iPXE
eapol.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2021 Michael Brown <mbrown@fensystems.co.uk>.
3  *
4  * This program is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU General Public License as
6  * published by the Free Software Foundation; either version 2 of the
7  * License, or any later version.
8  *
9  * This program is distributed in the hope that it will be useful, but
10  * WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12  * General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not, write to the Free Software
16  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
17  * 02110-1301, USA.
18  *
19  * You can also choose to distribute this program under the terms of
20  * the Unmodified Binary Distribution Licence (as given in the file
21  * COPYING.UBDL), provided that you have satisfied its requirements.
22  */
23 
24 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
25 
26 #include <assert.h>
27 #include <errno.h>
28 #include <byteswap.h>
29 #include <ipxe/iobuf.h>
30 #include <ipxe/if_ether.h>
31 #include <ipxe/if_arp.h>
32 #include <ipxe/netdevice.h>
33 #include <ipxe/vlan.h>
34 #include <ipxe/retry.h>
35 #include <ipxe/eap.h>
36 #include <ipxe/eapol.h>
37 
38 /** @file
39  *
40  * Extensible Authentication Protocol over LAN (EAPoL)
41  *
42  */
43 
44 struct net_driver eapol_driver __net_driver;
45 
46 /** EAPoL destination MAC address */
47 static const uint8_t eapol_mac[ETH_ALEN] = {
48  0x01, 0x80, 0xc2, 0x00, 0x00, 0x03
49 };
50 
51 /**
52  * Process EAPoL packet
53  *
54  * @v iobuf I/O buffer
55  * @v netdev Network device
56  * @v ll_dest Link-layer destination address
57  * @v ll_source Link-layer source address
58  * @v flags Packet flags
59  * @ret rc Return status code
60  */
61 static int eapol_rx ( struct io_buffer *iobuf, struct net_device *netdev,
62  const void *ll_dest __unused, const void *ll_source,
63  unsigned int flags __unused ) {
64  struct eapol_supplicant *supplicant;
65  struct eapol_header *eapol;
66  struct eapol_handler *handler;
67  size_t remaining;
68  size_t len;
69  int rc;
70 
71  /* Find matching supplicant */
72  supplicant = netdev_priv ( netdev, &eapol_driver );
73 
74  /* Ignore non-EAPoL devices */
75  if ( ! supplicant->eap.netdev ) {
76  DBGC ( netdev, "EAPOL %s is not an EAPoL device\n",
77  netdev->name );
78  DBGC_HDA ( netdev, 0, iobuf->data, iob_len ( iobuf ) );
79  rc = -ENOTTY;
80  goto drop;
81  }
82 
83  /* Sanity checks */
84  if ( iob_len ( iobuf ) < sizeof ( *eapol ) ) {
85  DBGC ( netdev, "EAPOL %s underlength header:\n",
86  netdev->name );
87  DBGC_HDA ( netdev, 0, iobuf->data, iob_len ( iobuf ) );
88  rc = -EINVAL;
89  goto drop;
90  }
91  eapol = iobuf->data;
92  remaining = ( iob_len ( iobuf ) - sizeof ( *eapol ) );
93  len = ntohs ( eapol->len );
94  if ( len > remaining ) {
95  DBGC ( netdev, "EAPOL %s v%d type %d len %zd underlength "
96  "payload:\n", netdev->name, eapol->version,
97  eapol->type, len );
98  DBGC_HDA ( netdev, 0, iobuf->data, iob_len ( iobuf ) );
99  rc = -EINVAL;
100  goto drop;
101  }
102 
103  /* Strip any trailing padding */
104  iob_unput ( iobuf, ( len - remaining ) );
105 
106  /* Handle according to type */
107  for_each_table_entry ( handler, EAPOL_HANDLERS ) {
108  if ( handler->type == eapol->type ) {
109  return handler->rx ( supplicant, iob_disown ( iobuf ),
110  ll_source );
111  }
112  }
113  rc = -ENOTSUP;
114  DBGC ( netdev, "EAPOL %s v%d type %d unsupported\n",
115  netdev->name, eapol->version, eapol->type );
116  DBGC_HDA ( netdev, 0, iobuf->data, iob_len ( iobuf ) );
117 
118  drop:
119  free_iob ( iobuf );
120  return rc;
121 }
122 
123 /** EAPoL protocol */
124 struct net_protocol eapol_protocol __net_protocol = {
125  .name = "EAPOL",
126  .net_proto = htons ( ETH_P_EAPOL ),
127  .rx = eapol_rx,
128 };
129 
130 /**
131  * Process EAPoL-encapsulated EAP packet
132  *
133  * @v supplicant EAPoL supplicant
134  * @v ll_source Link-layer source address
135  * @ret rc Return status code
136  */
137 static int eapol_eap_rx ( struct eapol_supplicant *supplicant,
138  struct io_buffer *iobuf,
139  const void *ll_source __unused ) {
140  struct net_device *netdev = supplicant->eap.netdev;
141  struct eapol_header *eapol;
142  int rc;
143 
144  /* Sanity check */
145  assert ( iob_len ( iobuf ) >= sizeof ( *eapol ) );
146 
147  /* Strip EAPoL header */
148  eapol = iob_pull ( iobuf, sizeof ( *eapol ) );
149 
150  /* Process EAP packet */
151  if ( ( rc = eap_rx ( &supplicant->eap, iobuf->data,
152  iob_len ( iobuf ) ) ) != 0 ) {
153  DBGC ( netdev, "EAPOL %s v%d EAP failed: %s\n",
154  netdev->name, eapol->version, strerror ( rc ) );
155  goto drop;
156  }
157 
158  /* Update EAPoL-Start transmission timer */
159  if ( supplicant->eap.flags & EAP_FL_PASSIVE ) {
160  /* Stop sending EAPoL-Start */
161  if ( timer_running ( &supplicant->timer ) ) {
162  DBGC ( netdev, "EAPOL %s becoming passive\n",
163  netdev->name );
164  }
165  stop_timer ( &supplicant->timer );
166  } else if ( supplicant->eap.flags & EAP_FL_ONGOING ) {
167  /* Delay EAPoL-Start until after next expected packet */
168  DBGC ( netdev, "EAPOL %s deferring Start\n", netdev->name );
169  start_timer_fixed ( &supplicant->timer, EAP_WAIT_TIMEOUT );
170  supplicant->count = 0;
171  }
172 
173  drop:
174  free_iob ( iobuf );
175  return rc;
176 }
177 
178 /** EAPoL handler for EAP packets */
179 struct eapol_handler eapol_eap __eapol_handler = {
180  .type = EAPOL_TYPE_EAP,
181  .rx = eapol_eap_rx,
182 };
183 
184 /**
185  * Transmit EAPoL packet
186  *
187  * @v supplicant EAPoL supplicant
188  * @v type Packet type
189  * @v data Packet body
190  * @v len Length of packet body
191  * @ret rc Return status code
192  */
193 static int eapol_tx ( struct eapol_supplicant *supplicant, unsigned int type,
194  const void *data, size_t len ) {
195  struct net_device *netdev = supplicant->eap.netdev;
196  struct io_buffer *iobuf;
197  struct eapol_header *eapol;
198  int rc;
199 
200  /* Allocate I/O buffer */
201  iobuf = alloc_iob ( MAX_LL_HEADER_LEN + sizeof ( *eapol ) + len );
202  if ( ! iobuf )
203  return -ENOMEM;
204  iob_reserve ( iobuf, MAX_LL_HEADER_LEN );
205 
206  /* Construct EAPoL header */
207  eapol = iob_put ( iobuf, sizeof ( *eapol ) );
208  eapol->version = EAPOL_VERSION_2001;
209  eapol->type = type;
210  eapol->len = htons ( len );
211 
212  /* Append packet body */
213  memcpy ( iob_put ( iobuf, len ), data, len );
214 
215  /* Transmit packet */
216  if ( ( rc = net_tx ( iob_disown ( iobuf ), netdev, &eapol_protocol,
217  &eapol_mac, netdev->ll_addr ) ) != 0 ) {
218  DBGC ( netdev, "EAPOL %s could not transmit type %d: %s\n",
219  netdev->name, type, strerror ( rc ) );
220  DBGC_HDA ( netdev, 0, data, len );
221  return rc;
222  }
223 
224  return 0;
225 }
226 
227 /**
228  * Transmit EAPoL-encapsulated EAP packet
229  *
230  * @v supplicant EAPoL supplicant
231  * @v ll_source Link-layer source address
232  * @ret rc Return status code
233  */
234 static int eapol_eap_tx ( struct eap_supplicant *eap, const void *data,
235  size_t len ) {
236  struct eapol_supplicant *supplicant =
237  container_of ( eap, struct eapol_supplicant, eap );
238 
239  /* Transmit encapsulated packet */
240  return eapol_tx ( supplicant, EAPOL_TYPE_EAP, data, len );
241 }
242 
243 /**
244  * (Re)transmit EAPoL-Start packet
245  *
246  * @v timer EAPoL-Start timer
247  * @v expired Failure indicator
248  */
249 static void eapol_expired ( struct retry_timer *timer, int fail __unused ) {
250  struct eapol_supplicant *supplicant =
251  container_of ( timer, struct eapol_supplicant, timer );
252  struct net_device *netdev = supplicant->eap.netdev;
253 
254  /* Stop transmitting after maximum number of attempts */
255  if ( supplicant->count++ >= EAPOL_START_COUNT ) {
256  DBGC ( netdev, "EAPOL %s giving up\n", netdev->name );
257  return;
258  }
259 
260  /* Schedule next transmission */
261  start_timer_fixed ( timer, EAPOL_START_INTERVAL );
262 
263  /* Transmit EAPoL-Start, ignoring errors */
264  DBGC2 ( netdev, "EAPOL %s transmitting Start\n", netdev->name );
265  eapol_tx ( supplicant, EAPOL_TYPE_START, NULL, 0 );
266 }
267 
268 /**
269  * Create EAPoL supplicant
270  *
271  * @v netdev Network device
272  * @v priv Private data
273  * @ret rc Return status code
274  */
275 static int eapol_probe ( struct net_device *netdev, void *priv ) {
276  struct eapol_supplicant *supplicant = priv;
277  struct ll_protocol *ll_protocol = netdev->ll_protocol;
278 
279  /* Ignore non-EAPoL devices */
280  if ( ll_protocol->ll_proto != htons ( ARPHRD_ETHER ) )
281  return 0;
282  if ( vlan_tag ( netdev ) )
283  return 0;
284 
285  /* Initialise structure */
286  supplicant->eap.netdev = netdev;
287  supplicant->eap.tx = eapol_eap_tx;
288  timer_init ( &supplicant->timer, eapol_expired, &netdev->refcnt );
289 
290  return 0;
291 }
292 
293 /**
294  * Handle EAPoL supplicant state change
295  *
296  * @v netdev Network device
297  * @v priv Private data
298  */
299 static void eapol_notify ( struct net_device *netdev, void *priv ) {
300  struct eapol_supplicant *supplicant = priv;
301 
302  /* Ignore non-EAPoL devices */
303  if ( ! supplicant->eap.netdev )
304  return;
305 
306  /* Terminate and reset EAP when link goes down */
307  if ( ! ( netdev_is_open ( netdev ) && netdev_link_ok ( netdev ) ) ) {
308  if ( timer_running ( &supplicant->timer ) ) {
309  DBGC ( netdev, "EAPOL %s shutting down\n",
310  netdev->name );
311  }
312  supplicant->eap.flags = 0;
313  stop_timer ( &supplicant->timer );
314  return;
315  }
316 
317  /* Do nothing if EAP is already in progress */
318  if ( timer_running ( &supplicant->timer ) )
319  return;
320 
321  /* Do nothing if EAP has already finished transmitting */
322  if ( supplicant->eap.flags & EAP_FL_PASSIVE )
323  return;
324 
325  /* Otherwise, start sending EAPoL-Start */
326  start_timer_nodelay ( &supplicant->timer );
327  supplicant->count = 0;
328  DBGC ( netdev, "EAPOL %s starting up\n", netdev->name );
329 }
330 
331 /** EAPoL driver */
332 struct net_driver eapol_driver __net_driver = {
333  .name = "EAPoL",
334  .priv_len = sizeof ( struct eapol_supplicant ),
335  .probe = eapol_probe,
336  .notify = eapol_notify,
337 };
iob_pull
#define iob_pull(iobuf, len)
Definition: iobuf.h:102
eapol_header::len
uint16_t len
Payload length.
Definition: eapol.h:24
EINVAL
#define EINVAL
Invalid argument.
Definition: errno.h:428
rc
struct arbelprm_rc_send_wqe rc
Definition: arbel.h:14
net_protocol::name
const char * name
Protocol name.
Definition: netdevice.h:66
__net_driver
struct net_driver eapol_driver __net_driver
EAPoL driver.
Definition: eapol.c:44
iob_put
#define iob_put(iobuf, len)
Definition: iobuf.h:120
start_timer_nodelay
static void start_timer_nodelay(struct retry_timer *timer)
Start timer with no delay.
Definition: retry.h:99
__net_protocol
struct net_protocol eapol_protocol __net_protocol
EAPoL protocol.
Definition: eapol.c:124
eapol_eap_rx
static int eapol_eap_rx(struct eapol_supplicant *supplicant, struct io_buffer *iobuf, const void *ll_source __unused)
Process EAPoL-encapsulated EAP packet.
Definition: eapol.c:137
eapol_eap_tx
static int eapol_eap_tx(struct eap_supplicant *eap, const void *data, size_t len)
Transmit EAPoL-encapsulated EAP packet.
Definition: eapol.c:234
errno.h
Error codes.
FILE_LICENCE
FILE_LICENCE(GPL2_OR_LATER_OR_UBDL)
iobuf.h
I/O buffers.
free_iob
void free_iob(struct io_buffer *iobuf)
Free I/O buffer.
Definition: iobuf.c:146
retry.h
Retry timers.
EAPOL_START_INTERVAL
#define EAPOL_START_INTERVAL
Delay between EAPoL-Start packets.
Definition: eapol.h:50
DBGC
#define DBGC(...)
Definition: compiler.h:505
retry_timer
A retry timer.
Definition: retry.h:21
eapol_rx
static int eapol_rx(struct io_buffer *iobuf, struct net_device *netdev, const void *ll_dest __unused, const void *ll_source, unsigned int flags __unused)
Process EAPoL packet.
Definition: eapol.c:61
eap_supplicant
An EAP supplicant.
Definition: eap.h:138
eapol_expired
static void eapol_expired(struct retry_timer *timer, int fail __unused)
(Re)transmit EAPoL-Start packet
Definition: eapol.c:249
eap_rx
int eap_rx(struct eap_supplicant *supplicant, const void *data, size_t len)
Handle EAP packet.
Definition: eap.c:263
ntohs
#define ntohs(value)
Definition: byteswap.h:136
if_ether.h
EAPOL_HANDLERS
#define EAPOL_HANDLERS
EAPoL handler table.
Definition: eapol.h:74
alloc_iob
struct io_buffer * alloc_iob(size_t len)
Allocate I/O buffer.
Definition: iobuf.c:129
net_driver
A network upper-layer driver.
Definition: netdevice.h:473
ll_protocol
A link-layer protocol.
Definition: netdevice.h:114
if_arp.h
Address Resolution Protocol constants and types.
ENOTSUP
#define ENOTSUP
Operation not supported.
Definition: errno.h:589
timer
A timer.
Definition: timer.h:28
eapol_mac
static const uint8_t eapol_mac[ETH_ALEN]
EAPoL destination MAC address.
Definition: eapol.c:47
ENOMEM
#define ENOMEM
Not enough space.
Definition: errno.h:534
iob_disown
#define iob_disown(iobuf)
Disown an I/O buffer.
Definition: iobuf.h:212
memcpy
void * memcpy(void *dest, const void *src, size_t len) __nonnull
net_driver::name
const char * name
Name.
Definition: netdevice.h:475
eapol_header
EAPoL header.
Definition: eapol.h:18
netdev_is_open
static int netdev_is_open(struct net_device *netdev)
Check whether or not network device is open.
Definition: netdevice.h:658
assert.h
Assertions.
assert
assert((readw(&hdr->flags) &(GTF_reading|GTF_writing))==0)
container_of
#define container_of(ptr, type, field)
Get containing structure.
Definition: stddef.h:35
netdev_priv
void * netdev_priv(struct net_device *netdev, struct net_driver *driver)
Get network device driver private data.
Definition: netdevice.c:152
DBGC_HDA
#define DBGC_HDA(...)
Definition: compiler.h:506
netdev_link_ok
static int netdev_link_ok(struct net_device *netdev)
Check link state of network device.
Definition: netdevice.h:636
eapol_supplicant::eap
struct eap_supplicant eap
EAP supplicant.
Definition: eapol.h:42
netdev
static struct net_device * netdev
Definition: gdbudp.c:52
EAP_FL_PASSIVE
#define EAP_FL_PASSIVE
EAP supplicant is passive.
Definition: eap.h:174
MAX_LL_HEADER_LEN
#define MAX_LL_HEADER_LEN
Maximum length of a link-layer header.
Definition: netdevice.h:45
eapol.h
Extensible Authentication Protocol over LAN (EAPoL)
EAP_FL_ONGOING
#define EAP_FL_ONGOING
EAP authentication is in progress.
Definition: eap.h:164
eapol_handler
An EAPoL handler.
Definition: eapol.h:56
eapol_notify
static void eapol_notify(struct net_device *netdev, void *priv)
Handle EAPoL supplicant state change.
Definition: eapol.c:299
iob_unput
#define iob_unput(iobuf, len)
Definition: iobuf.h:135
strerror
char * strerror(int errno)
Retrieve string representation of error number.
Definition: strerror.c:78
net_device::refcnt
struct refcnt refcnt
Reference counter.
Definition: netdevice.h:354
iob_len
static size_t iob_len(struct io_buffer *iobuf)
Calculate length of data in an I/O buffer.
Definition: iobuf.h:155
EAPOL_VERSION_2001
#define EAPOL_VERSION_2001
802.1X-2001
Definition: eapol.h:28
for_each_table_entry
#define for_each_table_entry(pointer, table)
Iterate through all entries within a linker table.
Definition: tables.h:385
net_device
A network device.
Definition: netdevice.h:352
uint8_t
unsigned char uint8_t
Definition: stdint.h:10
EAPOL_TYPE_EAP
#define EAPOL_TYPE_EAP
EAPoL-encapsulated EAP packets.
Definition: eapol.h:31
ETH_ALEN
#define ETH_ALEN
Definition: if_ether.h:8
EAPOL_TYPE_START
#define EAPOL_TYPE_START
EAPoL start.
Definition: eapol.h:34
eapol_handler::rx
int(* rx)(struct eapol_supplicant *supplicant, struct io_buffer *iobuf, const void *ll_source)
Process received packet.
Definition: eapol.h:69
ll_protocol::ll_proto
uint16_t ll_proto
Link-layer protocol.
Definition: netdevice.h:194
eapol_header::type
uint8_t type
Type.
Definition: eapol.h:22
net_protocol
A network-layer protocol.
Definition: netdevice.h:64
netdevice.h
Network device management.
start_timer_fixed
void start_timer_fixed(struct retry_timer *timer, unsigned long timeout)
Start timer with a specified timeout.
Definition: retry.c:64
__unused
#define __unused
Declare a variable or data structure as unused.
Definition: compiler.h:573
iob_reserve
#define iob_reserve(iobuf, len)
Definition: iobuf.h:67
stop_timer
void stop_timer(struct retry_timer *timer)
Stop timer.
Definition: retry.c:117
net_device::name
char name[NETDEV_NAME_LEN]
Name of this network device.
Definition: netdevice.h:362
eap_supplicant::tx
int(* tx)(struct eap_supplicant *supplicant, const void *data, size_t len)
Transmit EAP response.
Definition: eap.h:155
net_tx
int net_tx(struct io_buffer *iobuf, struct net_device *netdev, struct net_protocol *net_protocol, const void *ll_dest, const void *ll_source)
Transmit network-layer packet.
Definition: netdevice.c:1073
len
uint32_t len
Length.
Definition: ena.h:14
type
uint32_t type
Operating system type.
Definition: ena.h:12
DBGC2
#define DBGC2(...)
Definition: compiler.h:522
priv
static struct tlan_private * priv
Definition: tlan.c:224
ENOTTY
#define ENOTTY
Inappropriate I/O control operation.
Definition: errno.h:594
eapol_supplicant::timer
struct retry_timer timer
EAPoL-Start retransmission timer.
Definition: eapol.h:44
io_buffer::data
void * data
Start of data.
Definition: iobuf.h:48
eapol_header::version
uint8_t version
Version.
Definition: eapol.h:20
eapol_probe
static int eapol_probe(struct net_device *netdev, void *priv)
Create EAPoL supplicant.
Definition: eapol.c:275
EAP_WAIT_TIMEOUT
#define EAP_WAIT_TIMEOUT
EAP protocol wait timeout.
Definition: eap.h:135
data
uint8_t data[48]
Additional event data.
Definition: ena.h:22
vlan.h
Virtual LANs.
eapol_supplicant::count
unsigned int count
EAPoL-Start transmission count.
Definition: eapol.h:46
eap_supplicant::netdev
struct net_device * netdev
Network device.
Definition: eap.h:140
eapol_supplicant
An EAPoL supplicant.
Definition: eapol.h:40
EAPOL_START_COUNT
#define EAPOL_START_COUNT
Maximum number of EAPoL-Start packets to transmit.
Definition: eapol.h:53
ETH_P_EAPOL
#define ETH_P_EAPOL
Definition: if_ether.h:24
net_device::ll_addr
uint8_t ll_addr[MAX_LL_ADDR_LEN]
Link-layer address.
Definition: netdevice.h:387
vlan_tag
static unsigned int vlan_tag(struct net_device *netdev)
Get the VLAN tag.
Definition: vlan.h:73
ARPHRD_ETHER
#define ARPHRD_ETHER
Ethernet 10Mbps.
Definition: if_arp.h:16
NULL
#define NULL
NULL pointer (VOID *)
Definition: Base.h:321
eapol_handler::type
uint8_t type
Type.
Definition: eapol.h:58
htons
#define htons(value)
Definition: byteswap.h:135
eapol_tx
static int eapol_tx(struct eapol_supplicant *supplicant, unsigned int type, const void *data, size_t len)
Transmit EAPoL packet.
Definition: eapol.c:193
__eapol_handler
struct eapol_handler eapol_eap __eapol_handler
EAPoL handler for EAP packets.
Definition: eapol.c:179
net_device::ll_protocol
struct ll_protocol * ll_protocol
Link-layer protocol.
Definition: netdevice.h:372
eap.h
Extensible Authentication Protocol.
eap_supplicant::flags
uint16_t flags
Flags.
Definition: eap.h:142
io_buffer
A persistent I/O buffer.
Definition: iobuf.h:33
flags
uint8_t flags
Flags.
Definition: ena.h:18
Generated by   doxygen 1.8.15