iPXE
Data Structures | Macros | Functions
eap.h File Reference

Extensible Authentication Protocol. More...

#include <stdint.h>
#include <ipxe/netdevice.h>
#include <ipxe/timer.h>
#include <ipxe/tables.h>

Go to the source code of this file.

Data Structures

struct  eap_header
 EAP header. More...
 
struct  eap_message
 EAP request/response message. More...
 
struct  eap_md5
 EAP MD5 challenge request/response type data. More...
 
struct  eap_mschapv2
 EAP MS-CHAPv2 request/response type data. More...
 
union  eap_packet
 EAP packet. More...
 
struct  eap_supplicant
 An EAP supplicant. More...
 
struct  eap_method
 An EAP method. More...
 

Macros

#define EAP_CODE_REQUEST   1
 EAP request. More...
 
#define EAP_CODE_RESPONSE   2
 EAP response. More...
 
#define EAP_TYPE_NONE   0
 EAP "no available types" marker. More...
 
#define EAP_TYPE_IDENTITY   1
 EAP identity. More...
 
#define EAP_TYPE_NAK   3
 EAP NAK. More...
 
#define EAP_TYPE_MD5   4
 EAP MD5 challenge request/response. More...
 
#define EAP_TYPE_MSCHAPV2   26
 EAP MS-CHAPv2 request/response. More...
 
#define EAP_CODE_SUCCESS   3
 EAP success. More...
 
#define EAP_CODE_FAILURE   4
 EAP failure. More...
 
#define EAP_BLOCK_TIMEOUT   ( 45 * TICKS_PER_SEC )
 EAP link block timeout. More...
 
#define EAP_WAIT_TIMEOUT   ( EAP_BLOCK_TIMEOUT * 7 / 8 )
 EAP protocol wait timeout. More...
 
#define EAP_FL_ONGOING   0x0001
 EAP authentication is in progress. More...
 
#define EAP_FL_PASSIVE   0x0002
 EAP supplicant is passive. More...
 
#define EAP_METHODS   __table ( struct eap_method, "eap_methods" )
 EAP method table. More...
 
#define __eap_method   __table_entry ( EAP_METHODS, 01 )
 Declare an EAP method. More...
 

Functions

 FILE_LICENCE (GPL2_OR_LATER_OR_UBDL)
 
int eap_tx_response (struct eap_supplicant *supplicant, const void *rsp, size_t rsp_len)
 Transmit EAP response. More...
 
int eap_rx (struct eap_supplicant *supplicant, const void *data, size_t len)
 Handle EAP packet. More...
 

Detailed Description

Extensible Authentication Protocol.

Definition in file eap.h.

Macro Definition Documentation

◆ EAP_CODE_REQUEST

#define EAP_CODE_REQUEST   1

EAP request.

Definition at line 28 of file eap.h.

◆ EAP_CODE_RESPONSE

#define EAP_CODE_RESPONSE   2

EAP response.

Definition at line 31 of file eap.h.

◆ EAP_TYPE_NONE

#define EAP_TYPE_NONE   0

EAP "no available types" marker.

Definition at line 44 of file eap.h.

◆ EAP_TYPE_IDENTITY

#define EAP_TYPE_IDENTITY   1

EAP identity.

Definition at line 47 of file eap.h.

◆ EAP_TYPE_NAK

#define EAP_TYPE_NAK   3

EAP NAK.

Definition at line 50 of file eap.h.

◆ EAP_TYPE_MD5

#define EAP_TYPE_MD5   4

EAP MD5 challenge request/response.

Definition at line 53 of file eap.h.

◆ EAP_TYPE_MSCHAPV2

#define EAP_TYPE_MSCHAPV2   26

EAP MS-CHAPv2 request/response.

Definition at line 64 of file eap.h.

◆ EAP_CODE_SUCCESS

#define EAP_CODE_SUCCESS   3

EAP success.

Definition at line 93 of file eap.h.

◆ EAP_CODE_FAILURE

#define EAP_CODE_FAILURE   4

EAP failure.

Definition at line 96 of file eap.h.

◆ EAP_BLOCK_TIMEOUT

#define EAP_BLOCK_TIMEOUT   ( 45 * TICKS_PER_SEC )

EAP link block timeout.

We mark the link as blocked upon receiving a Request-Identity, on the basis that this most likely indicates that the switch will not yet be forwarding packets.

There is no way to tell how frequently the Request-Identity packet will be retransmitted by the switch. The default value for Cisco switches seems to be 30 seconds, so treat the link as blocked for 45 seconds.

Definition at line 117 of file eap.h.

◆ EAP_WAIT_TIMEOUT

#define EAP_WAIT_TIMEOUT   ( EAP_BLOCK_TIMEOUT * 7 / 8 )

EAP protocol wait timeout.

In the EAP model, the supplicant is a pure responder. The model also defines no acknowledgement response for the final Success or Failure "requests". This leaves open the possibility that the final Success or Failure packet is lost, with the supplicant having no way to determine the final authentication status.

Sideband mechanisms such as EAPoL-Start may be used to restart the entire EAP process, as a (crude) workaround for this protocol flaw. When expecting to receive a further EAP request (e.g. an authentication challenge), we may wait for some length of time before triggering this restart. Choose a duration that is shorter than the link block timeout, so that there is no period during which we erroneously leave the link marked as not blocked.

Definition at line 135 of file eap.h.

◆ EAP_FL_ONGOING

#define EAP_FL_ONGOING   0x0001

EAP authentication is in progress.

This indicates that we have received an EAP Request-Identity, but have not yet received a final EAP Success or EAP Failure.

Definition at line 164 of file eap.h.

◆ EAP_FL_PASSIVE

#define EAP_FL_PASSIVE   0x0002

EAP supplicant is passive.

This indicates that the supplicant should not transmit any futher unsolicited packets (e.g. EAPoL-Start for a supplicant running over EAPoL). This could be because authentication has already completed, or because we are relying upon MAC Authentication Bypass (MAB) which may have a very long timeout.

Definition at line 174 of file eap.h.

◆ EAP_METHODS

#define EAP_METHODS   __table ( struct eap_method, "eap_methods" )

EAP method table.

Definition at line 193 of file eap.h.

◆ __eap_method

#define __eap_method   __table_entry ( EAP_METHODS, 01 )

Declare an EAP method.

Definition at line 196 of file eap.h.

Function Documentation

◆ FILE_LICENCE()

FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL  )

◆ eap_tx_response()

int eap_tx_response ( struct eap_supplicant supplicant,
const void *  rsp,
size_t  rsp_len 
)

Transmit EAP response.

Parameters
supplicantEAP supplicant
rspResponse type data
rsp_lenLength of response type data
Return values
rcReturn status code

Definition at line 47 of file eap.c.

48  {
49  struct net_device *netdev = supplicant->netdev;
50  struct eap_message *msg;
51  size_t len;
52  int rc;
53 
54  /* Allocate and populate response */
55  len = ( sizeof ( *msg ) + rsp_len );
56  msg = malloc ( len );
57  if ( ! msg ) {
58  rc = -ENOMEM;
59  goto err_alloc;
60  }
61  msg->hdr.code = EAP_CODE_RESPONSE;
62  msg->hdr.id = supplicant->id;
63  msg->hdr.len = htons ( len );
64  msg->type = supplicant->type;
65  memcpy ( msg->data, rsp, rsp_len );
66  DBGC ( netdev, "EAP %s Response id %#02x type %d\n",
67  netdev->name, msg->hdr.id, msg->type );
68 
69  /* Transmit response */
70  if ( ( rc = supplicant->tx ( supplicant, msg, len ) ) != 0 ) {
71  DBGC ( netdev, "EAP %s could not transmit: %s\n",
72  netdev->name, strerror ( rc ) );
73  goto err_tx;
74  }
75 
76  err_tx:
77  free ( msg );
78  err_alloc:
79  return rc;
80 }
struct arbelprm_rc_send_wqe rc
Definition: arbel.h:14
void msg(unsigned int row, const char *fmt,...)
Print message centred on specified row.
Definition: message.c:61
#define DBGC(...)
Definition: compiler.h:505
EAP request/response message.
Definition: eap.h:34
uint8_t id
ID for current request/response.
Definition: eap.h:144
#define EAP_CODE_RESPONSE
EAP response.
Definition: eap.h:31
#define ENOMEM
Not enough space.
Definition: errno.h:534
void * memcpy(void *dest, const void *src, size_t len) __nonnull
static struct net_device * netdev
Definition: gdbudp.c:52
uint64_t rsp
Definition: librm.h:267
char * strerror(int errno)
Retrieve string representation of error number.
Definition: strerror.c:78
static void(* free)(struct refcnt *refcnt))
Definition: refcnt.h:54
A network device.
Definition: netdevice.h:352
void * malloc(size_t size)
Allocate memory.
Definition: malloc.c:583
char name[NETDEV_NAME_LEN]
Name of this network device.
Definition: netdevice.h:362
int(* tx)(struct eap_supplicant *supplicant, const void *data, size_t len)
Transmit EAP response.
Definition: eap.h:155
uint8_t type
Type for current request/response.
Definition: eap.h:146
struct net_device * netdev
Network device.
Definition: eap.h:140
uint32_t len
Length.
Definition: ena.h:14
#define htons(value)
Definition: byteswap.h:135

References DBGC, EAP_CODE_RESPONSE, ENOMEM, free, htons, eap_supplicant::id, len, malloc(), memcpy(), msg(), net_device::name, netdev, eap_supplicant::netdev, rc, rsp, strerror(), eap_supplicant::tx, and eap_supplicant::type.

Referenced by eap_rx_identity(), eap_rx_md5(), eap_rx_mschapv2_request(), eap_rx_mschapv2_success(), and eap_tx_nak().

◆ eap_rx()

int eap_rx ( struct eap_supplicant supplicant,
const void *  data,
size_t  len 
)

Handle EAP packet.

Parameters
supplicantEAP supplicant
dataEAP packet
lenLength of EAP packet
Return values
rcReturn status code

Definition at line 263 of file eap.c.

264  {
265  struct net_device *netdev = supplicant->netdev;
266  const union eap_packet *eap = data;
267 
268  /* Sanity check */
269  if ( len < sizeof ( eap->hdr ) ) {
270  DBGC ( netdev, "EAP %s underlength header:\n", netdev->name );
271  DBGC_HDA ( netdev, 0, eap, len );
272  return -EINVAL;
273  }
274 
275  /* Handle according to code */
276  switch ( eap->hdr.code ) {
277  case EAP_CODE_REQUEST:
278  return eap_rx_request ( supplicant, &eap->msg, len );
279  case EAP_CODE_RESPONSE:
280  DBGC2 ( netdev, "EAP %s ignoring response\n", netdev->name );
281  return 0;
282  case EAP_CODE_SUCCESS:
283  return eap_rx_success ( supplicant );
284  case EAP_CODE_FAILURE:
285  return eap_rx_failure ( supplicant );
286  default:
287  DBGC ( netdev, "EAP %s unsupported code %d\n",
288  netdev->name, eap->hdr.code );
289  DBGC_HDA ( netdev, 0, eap, len );
290  return -ENOTSUP;
291  }
292 }
#define EINVAL
Invalid argument.
Definition: errno.h:428
struct eap_message msg
Request/response message.
Definition: eap.h:103
static int eap_rx_failure(struct eap_supplicant *supplicant)
Handle EAP Failure.
Definition: eap.c:244
#define EAP_CODE_REQUEST
EAP request.
Definition: eap.h:28
struct eap_header hdr
Header.
Definition: eap.h:101
#define DBGC(...)
Definition: compiler.h:505
#define ENOTSUP
Operation not supported.
Definition: errno.h:589
#define EAP_CODE_RESPONSE
EAP response.
Definition: eap.h:31
#define EAP_CODE_FAILURE
EAP failure.
Definition: eap.h:96
static int eap_rx_success(struct eap_supplicant *supplicant)
Handle EAP Success.
Definition: eap.c:225
EAP packet.
Definition: eap.h:99
#define DBGC_HDA(...)
Definition: compiler.h:506
static struct net_device * netdev
Definition: gdbudp.c:52
A network device.
Definition: netdevice.h:352
#define EAP_CODE_SUCCESS
EAP success.
Definition: eap.h:93
static int eap_rx_request(struct eap_supplicant *supplicant, const struct eap_message *msg, size_t len)
Handle EAP Request.
Definition: eap.c:176
char name[NETDEV_NAME_LEN]
Name of this network device.
Definition: netdevice.h:362
#define DBGC2(...)
Definition: compiler.h:522
uint8_t code
Code.
Definition: eap.h:20
uint8_t data[48]
Additional event data.
Definition: ena.h:22
struct net_device * netdev
Network device.
Definition: eap.h:140
uint32_t len
Length.
Definition: ena.h:14

References eap_header::code, data, DBGC, DBGC2, DBGC_HDA, EAP_CODE_FAILURE, EAP_CODE_REQUEST, EAP_CODE_RESPONSE, EAP_CODE_SUCCESS, eap_rx_failure(), eap_rx_request(), eap_rx_success(), EINVAL, ENOTSUP, eap_packet::hdr, len, eap_packet::msg, net_device::name, netdev, and eap_supplicant::netdev.

Referenced by eapol_eap_rx().