->eap_if.eapKeyAvailable = FALSE;
248	sm->eap_if.eapRestart = FALSE;
249
250	/*
251	 * This is not defined in RFC 4137, but method state needs to be
252	 * reseted here so that it does not remain in success state when
253	 * re-authentication starts.
254	 */
255	if (sm->m && sm->eap_method_priv) {
256		sm->m->reset(sm, sm->eap_method_priv);
257		sm->eap_method_priv = NULL;
258	}
259	sm->m = NULL;
260	sm->user_eap_method_index = 0;
261
262	if (sm->backend_auth) {
263		sm->currentMethod = EAP_TYPE_NONE;
264		/* parse rxResp, respId, respMethod */
265		eap_sm_parseEapResp(sm, sm->eap_if.eapRespData);
266		if (sm->rxResp) {
267			sm->currentId = sm->respId;
268		}
269	}
270	sm->num_rounds = 0;
271	sm->method_pending = METHOD_PENDING_NONE;
272
273	wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_STARTED
274		MACSTR, MAC2STR(sm->peer_addr));
275}
276
277
278SM_STATE(EAP, PICK_UP_METHOD)
279{
280	SM_ENTRY(EAP, PICK_UP_METHOD);
281
282	if (eap_sm_Policy_doPickUp(sm, sm->respMethod)) {
283		sm->currentMethod = sm->respMethod;
284		if (sm->m && sm->eap_method_priv) {
285			sm->m->reset(sm, sm->eap_method_priv);
286			sm->eap_method_priv = NULL;
287		}
288		sm->m = eap_server_get_eap_method(EAP_VENDOR_IETF,
289						  sm->currentMethod);
290		if (sm->m && sm->m->initPickUp) {
291			sm->eap_method_priv = sm->m->initPickUp(sm);
292			if (sm->eap_method_priv == NULL) {
293				wpa_printf(MSG_DEBUG, "EAP: Failed to "
294					   "initialize EAP method %d",
295					   sm->currentMethod);
296				sm->m = NULL;
297				sm->currentMethod = EAP_TYPE_NONE;
298			}
299		} else {
300			sm->m = NULL;
301			sm->currentMethod = EAP_TYPE_NONE;
302		}
303	}
304
305	wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_PROPOSED_METHOD
306		"method=%u", sm->currentMethod);
307}
308
309
310SM_STATE(EAP, IDLE)
311{
312	SM_ENTRY(EAP, IDLE);
313
314	sm->eap_if.retransWhile = eap_sm_calculateTimeout(
315		sm, sm->retransCount, sm->eap_if.eapSRTT, sm->eap_if.eapRTTVAR,
316		sm->methodTimeout);
317}
318
319
320SM_STATE(EAP, RETRANSMIT)
321{
322	SM_ENTRY(EAP, RETRANSMIT);
323
324	sm->retransCount++;
325	if (sm->retransCount <= sm->MaxRetrans && sm->lastReqData) {
326		if (eap_copy_buf(&sm->eap_if.eapReqData, sm->lastReqData) == 0)
327			sm->eap_if.eapReq = TRUE;
328	}
329}
330
331
332SM_STATE(EAP, RECEIVED)
333{
334	SM_ENTRY(EAP, RECEIVED);
335
336	/* parse rxResp, respId, respMethod */
337	eap_sm_parseEapResp(sm, sm->eap_if.eapRespData);
338	sm->num_rounds++;
339}
340
341
342SM_STATE(EAP, DISCARD)
343{
344	SM_ENTRY(EAP, DISCARD);
345	sm->eap_if.eapResp = FALSE;
346	sm->eap_if.eapNoReq = TRUE;
347}
348
349
350SM_STATE(EAP, SEND_REQUEST)
351{
352	SM_ENTRY(EAP, SEND_REQUEST);
353
354	sm->retransCount = 0;
355	if (sm->eap_if.eapReqData) {
356		if (eap_copy_buf(&sm->lastReqData, sm->eap_if.eapReqData) == 0)
357		{
358			sm->eap_if.eapResp = FALSE;
359			sm->eap_if.eapReq = TRUE;
360		} else {
361			sm->eap_if.eapResp = FALSE;
362			sm->eap_if.eapReq = FALSE;
363		}
364	} else {
365		wpa_printf(MSG_INFO, "EAP: SEND_REQUEST - no eapReqData");
366		sm->eap_if.eapResp = FALSE;
367		sm->eap_if.eapReq = FALSE;
368		sm->eap_if.eapNoReq = TRUE;
369	}
370}
371
372
373SM_STATE(EAP, INTEGRITY_CHECK)
374{
375	SM_ENTRY(EAP, INTEGRITY_CHECK);
376
377	if (!eap_hdr_len_valid(sm->eap_if.eapRespData, 1)) {
378		sm->ignore = TRUE;
379		return;
380	}
381
382	if (sm->m->check) {
383		sm->ignore = sm->m->check(sm, sm->eap_method_priv,
384					  sm->eap_if.eapRespData);
385	}
386}
387
388
389SM_STATE(EAP, METHOD_REQUEST)
390{
391	SM_ENTRY(EAP, METHOD_REQUEST);
392
393	if (sm->m == NULL) {
394		wpa_printf(MSG_DEBUG, "EAP: method not initialized");
395		return;
396	}
397
398	sm->currentId = eap_sm_nextId(sm, sm->currentId);
399	wpa_printf(MSG_DEBUG, "EAP: building EAP-Request: Identifier %d",
400		   sm->currentId);
401	sm->lastId = sm->currentId;
402	wpabuf_free(sm->eap_if.eapReqData);
403	sm->eap_if.eapReqData = sm->m->buildReq(sm, sm->eap_method_priv,
404						sm->currentId);
405	if (sm->m->getTimeout)
406		sm->methodTimeout = sm->m->getTimeout(sm, sm->eap_method_priv);
407	else
408		sm->methodTimeout = 0;
409}
410
411
412static void eap_server_erp_init(struct eap_sm *sm)
413{
414#ifdef CONFIG_ERP
415	u8 *emsk = NULL;
416	size_t emsk_len = 0;
417	u8 EMSKname[EAP_EMSK_NAME_LEN];
418	u8 len[2], ctx[3];
419	const char *domain;
420	size_t domain_len, nai_buf_len;
421	struct eap_server_erp_key *erp = NULL;
422	int pos;
423
424	domain = eap_get_erp_domain(sm);
425	if (!domain)
426		return;
427
428	domain_len = os_strlen(domain);
429
430	nai_buf_len = 2 * EAP_EMSK_NAME_LEN + 1 + domain_len;
431	if (nai_buf_len > 253) {
432		/*
433		 * keyName-NAI has a maximum length of 253 octet to fit in
434		 * RADIUS attributes.
435		 */
436		wpa_printf(MSG_DEBUG,
437			   "EAP: Too long realm for ERP keyName-NAI maximum length");
438		return;
439	}
440	nai_buf_len++; /* null termination */
441	erp = os_zalloc(sizeof(*erp) + nai_buf_len);
442	if (erp == NULL)
443		goto fail;
444	erp->recv_seq = (u32) -1;
445
446	emsk = sm->m->get_emsk(sm, sm->eap_method_priv, &emsk_len);
447	if (!emsk || emsk_len == 0 || emsk_len > ERP_MAX_KEY_LEN) {
448		wpa_printf(MSG_DEBUG,
449			   "EAP: No suitable EMSK available for ERP");
450		goto fail;
451	}
452
453	wpa_hexdump_key(MSG_DEBUG, "EAP: EMSK", emsk, emsk_len);
454
455	WPA_PUT_BE16(len, EAP_EMSK_NAME_LEN);
456	if (hmac_sha256_kdf(sm->eap_if.eapSessionId, sm->eap_if.eapSessionIdLen,
457			    "EMSK", len, sizeof(len),
458			    EMSKname, EAP_EMSK_NAME_LEN) < 0) {
459		wpa_printf(MSG_DEBUG, "EAP: Could not derive EMSKname");
460		goto fail;
461	}
462	wpa_hexdump(MSG_DEBUG, "EAP: EMSKname", EMSKname, EAP_EMSK_NAME_LEN);
463
464	pos = wpa_snprintf_hex(erp->keyname_nai, nai_buf_len,
465			       EMSKname, EAP_EMSK_NAME_LEN);
466	erp->keyname_nai[pos] = '@';
467	os_memcpy(&erp->keyname_nai[pos + 1], domain, domain_len);
468
469	WPA_PUT_BE16(len, emsk_len);
470	if (hmac_sha256_kdf(emsk, emsk_len,
471			    "EAP Re-authentication Root Key@ietf.org",
472			    len, sizeof(len), erp->rRK, emsk_len) < 0) {
473		wpa_printf(MSG_DEBUG, "EAP: Could not derive rRK for ERP");
474		goto fail;
475	}
476	erp->rRK_len = emsk_len;
477	wpa_hexdump_key(MSG_DEBUG, "EAP: ERP rRK", erp->rRK, erp->rRK_len);
478
479	ctx[0] = EAP_ERP_CS_HMAC_SHA256_128;
480	WPA_PUT_BE16(&ctx[1], erp->rRK_len);
481	if (hmac_sha256_kdf(erp->rRK, erp->rRK_len,
482			    "Re-authentication Integrity Key@ietf.org",
483			    ctx, sizeof(ctx), erp->rIK, erp->rRK_len) < 0) {
484		wpa_printf(MSG_DEBUG, "EAP: Could not derive rIK for ERP");
485		goto fail;
486	}
487	erp->rIK_len = erp->rRK_len;
488	wpa_hexdump_key(MSG_DEBUG, "EAP: ERP rIK", erp->rIK, erp->rIK_len);
489
490	if (eap_erp_add_key(sm, erp) == 0) {
491		wpa_printf(MSG_DEBUG, "EAP: Stored ERP keys %s",
492			   erp->keyname_nai);
493		erp = NULL;
494	}
495
496fail:
497	bin_clear_free(emsk, emsk_len);
498	bin_clear_free(erp, sizeof(*erp));
499#endif /* CONFIG_ERP */
500}
501
502
503SM_STATE(EAP, METHOD_RESPONSE)
504{
505	SM_ENTRY(EAP, METHOD_RESPONSE);
506
507	if (!eap_hdr_len_valid(sm->eap_if.eapRespData, 1))
508		return;
509
510	sm->m->process(sm, sm->eap_method_priv, sm->eap_if.eapRespData);
511	if (sm->m->isDone(sm, sm->eap_method_priv)) {
512		eap_sm_Policy_update(sm, NULL, 0);
513		bin_clear_free(sm->eap_if.eapKeyData, sm->eap_if.eapKeyDataLen);
514		if (sm->m->getKey) {
515			sm->eap_if.eapKeyData = sm->m->getKey(
516				sm, sm->eap_method_priv,
517				&sm->eap_if.eapKeyDataLen);
518		} else {
519			sm->eap_if.eapKeyData = NULL;
520			sm->eap_if.eapKeyDataLen = 0;
521		}
522		os_free(sm->eap_if.eapSessionId);
523		sm->eap_if.eapSessionId = NULL;
524		if (sm->m->getSessionId) {
525			sm->eap_if.eapSessionId = sm->m->getSessionId(
526				sm, sm->eap_method_priv,
527				&sm->eap_if.eapSessionIdLen);
528			wpa_hexdump(MSG_DEBUG, "EAP: Session-Id",
529				    sm->eap_if.eapSessionId,
530				    sm->eap_if.eapSessionIdLen);
531		}
532		if (sm->erp && sm->m->get_emsk && sm->eap_if.eapSessionId)
533			eap_server_erp_init(sm);
534		sm->methodState = METHOD_END;
535	} else {
536		sm->methodState = METHOD_CONTINUE;
537	}
538}
539
540
541SM_STATE(EAP, PROPOSE_METHOD)
542{
543	int vendor;
544	EapType type;
545
546	SM_ENTRY(EAP, PROPOSE_METHOD);
547
548	sm->try_initiate_reauth = FALSE;
549try_another_method:
550	type = eap_sm_Policy_getNextMethod(sm, &vendor);
551	if (vendor == EAP_VENDOR_IETF)
552		sm->currentMethod = type;
553	else
554		sm->currentMethod = EAP_TYPE_EXPANDED;
555	if (sm->m && sm->eap_method_priv) {
556		sm->m->reset(sm, sm->eap_method_priv);
557		sm->eap_method_priv = NULL;
558	}
559	sm->m = eap_server_get_eap_method(vendor, type);
560	if (sm->m) {
561		sm->eap_method_priv = sm->m->init(sm);
562		if (sm->eap_method_priv == NULL) {
563			wpa_printf(MSG_DEBUG, "EAP: Failed to initialize EAP "
564				   "method %d", sm->currentMethod);
565			sm->m = NULL;
566			sm->currentMethod = EAP_TYPE_NONE;
567			goto try_another_method;
568		}
569	}
570	if (sm->m == NULL) {
571		wpa_printf(MSG_DEBUG, "EAP: Could not find suitable EAP method");
572		eap_log_msg(sm, "Could not find suitable EAP method");
573		sm->decision = DECISION_FAILURE;
574		return;
575	}
576	if (sm->currentMethod == EAP_TYPE_IDENTITY ||
577	    sm->currentMethod == EAP_TYPE_NOTIFICATION)
578		sm->methodState = METHOD_CONTINUE;
579	else
580		sm->methodState = METHOD_PROPOSED;
581
582	wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_PROPOSED_METHOD
583		"vendor=%u method=%u", vendor, sm->currentMethod);
584	eap_log_msg(sm, "Propose EAP method vendor=%u method=%u",
585		    vendor, sm->currentMethod);
586}
587
588
589SM_STATE(EAP, NAK)
590{
591	const struct eap_hdr *nak;
592	size_t len = 0;
593	const u8 *pos;
594	const u8 *nak_list = NULL;
595
596	SM_ENTRY(EAP, NAK);
597
598	if (sm->eap_method_priv) {
599		sm->m->reset(sm, sm->eap_method_priv);
600		sm->eap_method_priv = NULL;
601	}
602	sm->m = NULL;
603
604	if (!eap_hdr_len_valid(sm->eap_if.eapRespData, 1))
605		return;
606
607	nak = wpabuf_head(sm->eap_if.eapRespData);
608	if (nak && wpabuf_len(sm->eap_if.eapRespData) > sizeof(*nak)) {
609		len = be_to_host16(nak->length);
610		if (len > wpabuf_len(sm->eap_if.eapRespData))
611			len = wpabuf_len(sm->eap_if.eapRespData);
612		pos = (const u8 *) (nak + 1);
613		len -= sizeof(*nak);
614		if (*pos == EAP_TYPE_NAK) {
615			pos++;
616			len--;
617			nak_list = pos;
618		}
619	}
620	eap_sm_Policy_update(sm, nak_list, len);
621}
622
623
624SM_STATE(EAP, SELECT_ACTION)
625{
626	SM_ENTRY(EAP, SELECT_ACTION);
627
628	sm->decision = eap_sm_Policy_getDecision(sm);
629}
630
631
632SM_STATE(EAP, TIMEOUT_FAILURE)
633{
634	SM_ENTRY(EAP, TIMEOUT_FAILURE);
635
636	sm->eap_if.eapTimeout = TRUE;
637}
638
639
640SM_STATE(EAP, FAILURE)
641{
642	SM_ENTRY(EAP, FAILURE);
643
644	wpabuf_free(sm->eap_if.eapReqData);
645	sm->eap_if.eapReqData = eap_sm_buildFailure(sm, sm->currentId);
646	wpabuf_free(sm->lastReqData);
647	sm->lastReqData = NULL;
648	sm->eap_if.eapFail = TRUE;
649
650	wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_FAILURE
651		MACSTR, MAC2STR(sm->peer_addr));
652}
653
654
655SM_STATE(EAP, SUCCESS)
656{
657	SM_ENTRY(EAP, SUCCESS);
658
659	wpabuf_free(sm->eap_if.eapReqData);
660	sm->eap_if.eapReqData = eap_sm_buildSuccess(sm, sm->currentId);
661	wpabuf_free(sm->lastReqData);
662	sm->lastReqData = NULL;
663	if (sm->eap_if.eapKeyData)
664		sm->eap_if.eapKeyAvailable = TRUE;
665	sm->eap_if.eapSuccess = TRUE;
666
667	wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_SUCCESS
668		MACSTR, MAC2STR(sm->peer_addr));
669}
670
671
672SM_STATE(EAP, INITIATE_REAUTH_START)
673{
674	SM_ENTRY(EAP, INITIATE_REAUTH_START);
675
676	sm->initiate_reauth_start_sent = TRUE;
677	sm->try_initiate_reauth = TRUE;
678	sm->currentId = eap_sm_nextId(sm, sm->currentId);
679	wpa_printf(MSG_DEBUG,
680		   "EAP: building EAP-Initiate-Re-auth-Start: Identifier %d",
681		   sm->currentId);
682	sm->lastId = sm->currentId;
683	wpabuf_free(sm->eap_if.eapReqData);
684	sm->eap_if.eapReqData = eap_sm_buildInitiateReauthStart(sm,
685								sm->currentId);
686	wpabuf_free(sm->lastReqData);
687	sm->lastReqData = NULL;
688}
689
690
691#ifdef CONFIG_ERP
692
693static void erp_send_finish_reauth(struct eap_sm *sm,
694				   struct eap_server_erp_key *erp, u8 id,
695				   u8 flags, u16 seq, const char *nai)
696{
697	size_t plen;
698	struct wpabuf *msg;
699	u8 hash[SHA256_MAC_LEN];
700	size_t hash_len;
701	u8 seed[4];
702
703	if (erp) {
704		switch (erp->cryptosuite) {
705		case EAP_ERP_CS_HMAC_SHA256_256:
706			hash_len = 32;
707			break;
708		case EAP_ERP_CS_HMAC_SHA256_128:
709			hash_len = 16;
710			break;
711		default:
712			return;
713		}
714	} else
715		hash_len = 0;
716
717	plen = 1 + 2 + 2 + os_strlen(nai);
718	if (hash_len)
719		plen += 1 + hash_len;
720	msg = eap_msg_alloc(EAP_VENDOR_IETF, (EapType) EAP_ERP_TYPE_REAUTH,
721			    plen, EAP_CODE_FINISH, id);
722	if (msg == NULL)
723		return;
724	wpabuf_put_u8(msg, flags);
725	wpabuf_put_be16(msg, seq);
726
727	wpabuf_put_u8(msg, EAP_ERP_TLV_KEYNAME_NAI);
728	wpabuf_put_u8(msg, os_strlen(nai));
729	wpabuf_put_str(msg, nai);
730
731	if (erp) {
732		wpabuf_put_u8(msg, erp->cryptosuite);
733		if (hmac_sha256(erp->rIK, erp->rIK_len,
734				wpabuf_head(msg), wpabuf_len(msg), hash) < 0) {
735			wpabuf_free(msg);
736			return;
737		}
738		wpabuf_put_data(msg, hash, hash_len);
739	}
740
741	wpa_printf(MSG_DEBUG, "EAP: Send EAP-Finish/Re-auth (%s)",
742		   flags & 0x80 ? "failure" : "success");
743
744	sm->lastId = sm->currentId;
745	sm->currentId = id;
746	wpabuf_free(sm->eap_if.eapReqData);
747	sm->eap_if.eapReqData = msg;
748	wpabuf_free(sm->lastReqData);
749	sm->lastReqData = NULL;
750
751	if ((flags & 0x80) || !erp) {
752		sm->eap_if.eapFail = TRUE;
753		wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_FAILURE
754			MACSTR, MAC2STR(sm->peer_addr));
755		return;
756	}
757
758	bin_clear_free(sm->eap_if.eapKeyData, sm->eap_if.eapKeyDataLen);
759	sm->eap_if.eapKeyDataLen = 0;
760	sm->eap_if.eapKeyData = os_malloc(erp->rRK_len);
761	if (!sm->eap_if.eapKeyData)
762		return;
763
764	WPA_PUT_BE16(seed, seq);
765	WPA_PUT_BE16(&seed[2], erp->rRK_len);
766	if (hmac_sha256_kdf(erp->rRK, erp->rRK_len,
767			    "Re-authentication Master Session Key@ietf.org",
768			    seed, sizeof(seed),
769			    sm->eap_if.eapKeyData, erp->rRK_len) < 0) {
770		wpa_printf(MSG_DEBUG, "EAP: Could not derive rMSK for ERP");
771		bin_clear_free(sm->eap_if.eapKeyData, erp->rRK_len);
772		sm->eap_if.eapKeyData = NULL;
773		return;
774	}
775	sm->eap_if.eapKeyDataLen = erp->rRK_len;
776	sm->eap_if.eapKeyAvailable = TRUE;
777	wpa_hexdump_key(MSG_DEBUG, "EAP: ERP rMSK",
778			sm->eap_if.eapKeyData, sm->eap_if.eapKeyDataLen);
779	sm->eap_if.eapSuccess = TRUE;
780
781	wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_SUCCESS
782		MACSTR, MAC2STR(sm->peer_addr));
783}
784
785
786SM_STATE(EAP, INITIATE_RECEIVED)
787{
788	const u8 *pos, *end, *start, *tlvs, *hdr;
789	const struct eap_hdr *ehdr;
790	size_t len;
791	u8 flags;
792	u16 seq;
793	char nai[254];
794	struct eap_server_erp_key *erp;
795	int max_len;
796	u8 hash[SHA256_MAC_LEN];
797	size_t hash_len;
798	struct erp_tlvs parse;
799	u8 resp_flags = 0x80; /* default to failure; cleared on success */
800
801	SM_ENTRY(EAP, INITIATE_RECEIVED);
802
803	sm->rxInitiate = FALSE;
804
805	pos = eap_hdr_validate(EAP_VENDOR_IETF, (EapType) EAP_ERP_TYPE_REAUTH,
806			       sm->eap_if.eapRespData, &len);
807	if (pos == NULL) {
808		wpa_printf(MSG_INFO, "EAP-Initiate: Invalid frame");
809		goto fail;
810	}
811	hdr = wpabuf_head(sm->eap_if.eapRespData);
812	ehdr = wpabuf_head(sm->eap_if.eapRespData);
813
814	wpa_hexdump(MSG_DEBUG, "EAP: EAP-Initiate/Re-Auth", pos, len);
815	if (len < 4) {
816		wpa_printf(MSG_INFO, "EAP: Too short EAP-Initiate/Re-auth");
817		goto fail;
818	}
819	end = pos + len;
820
821	flags = *pos++;
822	seq = WPA_GET_BE16(pos);
823	pos += 2;
824	wpa_printf(MSG_DEBUG, "EAP: Flags=0x%x SEQ=%u", flags, seq);
825	tlvs = pos;
826
827	/*
828	 * Parse TVs/TLVs. Since we do not yet know the length of the
829	 * Authentication Tag, stop parsing if an unknown TV/TLV is seen and
830	 * just try to find the keyName-NAI first so that we can check the
831	 * Authentication Tag.
832	 */
833	if (erp_parse_tlvs(tlvs, end, &parse, 1) < 0)
834		goto fail;
835
836	if (!parse.keyname) {
837		wpa_printf(MSG_DEBUG,
838			   "EAP: No keyName-NAI in EAP-Initiate/Re-auth Packet");
839		goto fail;
840	}
841
842	wpa_hexdump_ascii(MSG_DEBUG, "EAP: EAP-Initiate/Re-auth - keyName-NAI",
843			  parse.keyname, parse.keyname_len);
844	if (parse.keyname_len > 253) {
845		wpa_printf(MSG_DEBUG,
846			   "EAP: Too long keyName-NAI in EAP-Initiate/Re-auth");
847		goto fail;
848	}
849	os_memcpy(nai, parse.keyname, parse.keyname_len);
850	nai[parse.keyname_len] = '\0';
851
852	if (!sm->eap_server) {
853		/*
854		 * In passthrough case, EAP-Initiate/Re-auth replaces
855		 * EAP Identity exchange. Use keyName-NAI as the user identity
856		 * and forward EAP-Initiate/Re-auth to the backend
857		 * authentication server.
858		 */
859		wpa_printf(MSG_DEBUG,
860			   "EAP: Use keyName-NAI as user identity for backend authentication");
861		eap_server_clear_identity(sm);
862		sm->identity = (u8 *) dup_binstr(parse.keyname,
863						 parse.keyname_len);
864		if (!sm->identity)
865			goto fail;
866		sm->identity_len = parse.keyname_len;
867		return;
868	}
869
870	erp = eap_erp_get_key(sm, nai);
871	if (!erp) {
872		wpa_printf(MSG_DEBUG, "EAP: No matching ERP key found for %s",
873			   nai);
874		goto report_error;
875	}
876
877	if (erp->recv_seq != (u32) -1 && erp->recv_seq >= seq) {
878		wpa_printf(MSG_DEBUG,
879			   "EAP: SEQ=%u replayed (already received SEQ=%u)",
880			   seq, erp->recv_seq);
881		goto fail;
882	}
883
884	/* Is there enough room for Cryptosuite and Authentication Tag? */
885	start = parse.keyname + parse.keyname_len;
886	max_len = end - start;
887	if (max_len <
888	    1 + (erp->cryptosuite == EAP_ERP_CS_HMAC_SHA256_256 ? 32 : 16)) {
889		wpa_printf(MSG_DEBUG,
890			   "EAP: Not enough room for Authentication Tag");
891		goto fail;
892	}
893
894	switch (erp->cryptosuite) {
895	case EAP_ERP_CS_HMAC_SHA256_256:
896		if (end[-33] != erp->cryptosuite) {
897			wpa_printf(MSG_DEBUG,
898				   "EAP: Different Cryptosuite used");
899			goto fail;
900		}
901		hash_len = 32;
902		break;
903	case EAP_ERP_CS_HMAC_SHA256_128:
904		if (end[-17] != erp->cryptosuite) {
905			wpa_printf(MSG_DEBUG,
906				   "EAP: Different Cryptosuite used");
907			goto fail;
908		}
909		hash_len = 16;
910		break;
911	default:
912		hash_len = 0;
913		break;
914	}
915
916	if (hash_len) {
917		if (hmac_sha256(erp->rIK, erp->rIK_len, hdr,
918				end - hdr - hash_len, hash) < 0)
919			goto fail;
920		if (os_memcmp(end - hash_len, hash, hash_len) != 0) {
921			wpa_printf(MSG_DEBUG,
922				   "EAP: Authentication Tag mismatch");
923			goto fail;
924		}
925	}
926
927	/* Check if any supported CS results in matching tag */
928	if (!hash_len && max_len >= 1 + 32 &&
929	    end[-33] == EAP_ERP_CS_HMAC_SHA256_256) {
930		if (hmac_sha256(erp->rIK, erp->rIK_len, hdr,
931				end - hdr - 32, hash) < 0)
932			goto fail;
933		if (os_memcmp(end - 32, hash, 32) == 0) {
934			wpa_printf(MSG_DEBUG,
935				   "EAP: Authentication Tag match using HMAC-SHA256-256");
936			hash_len = 32;
937			erp->cryptosuite = EAP_ERP_CS_HMAC_SHA256_256;
938		}
939	}
940
941	if (!hash_len && end[-17] == EAP_ERP_CS_HMAC_SHA256_128) {
942		if (hmac_sha256(erp->rIK, erp->rIK_len, hdr,
943				end - hdr - 16, hash) < 0)
944			goto fail;
945		if (os_memcmp(end - 16, hash, 16) == 0) {
946			wpa_printf(MSG_DEBUG,
947				   "EAP: Authentication Tag match using HMAC-SHA256-128");
948			hash_len = 16;
949			erp->cryptosuite = EAP_ERP_CS_HMAC_SHA256_128;
950		}
951	}
952
953	if (!hash_len) {
954		wpa_printf(MSG_DEBUG,
955			   "EAP: No supported cryptosuite matched Authentication Tag");
956		goto fail;
957	}
958	end -= 1 + hash_len;
959
960	/*
961	 * Parse TVs/TLVs again now that we know the exact part of the buffer
962	 * that contains them.
963	 */
964	wpa_hexdump(MSG_DEBUG, "EAP: EAP-Initiate/Re-Auth TVs/TLVs",
965		    tlvs, end - tlvs);
966	if (erp_parse_tlvs(tlvs, end, &parse, 0) < 0)
967		goto fail;
968
969	wpa_printf(MSG_DEBUG, "EAP: ERP key %s SEQ updated to %u",
970		   erp->keyname_nai, seq);
971	erp->recv_seq = seq;
972	resp_flags &= ~0x80; /* R=0 - success */
973
974report_error:
975	erp_send_finish_reauth(sm, erp, ehdr->identifier, resp_flags, seq, nai);
976	return;
977
978fail:
979	sm->ignore = TRUE;
980}
981
982#endif /* CONFIG_ERP */
983
984
985SM_STATE(EAP, INITIALIZE_PASSTHROUGH)
986{
987	SM_ENTRY(EAP, INITIALIZE_PASSTHROUGH);
988
989	wpabuf_free(sm->eap_if.aaaEapRespData);
990	sm->eap_if.aaaEapRespData = NULL;
991	sm->try_initiate_reauth = FALSE;
992}
993
994
995SM_STATE(EAP, IDLE2)
996{
997	SM_ENTRY(EAP, IDLE2);
998
999	sm->eap_if.retransWhile = eap_sm_calculateTimeout(
1000		sm, sm->retransCount, sm->eap_if.eapSRTT, sm->eap_if.eapRTTVAR,
1001		sm->methodTimeout);
1002}
1003
1004
1005SM_STATE(EAP, RETRANSMIT2)
1006{
1007	SM_ENTRY(EAP, RETRANSMIT2);
1008
1009	sm->retransCount++;
1010	if (sm->retransCount <= sm->MaxRetrans && sm->lastReqData) {
1011		if (eap_copy_buf(&sm->eap_if.eapReqData, sm->lastReqData) == 0)
1012			sm->eap_if.eapReq = TRUE;
1013	}
1014}
1015
1016
1017SM_STATE(EAP, RECEIVED2)
1018{
1019	SM_ENTRY(EAP, RECEIVED2);
1020
1021	/* parse rxResp, respId, respMethod */
1022	eap_sm_parseEapResp(sm, sm->eap_if.eapRespData);
1023}
1024
1025
1026SM_STATE(EAP, DISCARD2)
1027{
1028	SM_ENTRY(EAP, DISCARD2);
1029	sm->eap_if.eapResp = FALSE;
1030	sm->eap_if.eapNoReq = TRUE;
1031}
1032
1033
1034SM_STATE(EAP, SEND_REQUEST2)
1035{
1036	SM_ENTRY(EAP, SEND_REQUEST2);
1037
1038	sm->retransCount = 0;
1039	if (sm->eap_if.eapReqData) {
1040		if (eap_copy_buf(&sm->lastReqData, sm->eap_if.eapReqData) == 0)
1041		{
1042			sm->eap_if.eapResp = FALSE;
1043			sm->eap_if.eapReq = TRUE;
1044		} else {
1045			sm->eap_if.eapResp = FALSE;
1046			sm->eap_if.eapReq = FALSE;
1047		}
1048	} else {
1049		wpa_printf(MSG_INFO, "EAP: SEND_REQUEST2 - no eapReqData");
1050		sm->eap_if.eapResp = FALSE;
1051		sm->eap_if.eapReq = FALSE;
1052		sm->eap_if.eapNoReq = TRUE;
1053	}
1054}
1055
1056
1057SM_STATE(EAP, AAA_REQUEST)
1058{
1059	SM_ENTRY(EAP, AAA_REQUEST);
1060
1061	if (sm->eap_if.eapRespData == NULL) {
1062		wpa_printf(MSG_INFO, "EAP: AAA_REQUEST - no eapRespData");
1063		return;
1064	}
1065
1066	/*
1067	 * if (respMethod == IDENTITY)
1068	 *	aaaIdentity = eapRespData
1069	 * This is already taken care of by the EAP-Identity method which
1070	 * stores the identity into sm->identity.
1071	 */
1072
1073	eap_copy_buf(&sm->eap_if.aaaEapRespData, sm->eap_if.eapRespData);
1074}
1075
1076
1077SM_STATE(EAP, AAA_RESPONSE)
1078{
1079	SM_ENTRY(EAP, AAA_RESPONSE);
1080
1081	eap_copy_buf(&sm->eap_if.eapReqData, sm->eap_if.aaaEapReqData);
1082	sm->currentId = eap_sm_getId(sm->eap_if.eapReqData);
1083	sm->methodTimeout = sm->eap_if.aaaMethodTimeout;
1084}
1085
1086
1087SM_STATE(EAP, AAA_IDLE)
1088{
1089	SM_ENTRY(EAP, AAA_IDLE);
1090
1091	sm->eap_if.aaaFail = FALSE;
1092	sm->eap_if.aaaSuccess = FALSE;
1093	sm->eap_if.aaaEapReq = FALSE;
1094	sm->eap_if.aaaEapNoReq = FALSE;
1095	sm->eap_if.aaaEapResp = TRUE;
1096}
1097
1098
1099SM_STATE(EAP, TIMEOUT_FAILURE2)
1100{
1101	SM_ENTRY(EAP, TIMEOUT_FAILURE2);
1102
1103	sm->eap_if.eapTimeout = TRUE;
1104}
1105
1106
1107SM_STATE(EAP, FAILURE2)
1108{
1109	SM_ENTRY(EAP, FAILURE2);
1110
1111	eap_copy_buf(&sm->eap_if.eapReqData, sm->eap_if.aaaEapReqData);
1112	sm->eap_if.eapFail = TRUE;
1113}
1114
1115
1116SM_STATE(EAP, SUCCESS2)
1117{
1118	SM_ENTRY(EAP, SUCCESS2);
1119
1120	eap_copy_buf(&sm->eap_if.eapReqData, sm->eap_if.aaaEapReqData);
1121
1122	sm->eap_if.eapKeyAvailable = sm->eap_if.aaaEapKeyAvailable;
1123	if (sm->eap_if.aaaEapKeyAvailable) {
1124		EAP_COPY(&sm->eap_if.eapKeyData, sm->eap_if.aaaEapKeyData);
1125	} else {
1126		bin_clear_free(sm->eap_if.eapKeyData, sm->eap_if.eapKeyDataLen);
1127		sm->eap_if.eapKeyData = NULL;
1128		sm->eap_if.eapKeyDataLen = 0;
1129	}
1130
1131	sm->eap_if.eapSuccess = TRUE;
1132
1133	/*
1134	 * Start reauthentication with identity request even though we know the
1135	 * previously used identity. This is needed to get reauthentication
1136	 * started properly.
1137	 */
1138	sm->start_reauth = TRUE;
1139}
1140
1141
1142SM_STEP(EAP)
1143{
1144	if (sm->eap_if.eapRestart && sm->eap_if.portEnabled)
1145		SM_ENTER_GLOBAL(EAP, INITIALIZE);
1146	else if (!sm->eap_if.portEnabled)
1147		SM_ENTER_GLOBAL(EAP, DISABLED);
1148	else if (sm->num_rounds > EAP_MAX_AUTH_ROUNDS) {
1149		if (sm->num_rounds == EAP_MAX_AUTH_ROUNDS + 1) {
1150			wpa_printf(MSG_DEBUG, "EAP: more than %d "
1151				   "authentication rounds - abort",
1152				   EAP_MAX_AUTH_ROUNDS);
1153			sm->num_rounds++;
1154			SM_ENTER_GLOBAL(EAP, FAILURE);
1155		}
1156	} else switch (sm->EAP_state) {
1157	case EAP_INITIALIZE:
1158		if (sm->backend_auth) {
1159			if (!sm->rxResp)
1160				SM_ENTER(EAP, SELECT_ACTION);
1161			else if (sm->rxResp &&
1162				 (sm->respMethod == EAP_TYPE_NAK ||
1163				  (sm->respMethod == EAP_TYPE_EXPANDED &&
1164				   sm->respVendor == EAP_VENDOR_IETF &&
1165				   sm->respVendorMethod == EAP_TYPE_NAK)))
1166				SM_ENTER(EAP, NAK);
1167			else
1168				SM_ENTER(EAP, PICK_UP_METHOD);
1169		} else {
1170			SM_ENTER(EAP, SELECT_ACTION);
1171		}
1172		break;
1173	case EAP_PICK_UP_METHOD:
1174		if (sm->currentMethod == EAP_TYPE_NONE) {
1175			SM_ENTER(EAP, SELECT_ACTION);
1176		} else {
1177			SM_ENTER(EAP, METHOD_RESPONSE);
1178		}
1179		break;
1180	case EAP_DISABLED:
1181		if (sm->eap_if.portEnabled)
1182			SM_ENTER(EAP, INITIALIZE);
1183		break;
1184	case EAP_IDLE:
1185		if (sm->eap_if.retransWhile == 0) {
1186			if (sm->try_initiate_reauth) {
1187				sm->try_initiate_reauth = FALSE;
1188				SM_ENTER(EAP, SELECT_ACTION);
1189			} else {
1190				SM_ENTER(EAP, RETRANSMIT);
1191			}
1192		} else if (sm->eap_if.eapResp)
1193			SM_ENTER(EAP, RECEIVED);
1194		break;
1195	case EAP_RETRANSMIT:
1196		if (sm->retransCount > sm->MaxRetrans)
1197			SM_ENTER(EAP, TIMEOUT_FAILURE);
1198		else
1199			SM_ENTER(EAP, IDLE);
1200		break;
1201	case EAP_RECEIVED:
1202		if (sm->rxResp && (sm->respId == sm->currentId) &&
1203		    (sm->respMethod == EAP_TYPE_NAK ||
1204		     (sm->respMethod == EAP_TYPE_EXPANDED &&
1205		      sm->respVendor == EAP_VENDOR_IETF &&
1206		      sm->respVendorMethod == EAP_TYPE_NAK))
1207		    && (sm->methodState == METHOD_PROPOSED))
1208			SM_ENTER(EAP, NAK);
1209		else if (sm->rxResp && (sm->respId == sm->currentId) &&
1210			 ((sm->respMethod == sm->currentMethod) ||
1211			  (sm->respMethod == EAP_TYPE_EXPANDED &&
1212			   sm->respVendor == EAP_VENDOR_IETF &&
1213			   sm->respVendorMethod == sm->currentMethod)))
1214			SM_ENTER(EAP, INTEGRITY_CHECK);
1215#ifdef CONFIG_ERP
1216		else if (sm->rxInitiate)
1217			SM_ENTER(EAP, INITIATE_RECEIVED);
1218#endif /* CONFIG_ERP */
1219		else {
1220			wpa_printf(MSG_DEBUG, "EAP: RECEIVED->DISCARD: "
1221				   "rxResp=%d respId=%d currentId=%d "
1222				   "respMethod=%d currentMethod=%d",
1223				   sm->rxResp, sm->respId, sm->currentId,
1224				   sm->respMethod, sm->currentMethod);
1225			eap_log_msg(sm, "Discard received EAP message");
1226			SM_ENTER(EAP, DISCARD);
1227		}
1228		break;
1229	case EAP_DISCARD:
1230		SM_ENTER(EAP, IDLE);
1231		break;
1232	case EAP_SEND_REQUEST:
1233		SM_ENTER(EAP, IDLE);
1234		break;
1235	case EAP_INTEGRITY_CHECK:
1236		if (sm->ignore)
1237			SM_ENTER(EAP, DISCARD);
1238		else
1239			SM_ENTER(EAP, METHOD_RESPONSE);
1240		break;
1241	case EAP_METHOD_REQUEST:
1242		if (sm->m == NULL) {
1243			/*
1244			 * This transition is not mentioned in RFC 4137, but it
1245			 * is needed to handle cleanly a case where EAP method
1246			 * initialization fails.
1247			 */
1248			SM_ENTER(EAP, FAILURE);
1249			break;
1250		}
1251		SM_ENTER(EAP, SEND_REQUEST);
1252		if (sm->eap_if.eapNoReq && !sm->eap_if.eapReq) {
1253			/*
1254			 * This transition is not mentioned in RFC 4137, but it
1255			 * is needed to handle cleanly a case where EAP method
1256			 * buildReq fails.
1257			 */
1258			wpa_printf(MSG_DEBUG,
1259				   "EAP: Method did not return a request");
1260			SM_ENTER(EAP, FAILURE);
1261			break;
1262		}
1263		break;
1264	case EAP_METHOD_RESPONSE:
1265		/*
1266		 * Note: Mechanism to allow EAP methods to wait while going
1267		 * through pending processing is an extension to RFC 4137
1268		 * which only defines the transits to SELECT_ACTION and
1269		 * METHOD_REQUEST from this METHOD_RESPONSE state.
1270		 */
1271		if (sm->methodState == METHOD_END)
1272			SM_ENTER(EAP, SELECT_ACTION);
1273		else if (sm->method_pending == METHOD_PENDING_WAIT) {
1274			wpa_printf(MSG_DEBUG, "EAP: Method has pending "
1275				   "processing - wait before proceeding to "
1276				   "METHOD_REQUEST state");
1277		} else if (sm->method_pending == METHOD_PENDING_CONT) {
1278			wpa_printf(MSG_DEBUG, "EAP: Method has completed "
1279				   "pending processing - reprocess pending "
1280				   "EAP message");
1281			sm->method_pending = METHOD_PENDING_NONE;
1282			SM_ENTER(EAP, METHOD_RESPONSE);
1283		} else
1284			SM_ENTER(EAP, METHOD_REQUEST);
1285		break;
1286	case EAP_PROPOSE_METHOD:
1287		/*
1288		 * Note: Mechanism to allow EAP methods to wait while going
1289		 * through pending processing is an extension to RFC 4137
1290		 * which only defines the transit to METHOD_REQUEST from this
1291		 * PROPOSE_METHOD state.
1292		 */
1293		if (sm->method_pending == METHOD_PENDING_WAIT) {
1294			wpa_printf(MSG_DEBUG, "EAP: Method has pending "
1295				   "processing - wait before proceeding to "
1296				   "METHOD_REQUEST state");
1297			if (sm->user_eap_method_index > 0)
1298				sm->user_eap_method_index--;
1299		} else if (sm->method_pending == METHOD_PENDING_CONT) {
1300			wpa_printf(MSG_DEBUG, "EAP: Method has completed "
1301				   "pending processing - reprocess pending "
1302				   "EAP message");
1303			sm->method_pending = METHOD_PENDING_NONE;
1304			SM_ENTER(EAP, PROPOSE_METHOD);
1305		} else
1306			SM_ENTER(EAP, METHOD_REQUEST);
1307		break;
1308	case EAP_NAK:
1309		SM_ENTER(EAP, SELECT_ACTION);
1310		break;
1311	case EAP_SELECT_ACTION:
1312		if (sm->decision == DECISION_FAILURE)
1313			SM_ENTER(EAP, FAILURE);
1314		else if (sm->decision == DECISION_SUCCESS)
1315			SM_ENTER(EAP, SUCCESS);
1316		else if (sm->decision == DECISION_PASSTHROUGH)
1317			SM_ENTER(EAP, INITIALIZE_PASSTHROUGH);
1318		else if (sm->decision == DECISION_INITIATE_REAUTH_START)
1319			SM_ENTER(EAP, INITIATE_REAUTH_START);
1320#ifdef CONFIG_ERP
1321		else if (sm->eap_server && sm->erp && sm->rxInitiate)
1322			SM_ENTER(EAP, INITIATE_RECEIVED);
1323#endif /* CONFIG_ERP */
1324		else
1325			SM_ENTER(EAP, PROPOSE_METHOD);
1326		break;
1327	case EAP_INITIATE_REAUTH_START:
1328		SM_ENTER(EAP, SEND_REQUEST);
1329		break;
1330	case EAP_INITIATE_RECEIVED:
1331		if (!sm->eap_server)
1332			SM_ENTER(EAP, SELECT_ACTION);
1333		break;
1334	case EAP_TIMEOUT_FAILURE:
1335		break;
1336	case EAP_FAILURE:
1337		break;
1338	case EAP_SUCCESS:
1339		break;
1340
1341	case EAP_INITIALIZE_PASSTHROUGH:
1342		if (sm->currentId == -1)
1343			SM_ENTER(EAP, AAA_IDLE);
1344		else
1345			SM_ENTER(EAP, AAA_REQUEST);
1346		break;
1347	case EAP_IDLE2:
1348		if (sm->eap_if.eapResp)
1349			SM_ENTER(EAP, RECEIVED2);
1350		else if (sm->eap_if.retransWhile == 0)
1351			SM_ENTER(EAP, RETRANSMIT2);
1352		break;
1353	case EAP_RETRANSMIT2:
1354		if (sm->retransCount > sm->MaxRetrans)
1355			SM_ENTER(EAP, TIMEOUT_FAILURE2);
1356		else
1357			SM_ENTER(EAP, IDLE2);
1358		break;
1359	case EAP_RECEIVED2:
1360		if (sm->rxResp && (sm->respId == sm->currentId))
1361			SM_ENTER(EAP, AAA_REQUEST);
1362		else
1363			SM_ENTER(EAP, DISCARD2);
1364		break;
1365	case EAP_DISCARD2:
1366		SM_ENTER(EAP, IDLE2);
1367		break;
1368	case EAP_SEND_REQUEST2:
1369		SM_ENTER(EAP, IDLE2);
1370		break;
1371	case EAP_AAA_REQUEST:
1372		SM_ENTER(EAP, AAA_IDLE);
1373		break;
1374	case EAP_AAA_RESPONSE:
1375		SM_ENTER(EAP, SEND_REQUEST2);
1376		break;
1377	case EAP_AAA_IDLE:
1378		if (sm->eap_if.aaaFail)
1379			SM_ENTER(EAP, FAILURE2);
1380		else if (sm->eap_if.aaaSuccess)
1381			SM_ENTER(EAP, SUCCESS2);
1382		else if (sm->eap_if.aaaEapReq)
1383			SM_ENTER(EAP, AAA_RESPONSE);
1384		else if (sm->eap_if.aaaTimeout)
1385			SM_ENTER(EAP, TIMEOUT_FAILURE2);
1386		break;
1387	case EAP_TIMEOUT_FAILURE2:
1388		break;
1389	case EAP_FAILURE2:
1390		break;
1391	case EAP_SUCCESS2:
1392		break;
1393	}
1394}
1395
1396
1397static int eap_sm_calculateTimeout(struct eap_sm *sm, int retransCount,
1398				   int eapSRTT, int eapRTTVAR,
1399				   int methodTimeout)
1400{
1401	int rto, i;
1402
1403	if (sm->try_initiate_reauth) {
1404		wpa_printf(MSG_DEBUG,
1405			   "EAP: retransmit timeout 1 second for EAP-Initiate-Re-auth-Start");
1406		return 1;
1407	}
1408
1409	if (methodTimeout) {
1410		/*
1411		 * EAP method (either internal or through AAA server, provided
1412		 * timeout hint. Use that as-is as a timeout for retransmitting
1413		 * the EAP request if no response is received.
1414		 */
1415		wpa_printf(MSG_DEBUG, "EAP: retransmit timeout %d seconds "
1416			   "(from EAP method hint)", methodTimeout);
1417		return methodTimeout;
1418	}
1419
1420	/*
1421	 * RFC 3748 recommends algorithms described in RFC 2988 for estimation
1422	 * of the retransmission timeout. This should be implemented once
1423	 * round-trip time measurements are available. For nowm a simple
1424	 * backoff mechanism is used instead if there are no EAP method
1425	 * specific hints.
1426	 *
1427	 * SRTT = smoothed round-trip time
1428	 * RTTVAR = round-trip time variation
1429	 * RTO = retransmission timeout
1430	 */
1431
1432	/*
1433	 * RFC 2988, 2.1: before RTT measurement, set RTO to 3 seconds for
1434	 * initial retransmission and then double the RTO to provide back off
1435	 * per 5.5. Limit the maximum RTO to 20 seconds per RFC 3748, 4.3
1436	 * modified RTOmax.
1437	 */
1438	rto = 3;
1439	for (i = 0; i < retransCount; i++) {
1440		rto *= 2;
1441		if (rto >= 20) {
1442			rto = 20;
1443			break;
1444		}
1445	}
1446
1447	wpa_printf(MSG_DEBUG, "EAP: retransmit timeout %d seconds "
1448		   "(from dynamic back off; retransCount=%d)",
1449		   rto, retransCount);
1450
1451	return rto;
1452}
1453
1454
1455static void eap_sm_parseEapResp(struct eap_sm *sm, const struct wpabuf *resp)
1456{
1457	const struct eap_hdr *hdr;
1458	size_t plen;
1459
1460	/* parse rxResp, respId, respMethod */
1461	sm->rxResp = FALSE;
1462	sm->rxInitiate = FALSE;
1463	sm->respId = -1;
1464	sm->respMethod = EAP_TYPE_NONE;
1465	sm->respVendor = EAP_VENDOR_IETF;
1466	sm->respVendorMethod = EAP_TYPE_NONE;
1467
1468	if (resp == NULL || wpabuf_len(resp) < sizeof(*hdr)) {
1469		wpa_printf(MSG_DEBUG, "EAP: parseEapResp: invalid resp=%p "
1470			   "len=%lu", resp,
1471			   resp ? (unsigned long) wpabuf_len(resp) : 0);
1472		return;
1473	}
1474
1475	hdr = wpabuf_head(resp);
1476	plen = be_to_host16(hdr->length);
1477	if (plen > wpabuf_len(resp)) {
1478		wpa_printf(MSG_DEBUG, "EAP: Ignored truncated EAP-Packet "
1479			   "(len=%lu plen=%lu)",
1480			   (unsigned long) wpabuf_len(resp),
1481			   (unsigned long) plen);
1482		return;
1483	}
1484
1485	sm->respId = hdr->identifier;
1486
1487	if (hdr->code == EAP_CODE_RESPONSE)
1488		sm->rxResp = TRUE;
1489	else if (hdr->code == EAP_CODE_INITIATE)
1490		sm->rxInitiate = TRUE;
1491
1492	if (plen > sizeof(*hdr)) {
1493		u8 *pos = (u8 *) (hdr + 1);
1494		sm->respMethod = *pos++;
1495		if (sm->respMethod == EAP_TYPE_EXPANDED) {
1496			if (plen < sizeof(*hdr) + 8) {
1497				wpa_printf(MSG_DEBUG, "EAP: Ignored truncated "
1498					   "expanded EAP-Packet (plen=%lu)",
1499					   (unsigned long) plen);
1500				return;
1501			}
1502			sm->respVendor = WPA_GET_BE24(pos);
1503			pos += 3;
1504			sm->respVendorMethod = WPA_GET_BE32(pos);
1505		}
1506	}
1507
1508	wpa_printf(MSG_DEBUG,
1509		   "EAP: parseEapResp: rxResp=%d rxInitiate=%d respId=%d respMethod=%u respVendor=%u respVendorMethod=%u",
1510		   sm->rxResp, sm->rxInitiate, sm->respId, sm->respMethod,
1511		   sm->respVendor, sm->respVendorMethod);
1512}
1513
1514
1515static int eap_sm_getId(const struct wpabuf *data)
1516{
1517	const struct eap_hdr *hdr;
1518
1519	if (data == NULL || wpabuf_len(data) < sizeof(*hdr))
1520		return -1;
1521
1522	hdr = wpabuf_head(data);
1523	wpa_printf(MSG_DEBUG, "EAP: getId: id=%d", hdr->identifier);
1524	return hdr->identifier;
1525}
1526
1527
1528static struct wpabuf * eap_sm_buildSuccess(struct eap_sm *sm, u8 id)
1529{
1530	struct wpabuf *msg;
1531	struct eap_hdr *resp;
1532	wpa_printf(MSG_DEBUG, "EAP: Building EAP-Success (id=%d)", id);
1533
1534	msg = wpabuf_alloc(sizeof(*resp));
1535	if (msg == NULL)
1536		return NULL;
1537	resp = wpabuf_put(msg, sizeof(*resp));
1538	resp->code = EAP_CODE_SUCCESS;
1539	resp->identifier = id;
1540	resp->length = host_to_be16(sizeof(*resp));
1541
1542	return msg;
1543}
1544
1545
1546static struct wpabuf * eap_sm_buildFailure(struct eap_sm *sm, u8 id)
1547{
1548	struct wpabuf *msg;
1549	struct eap_hdr *resp;
1550	wpa_printf(MSG_DEBUG, "EAP: Building EAP-Failure (id=%d)", id);
1551
1552	msg = wpabuf_alloc(sizeof(*resp));
1553	if (msg == NULL)
1554		return NULL;
1555	resp = wpabuf_put(msg, sizeof(*resp));
1556	resp->code = EAP_CODE_FAILURE;
1557	resp->identifier = id;
1558	resp->length = host_to_be16(sizeof(*resp));
1559
1560	return msg;
1561}
1562
1563
1564static int eap_sm_nextId(struct eap_sm *sm, int id)
1565{
1566	if (id < 0) {
1567		/* RFC 3748 Ch 4.1: recommended to initialize Identifier with a
1568		 * random number */
1569		id = rand() & 0xff;
1570		if (id != sm->lastId)
1571			return id;
1572	}
1573	return (id + 1) & 0xff;
1574}
1575
1576
1577/**
1578 * eap_sm_process_nak - Process EAP-Response/Nak
1579 * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
1580 * @nak_list: Nak list (allowed methods) from the supplicant
1581 * @len: Length of nak_list in bytes
1582 *
1583 * This function is called when EAP-Response/Nak is received from the
1584 * supplicant. This can happen for both phase 1 and phase 2 authentications.
1585 */
1586void eap_sm_process_nak(struct eap_sm *sm, const u8 *nak_list, size_t len)
1587{
1588	int i;
1589	size_t j;
1590
1591	if (sm->user == NULL)
1592		return;
1593
1594	wpa_printf(MSG_MSGDUMP, "EAP: processing NAK (current EAP method "
1595		   "index %d)", sm->user_eap_method_index);
1596
1597	wpa_hexdump(MSG_MSGDUMP, "EAP: configured methods",
1598		    (u8 *) sm->user->methods,
1599		    EAP_MAX_METHODS * sizeof(sm->user->methods[0]));
1600	wpa_hexdump(MSG_MSGDUMP, "EAP: list of methods supported by the peer",
1601		    nak_list, len);
1602
1603	i = sm->user_eap_method_index;
1604	while (i < EAP_MAX_METHODS &&
1605	       (sm->user->methods[i].vendor != EAP_VENDOR_IETF ||
1606		sm->user->methods[i].method != EAP_TYPE_NONE)) {
1607		if (sm->user->methods[i].vendor != EAP_VENDOR_IETF)
1608			goto not_found;
1609		for (j = 0; j < len; j++) {
1610			if (nak_list[j] == sm->user->methods[i].method) {
1611				break;
1612			}
1613		}
1614
1615		if (j < len) {
1616			/* found */
1617			i++;
1618			continue;
1619		}
1620
1621	not_found:
1622		/* not found - remove from the list */
1623		if (i + 1 < EAP_MAX_METHODS) {
1624			os_memmove(&sm->user->methods[i],
1625				   &sm->user->methods[i + 1],
1626				   (EAP_MAX_METHODS - i - 1) *
1627				   sizeof(sm->user->methods[0]));
1628		}
1629		sm->user->methods[EAP_MAX_METHODS - 1].vendor =
1630			EAP_VENDOR_IETF;
1631		sm->user->methods[EAP_MAX_METHODS - 1].method = EAP_TYPE_NONE;
1632	}
1633
1634	wpa_hexdump(MSG_MSGDUMP, "EAP: new list of configured methods",
1635		    (u8 *) sm->user->methods, EAP_MAX_METHODS *
1636		    sizeof(sm->user->methods[0]));
1637}
1638
1639
1640static void eap_sm_Policy_update(struct eap_sm *sm, const u8 *nak_list,
1641				 size_t len)
1642{
1643	if (nak_list == NULL || sm == NULL || sm->user == NULL)
1644		return;
1645
1646	if (sm->user->phase2) {
1647		wpa_printf(MSG_DEBUG, "EAP: EAP-Nak received after Phase2 user"
1648			   " info was selected - reject");
1649		sm->decision = DECISION_FAILURE;
1650		return;
1651	}
1652
1653	eap_sm_process_nak(sm, nak_list, len);
1654}
1655
1656
1657static EapType eap_sm_Policy_getNextMethod(struct eap_sm *sm, int *vendor)
1658{
1659	EapType next;
1660	int idx = sm->user_eap_method_index;
1661
1662	/* In theory, there should be no problems with starting
1663	 * re-authentication with something else than EAP-Request/Identity and
1664	 * this does indeed work with wpa_supplicant. However, at least Funk
1665	 * Supplicant seemed to ignore re-auth if it skipped
1666	 * EAP-Request/Identity.
1667	 * Re-auth sets currentId == -1, so that can be used here to select
1668	 * whether Identity needs to be requested again. */
1669	if (sm->identity == NULL || sm->currentId == -1) {
1670		*vendor = EAP_VENDOR_IETF;
1671		next = EAP_TYPE_IDENTITY;
1672		sm->update_user = TRUE;
1673	} else if (sm->user && idx < EAP_MAX_METHODS &&
1674		   (sm->user->methods[idx].vendor != EAP_VENDOR_IETF ||
1675		    sm->user->methods[idx].method != EAP_TYPE_NONE)) {
1676		*vendor = sm->user->methods[idx].vendor;
1677		next = sm->user->methods[idx].method;
1678		sm->user_eap_method_index++;
1679	} else {
1680		*vendor = EAP_VENDOR_IETF;
1681		next = EAP_TYPE_NONE;
1682	}
1683	wpa_printf(MSG_DEBUG, "EAP: getNextMethod: vendor %d type %d",
1684		   *vendor, next);
1685	return next;
1686}
1687
1688
1689static int eap_sm_Policy_getDecision(struct eap_sm *sm)
1690{
1691	if (!sm->eap_server && sm->identity && !sm->start_reauth) {
1692		wpa_printf(MSG_DEBUG, "EAP: getDecision: -> PASSTHROUGH");
1693		return DECISION_PASSTHROUGH;
1694	}
1695
1696	if (sm->m && sm->currentMethod != EAP_TYPE_IDENTITY &&
1697	    sm->m->isSuccess(sm, sm->eap_method_priv)) {
1698		wpa_printf(MSG_DEBUG, "EAP: getDecision: method succeeded -> "
1699			   "SUCCESS");
1700		sm->update_user = TRUE;
1701		return DECISION_SUCCESS;
1702	}
1703
1704	if (sm->m && sm->m->isDone(sm, sm->eap_method_priv) &&
1705	    !sm->m->isSuccess(sm, sm->eap_method_priv)) {
1706		wpa_printf(MSG_DEBUG, "EAP: getDecision: method failed -> "
1707			   "FAILURE");
1708		sm->update_user = TRUE;
1709		return DECISION_FAILURE;
1710	}
1711
1712	if ((sm->user == NULL || sm->update_user) && sm->identity &&
1713	    !sm->start_reauth) {
1714		/*
1715		 * Allow Identity method to be started once to allow identity
1716		 * selection hint to be sent from the authentication server,
1717		 * but prevent a loop of Identity requests by only allowing
1718		 * this to happen once.
1719		 */
1720		int id_req = 0;
1721		if (sm->user && sm->currentMethod == EAP_TYPE_IDENTITY &&
1722		    sm->user->methods[0].vendor == EAP_VENDOR_IETF &&
1723		    sm->user->methods[0].method == EAP_TYPE_IDENTITY)
1724			id_req = 1;
1725		if (eap_user_get(sm, sm->identity, sm->identity_len, 0) != 0) {
1726			wpa_printf(MSG_DEBUG, "EAP: getDecision: user not "
1727				   "found from database -> FAILURE");
1728			return DECISION_FAILURE;
1729		}
1730		if (id_req && sm->user &&
1731		    sm->user->methods[0].vendor == EAP_VENDOR_IETF &&
1732		    sm->user->methods[0].method == EAP_TYPE_IDENTITY) {
1733			wpa_printf(MSG_DEBUG, "EAP: getDecision: stop "
1734				   "identity request loop -> FAILURE");
1735			sm->update_user = TRUE;
1736			return DECISION_FAILURE;
1737		}
1738		sm->update_user = FALSE;
1739	}
1740	sm->start_reauth = FALSE;
1741
1742	if (sm->user && sm->user_eap_method_index < EAP_MAX_METHODS &&
1743	    (sm->user->methods[sm->user_eap_method_index].vendor !=
1744	     EAP_VENDOR_IETF ||
1745	     sm->user->methods[sm->user_eap_method_index].method !=
1746	     EAP_TYPE_NONE)) {
1747		wpa_printf(MSG_DEBUG, "EAP: getDecision: another method "
1748			   "available -> CONTINUE");
1749		return DECISION_CONTINUE;
1750	}
1751
1752	if (!sm->identity && eap_get_erp_send_reauth_start(sm) &&
1753	    !sm->initiate_reauth_start_sent) {
1754		wpa_printf(MSG_DEBUG,
1755			   "EAP: getDecision: send EAP-Initiate/Re-auth-Start");
1756		return DECISION_INITIATE_REAUTH_START;
1757	}
1758
1759	if (sm->identity == NULL || sm->currentId == -1) {
1760		wpa_printf(MSG_DEBUG, "EAP: getDecision: no identity known "
1761			   "yet -> CONTINUE");
1762		return DECISION_CONTINUE;
1763	}
1764
1765	wpa_printf(MSG_DEBUG, "EAP: getDecision: no more methods available -> "
1766		   "FAILURE");
1767	return DECISION_FAILURE;
1768}
1769
1770
1771static Boolean eap_sm_Policy_doPickUp(struct eap_sm *sm, EapType method)
1772{
1773	return method == EAP_TYPE_IDENTITY ? TRUE : FALSE;
1774}
1775
1776
1777/**
1778 * eap_server_sm_step - Step EAP server state machine
1779 * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
1780 * Returns: 1 if EAP state was changed or 0 if not
1781 *
1782 * This function advances EAP state machine to a new state to match with the
1783 * current variables. This should be called whenever variables used by the EAP
1784 * state machine have changed.
1785 */
1786int eap_server_sm_step(struct eap_sm *sm)
1787{
1788	int res = 0;
1789	do {
1790		sm->changed = FALSE;
1791		SM_STEP_RUN(EAP);
1792		if (sm->changed)
1793			res = 1;
1794	} while (sm->changed);
1795	return res;
1796}
1797
1798
1799static void eap_user_free(struct eap_user *user)
1800{
1801	if (user == NULL)
1802		return;
1803	bin_clear_free(user->password, user->password_len);
1804	user->password = NULL;
1805	os_free(user);
1806}
1807
1808
1809/**
1810 * eap_server_sm_init - Allocate and initialize EAP server state machine
1811 * @eapol_ctx: Context data to be used with eapol_cb calls
1812 * @eapol_cb: Pointer to EAPOL callback functions
1813 * @conf: EAP configuration
1814 * Returns: Pointer to the allocated EAP state machine or %NULL on failure
1815 *
1816 * This function allocates and initializes an EAP state machine.
1817 */
1818struct eap_sm * eap_server_sm_init(void *eapol_ctx,
1819				   const struct eapol_callbacks *eapol_cb,
1820				   struct eap_config *conf)
1821{
1822	struct eap_sm *sm;
1823
1824	sm = os_zalloc(sizeof(*sm));
1825	if (sm == NULL)
1826		return NULL;
1827	sm->eapol_ctx = eapol_ctx;
1828	sm->eapol_cb = eapol_cb;
1829	sm->MaxRetrans = 5; /* RFC 3748: max 3-5 retransmissions suggested */
1830	sm->ssl_ctx = conf->ssl_ctx;
1831	sm->msg_ctx = conf->msg_ctx;
1832	sm->eap_sim_db_priv = conf->eap_sim_db_priv;
1833	sm->backend_auth = conf->backend_auth;
1834	sm->eap_server = conf->eap_server;
1835	if (conf->pac_opaque_encr_key) {
1836		sm->pac_opaque_encr_key = os_malloc(16);
1837		if (sm->pac_opaque_encr_key) {
1838			os_memcpy(sm->pac_opaque_encr_key,
1839				  conf->pac_opaque_encr_key, 16);
1840		}
1841	}
1842	if (conf->eap_fast_a_id) {
1843		sm->eap_fast_a_id = os_malloc(conf->eap_fast_a_id_len);
1844		if (sm->eap_fast_a_id) {
1845			os_memcpy(sm->eap_fast_a_id, conf->eap_fast_a_id,
1846				  conf->eap_fast_a_id_len);
1847			sm->eap_fast_a_id_len = conf->eap_fast_a_id_len;
1848		}
1849	}
1850	if (conf->eap_fast_a_id_info)
1851		sm->eap_fast_a_id_info = os_strdup(conf->eap_fast_a_id_info);
1852	sm->eap_fast_prov = conf->eap_fast_prov;
1853	sm->pac_key_lifetime = conf->pac_key_lifetime;
1854	sm->pac_key_refresh_time = conf->pac_key_refresh_time;
1855	sm->eap_sim_aka_result_ind = conf->eap_sim_aka_result_ind;
1856	sm->tnc = conf->tnc;
1857	sm->wps = conf->wps;
1858	if (conf->assoc_wps_ie)
1859		sm->assoc_wps_ie = wpabuf_dup(conf->assoc_wps_ie);
1860	if (conf->assoc_p2p_ie)
1861		sm->assoc_p2p_ie = wpabuf_dup(conf->assoc_p2p_ie);
1862	if (conf->peer_addr)
1863		os_memcpy(sm->peer_addr, conf->peer_addr, ETH_ALEN);
1864	sm->fragment_size = conf->fragment_size;
1865	sm->pwd_group = conf->pwd_group;
1866	sm->pbc_in_m1 = conf->pbc_in_m1;
1867	sm->server_id = conf->server_id;
1868	sm->server_id_len = conf->server_id_len;
1869	sm->erp = conf->erp;
1870	sm->tls_session_lifetime = conf->tls_session_lifetime;
1871
1872#ifdef CONFIG_TESTING_OPTIONS
1873	sm->tls_test_flags = conf->tls_test_flags;
1874#endif /* CONFIG_TESTING_OPTIONS */
1875
1876	wpa_printf(MSG_DEBUG, "EAP: Server state machine created");
1877
1878	return sm;
1879}
1880
1881
1882/**
1883 * eap_server_sm_deinit - Deinitialize and free an EAP server state machine
1884 * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
1885 *
1886 * This function deinitializes EAP state machine and frees all allocated
1887 * resources.
1888 */
1889void eap_server_sm_deinit(struct eap_sm *sm)
1890{
1891	if (sm == NULL)
1892		return;
1893	wpa_printf(MSG_DEBUG, "EAP: Server state machine removed");
1894	if (sm->m && sm->eap_method_priv)
1895		sm->m->reset(sm, sm->eap_method_priv);
1896	wpabuf_free(sm->eap_if.eapReqData);
1897	bin_clear_free(sm->eap_if.eapKeyData, sm->eap_if.eapKeyDataLen);
1898	os_free(sm->eap_if.eapSessionId);
1899	wpabuf_free(sm->lastReqData);
1900	wpabuf_free(sm->eap_if.eapRespData);
1901	os_free(sm->identity);
1902	os_free(sm->pac_opaque_encr_key);
1903	os_free(sm->eap_fast_a_id);
1904	os_free(sm->eap_fast_a_id_info);
1905	wpabuf_free(sm->eap_if.aaaEapReqData);
1906	wpabuf_free(sm->eap_if.aaaEapRespData);
1907	bin_clear_free(sm->eap_if.aaaEapKeyData, sm->eap_if.aaaEapKeyDataLen);
1908	eap_user_free(sm->user);
1909	wpabuf_free(sm->assoc_wps_ie);
1910	wpabuf_free(sm->assoc_p2p_ie);
1911	os_free(sm);
1912}
1913
1914
1915/**
1916 * eap_sm_notify_cached - Notify EAP state machine of cached PMK
1917 * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
1918 *
1919 * This function is called when PMKSA caching is used to skip EAP
1920 * authentication.
1921 */
1922void eap_sm_notify_cached(struct eap_sm *sm)
1923{
1924	if (sm == NULL)
1925		return;
1926
1927	sm->EAP_state = EAP_SUCCESS;
1928}
1929
1930
1931/**
1932 * eap_sm_pending_cb - EAP state machine callback for a pending EAP request
1933 * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
1934 *
1935 * This function is called when data for a pending EAP-Request is received.
1936 */
1937void eap_sm_pending_cb(struct eap_sm *sm)
1938{
1939	if (sm == NULL)
1940		return;
1941	wpa_printf(MSG_DEBUG, "EAP: Callback for pending request received");
1942	if (sm->method_pending == METHOD_PENDING_WAIT)
1943		sm->method_pending = METHOD_PENDING_CONT;
1944}
1945
1946
1947/**
1948 * eap_sm_method_pending - Query whether EAP method is waiting for pending data
1949 * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
1950 * Returns: 1 if method is waiting for pending data or 0 if not
1951 */
1952int eap_sm_method_pending(struct eap_sm *sm)
1953{
1954	if (sm == NULL)
1955		return 0;
1956	return sm->method_pending == METHOD_PENDING_WAIT;
1957}
1958
1959
1960/**
1961 * eap_get_identity - Get the user identity (from EAP-Response/Identity)
1962 * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
1963 * @len: Buffer for returning identity length
1964 * Returns: Pointer to the user identity or %NULL if not available
1965 */
1966const u8 * eap_get_identity(struct eap_sm *sm, size_t *len)
1967{
1968	*len = sm->identity_len;
1969	return sm->identity;
1970}
1971
1972
1973void eap_erp_update_identity(struct eap_sm *sm, const u8 *eap, size_t len)
1974{
1975#ifdef CONFIG_ERP
1976	const struct eap_hdr *hdr;
1977	const u8 *pos, *end;
1978	struct erp_tlvs parse;
1979
1980	if (len < sizeof(*hdr) + 1)
1981		return;
1982	hdr = (const struct eap_hdr *) eap;
1983	end = eap + len;
1984	pos = (const u8 *) (hdr + 1);
1985	if (hdr->code != EAP_CODE_INITIATE || *pos != EAP_ERP_TYPE_REAUTH)
1986		return;
1987	pos++;
1988	if (pos + 3 > end)
1989		return;
1990
1991	/* Skip Flags and SEQ */
1992	pos += 3;
1993
1994	if (erp_parse_tlvs(pos, end, &parse, 1) < 0 || !parse.keyname)
1995		return;
1996	wpa_hexdump_ascii(MSG_DEBUG,
1997			  "EAP: Update identity based on EAP-Initiate/Re-auth keyName-NAI",
1998			  parse.keyname, parse.keyname_len);
1999	os_free(sm->identity);
2000	sm->identity = os_malloc(parse.keyname_len);
2001	if (sm->identity) {
2002		os_memcpy(sm->identity, parse.keyname, parse.keyname_len);
2003		sm->identity_len = parse.keyname_len;
2004	} else {
2005		sm->identity_len = 0;
2006	}
2007#endif /* CONFIG_ERP */
2008}
2009
2010
2011/**
2012 * eap_get_interface - Get pointer to EAP-EAPOL interface data
2013 * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
2014 * Returns: Pointer to the EAP-EAPOL interface data
2015 */
2016struct eap_eapol_interface * eap_get_interface(struct eap_sm *sm)
2017{
2018	return &sm->eap_if;
2019}
2020
2021
2022/**
2023 * eap_server_clear_identity - Clear EAP identity information
2024 * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
2025 *
2026 * This function can be used to clear the EAP identity information in the EAP
2027 * server context. This allows the EAP/Identity method to be used again after
2028 * EAPOL-Start or EAPOL-Logoff.
2029 */
2030void eap_server_clear_identity(struct eap_sm *sm)
2031{
2032	os_free(sm->identity);
2033	sm->identity = NULL;
2034}
2035
2036
2037#ifdef CONFIG_TESTING_OPTIONS
2038void eap_server_mschap_rx_callback(struct eap_sm *sm, const char *source,
2039				   const u8 *username, size_t username_len,
2040				   const u8 *challenge, const u8 *response)
2041{
2042	char hex_challenge[30], hex_response[90], user[100];
2043
2044	/* Print out Challenge and Response in format supported by asleap. */
2045	if (username)
2046		printf_encode(user, sizeof(user), username, username_len);
2047	else
2048		user[0] = '\0';
2049	wpa_snprintf_hex_sep(hex_challenge, sizeof(hex_challenge),
2050			     challenge, sizeof(challenge), ':');
2051	wpa_snprintf_hex_sep(hex_response, sizeof(hex_response), response, 24,
2052			     ':');
2053	wpa_printf(MSG_DEBUG, "[%s/user=%s] asleap -C %s -R %s",
2054		   source, user, hex_challenge, hex_response);
2055}
2056#endif /* CONFIG_TESTING_OPTIONS */
2057