iPXE
Data Structures | Macros | Functions
eap.h File Reference

Extensible Authentication Protocol. More...

#include <stdint.h>
#include <ipxe/netdevice.h>
#include <ipxe/timer.h>
#include <ipxe/tables.h>

Go to the source code of this file.

Data Structures

struct  eap_header
 EAP header. More...
 
struct  eap_message
 EAP request/response message. More...
 
struct  eap_md5
 EAP MD5 challenge request/response type data. More...
 
struct  eap_mschapv2
 EAP MS-CHAPv2 request/response type data. More...
 
union  eap_packet
 EAP packet. More...
 
struct  eap_supplicant
 An EAP supplicant. More...
 
struct  eap_method
 An EAP method. More...
 

Macros

#define EAP_CODE_REQUEST   1
 EAP request. More...
 
#define EAP_CODE_RESPONSE   2
 EAP response. More...
 
#define EAP_TYPE_NONE   0
 EAP "no available types" marker. More...
 
#define EAP_TYPE_IDENTITY   1
 EAP identity. More...
 
#define EAP_TYPE_NAK   3
 EAP NAK. More...
 
#define EAP_TYPE_MD5   4
 EAP MD5 challenge request/response. More...
 
#define EAP_TYPE_MSCHAPV2   26
 EAP MS-CHAPv2 request/response. More...
 
#define EAP_CODE_SUCCESS   3
 EAP success. More...
 
#define EAP_CODE_FAILURE   4
 EAP failure. More...
 
#define EAP_BLOCK_TIMEOUT   ( 45 * TICKS_PER_SEC )
 EAP link block timeout. More...
 
#define EAP_WAIT_TIMEOUT   ( EAP_BLOCK_TIMEOUT * 7 / 8 )
 EAP protocol wait timeout. More...
 
#define EAP_FL_ONGOING   0x0001
 EAP authentication is in progress. More...
 
#define EAP_FL_PASSIVE   0x0002
 EAP supplicant is passive. More...
 
#define EAP_METHODS   __table ( struct eap_method, "eap_methods" )
 EAP method table. More...
 
#define __eap_method   __table_entry ( EAP_METHODS, 01 )
 Declare an EAP method. More...
 

Functions

 FILE_LICENCE (GPL2_OR_LATER_OR_UBDL)
 
 FILE_SECBOOT (PERMITTED)
 
int eap_tx_response (struct eap_supplicant *supplicant, const void *rsp, size_t rsp_len)
 Transmit EAP response. More...
 
int eap_rx (struct eap_supplicant *supplicant, const void *data, size_t len)
 Handle EAP packet. More...
 

Detailed Description

Extensible Authentication Protocol.

Definition in file eap.h.

Macro Definition Documentation

◆ EAP_CODE_REQUEST

#define EAP_CODE_REQUEST   1

EAP request.

Definition at line 29 of file eap.h.

◆ EAP_CODE_RESPONSE

#define EAP_CODE_RESPONSE   2

EAP response.

Definition at line 32 of file eap.h.

◆ EAP_TYPE_NONE

#define EAP_TYPE_NONE   0

EAP "no available types" marker.

Definition at line 45 of file eap.h.

◆ EAP_TYPE_IDENTITY

#define EAP_TYPE_IDENTITY   1

EAP identity.

Definition at line 48 of file eap.h.

◆ EAP_TYPE_NAK

#define EAP_TYPE_NAK   3

EAP NAK.

Definition at line 51 of file eap.h.

◆ EAP_TYPE_MD5

#define EAP_TYPE_MD5   4

EAP MD5 challenge request/response.

Definition at line 54 of file eap.h.

◆ EAP_TYPE_MSCHAPV2

#define EAP_TYPE_MSCHAPV2   26

EAP MS-CHAPv2 request/response.

Definition at line 65 of file eap.h.

◆ EAP_CODE_SUCCESS

#define EAP_CODE_SUCCESS   3

EAP success.

Definition at line 94 of file eap.h.

◆ EAP_CODE_FAILURE

#define EAP_CODE_FAILURE   4

EAP failure.

Definition at line 97 of file eap.h.

◆ EAP_BLOCK_TIMEOUT

#define EAP_BLOCK_TIMEOUT   ( 45 * TICKS_PER_SEC )

EAP link block timeout.

We mark the link as blocked upon receiving a Request-Identity, on the basis that this most likely indicates that the switch will not yet be forwarding packets.

There is no way to tell how frequently the Request-Identity packet will be retransmitted by the switch. The default value for Cisco switches seems to be 30 seconds, so treat the link as blocked for 45 seconds.

Definition at line 118 of file eap.h.

◆ EAP_WAIT_TIMEOUT

#define EAP_WAIT_TIMEOUT   ( EAP_BLOCK_TIMEOUT * 7 / 8 )

EAP protocol wait timeout.

In the EAP model, the supplicant is a pure responder. The model also defines no acknowledgement response for the final Success or Failure "requests". This leaves open the possibility that the final Success or Failure packet is lost, with the supplicant having no way to determine the final authentication status.

Sideband mechanisms such as EAPoL-Start may be used to restart the entire EAP process, as a (crude) workaround for this protocol flaw. When expecting to receive a further EAP request (e.g. an authentication challenge), we may wait for some length of time before triggering this restart. Choose a duration that is shorter than the link block timeout, so that there is no period during which we erroneously leave the link marked as not blocked.

Definition at line 136 of file eap.h.

◆ EAP_FL_ONGOING

#define EAP_FL_ONGOING   0x0001

EAP authentication is in progress.

This indicates that we have received an EAP Request-Identity, but have not yet received a final EAP Success or EAP Failure.

Definition at line 165 of file eap.h.

◆ EAP_FL_PASSIVE

#define EAP_FL_PASSIVE   0x0002

EAP supplicant is passive.

This indicates that the supplicant should not transmit any futher unsolicited packets (e.g. EAPoL-Start for a supplicant running over EAPoL). This could be because authentication has already completed, or because we are relying upon MAC Authentication Bypass (MAB) which may have a very long timeout.

Definition at line 175 of file eap.h.

◆ EAP_METHODS

#define EAP_METHODS   __table ( struct eap_method, "eap_methods" )

EAP method table.

Definition at line 194 of file eap.h.

◆ __eap_method

#define __eap_method   __table_entry ( EAP_METHODS, 01 )

Declare an EAP method.

Definition at line 197 of file eap.h.

Function Documentation

◆ FILE_LICENCE()

FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL  )

◆ FILE_SECBOOT()

FILE_SECBOOT ( PERMITTED  )

◆ eap_tx_response()

int eap_tx_response ( struct eap_supplicant supplicant,
const void *  rsp,
size_t  rsp_len 
)

Transmit EAP response.

Parameters
supplicantEAP supplicant
rspResponse type data
rsp_lenLength of response type data
Return values
rcReturn status code

Definition at line 48 of file eap.c.

49  {
50  struct net_device *netdev = supplicant->netdev;
51  struct eap_message *msg;
52  size_t len;
53  int rc;
54 
55  /* Allocate and populate response */
56  len = ( sizeof ( *msg ) + rsp_len );
57  msg = malloc ( len );
58  if ( ! msg ) {
59  rc = -ENOMEM;
60  goto err_alloc;
61  }
62  msg->hdr.code = EAP_CODE_RESPONSE;
63  msg->hdr.id = supplicant->id;
64  msg->hdr.len = htons ( len );
65  msg->type = supplicant->type;
66  memcpy ( msg->data, rsp, rsp_len );
67  DBGC ( netdev, "EAP %s Response id %#02x type %d\n",
68  netdev->name, msg->hdr.id, msg->type );
69 
70  /* Transmit response */
71  if ( ( rc = supplicant->tx ( supplicant, msg, len ) ) != 0 ) {
72  DBGC ( netdev, "EAP %s could not transmit: %s\n",
73  netdev->name, strerror ( rc ) );
74  goto err_tx;
75  }
76 
77  err_tx:
78  free ( msg );
79  err_alloc:
80  return rc;
81 }
rc
struct arbelprm_rc_send_wqe rc
Definition: arbel.h:14
msg
void msg(unsigned int row, const char *fmt,...)
Print message centred on specified row.
Definition: message.c:62
DBGC
#define DBGC(...)
Definition: compiler.h:505
eap_message
EAP request/response message.
Definition: eap.h:35
eap_supplicant::id
uint8_t id
ID for current request/response.
Definition: eap.h:145
EAP_CODE_RESPONSE
#define EAP_CODE_RESPONSE
EAP response.
Definition: eap.h:32
ENOMEM
#define ENOMEM
Not enough space.
Definition: errno.h:535
memcpy
void * memcpy(void *dest, const void *src, size_t len) __nonnull
len
ring len
Length.
Definition: dwmac.h:231
netdev
static struct net_device * netdev
Definition: gdbudp.c:52
rsp
uint64_t rsp
Definition: librm.h:153
strerror
char * strerror(int errno)
Retrieve string representation of error number.
Definition: strerror.c:79
free
static void(* free)(struct refcnt *refcnt))
Definition: refcnt.h:55
net_device
A network device.
Definition: netdevice.h:353
malloc
void * malloc(size_t size)
Allocate memory.
Definition: malloc.c:621
net_device::name
char name[NETDEV_NAME_LEN]
Name of this network device.
Definition: netdevice.h:363
eap_supplicant::tx
int(* tx)(struct eap_supplicant *supplicant, const void *data, size_t len)
Transmit EAP response.
Definition: eap.h:156
eap_supplicant::type
uint8_t type
Type for current request/response.
Definition: eap.h:147
eap_supplicant::netdev
struct net_device * netdev
Network device.
Definition: eap.h:141
htons
#define htons(value)
Definition: byteswap.h:136

References DBGC, EAP_CODE_RESPONSE, ENOMEM, free, htons, eap_supplicant::id, len, malloc(), memcpy(), msg(), net_device::name, netdev, eap_supplicant::netdev, rc, rsp, strerror(), eap_supplicant::tx, and eap_supplicant::type.

Referenced by eap_rx_identity(), eap_rx_md5(), eap_rx_mschapv2_request(), eap_rx_mschapv2_success(), and eap_tx_nak().

◆ eap_rx()

int eap_rx ( struct eap_supplicant supplicant,
const void *  data,
size_t  len 
)

Handle EAP packet.

Parameters
supplicantEAP supplicant
dataEAP packet
lenLength of EAP packet
Return values
rcReturn status code

Definition at line 264 of file eap.c.

265  {
266  struct net_device *netdev = supplicant->netdev;
267  const union eap_packet *eap = data;
268 
269  /* Sanity check */
270  if ( len < sizeof ( eap->hdr ) ) {
271  DBGC ( netdev, "EAP %s underlength header:\n", netdev->name );
272  DBGC_HDA ( netdev, 0, eap, len );
273  return -EINVAL;
274  }
275 
276  /* Handle according to code */
277  switch ( eap->hdr.code ) {
278  case EAP_CODE_REQUEST:
279  return eap_rx_request ( supplicant, &eap->msg, len );
280  case EAP_CODE_RESPONSE:
281  DBGC2 ( netdev, "EAP %s ignoring response\n", netdev->name );
282  return 0;
283  case EAP_CODE_SUCCESS:
284  return eap_rx_success ( supplicant );
285  case EAP_CODE_FAILURE:
286  return eap_rx_failure ( supplicant );
287  default:
288  DBGC ( netdev, "EAP %s unsupported code %d\n",
289  netdev->name, eap->hdr.code );
290  DBGC_HDA ( netdev, 0, eap, len );
291  return -ENOTSUP;
292  }
293 }
EINVAL
#define EINVAL
Invalid argument.
Definition: errno.h:429
eap_packet::msg
struct eap_message msg
Request/response message.
Definition: eap.h:104
eap_rx_failure
static int eap_rx_failure(struct eap_supplicant *supplicant)
Handle EAP Failure.
Definition: eap.c:245
EAP_CODE_REQUEST
#define EAP_CODE_REQUEST
EAP request.
Definition: eap.h:29
eap_packet::hdr
struct eap_header hdr
Header.
Definition: eap.h:102
DBGC
#define DBGC(...)
Definition: compiler.h:505
ENOTSUP
#define ENOTSUP
Operation not supported.
Definition: errno.h:590
EAP_CODE_RESPONSE
#define EAP_CODE_RESPONSE
EAP response.
Definition: eap.h:32
EAP_CODE_FAILURE
#define EAP_CODE_FAILURE
EAP failure.
Definition: eap.h:97
eap_rx_success
static int eap_rx_success(struct eap_supplicant *supplicant)
Handle EAP Success.
Definition: eap.c:226
eap_packet
EAP packet.
Definition: eap.h:100
DBGC_HDA
#define DBGC_HDA(...)
Definition: compiler.h:506
len
ring len
Length.
Definition: dwmac.h:231
netdev
static struct net_device * netdev
Definition: gdbudp.c:52
net_device
A network device.
Definition: netdevice.h:353
EAP_CODE_SUCCESS
#define EAP_CODE_SUCCESS
EAP success.
Definition: eap.h:94
eap_rx_request
static int eap_rx_request(struct eap_supplicant *supplicant, const struct eap_message *msg, size_t len)
Handle EAP Request.
Definition: eap.c:177
net_device::name
char name[NETDEV_NAME_LEN]
Name of this network device.
Definition: netdevice.h:363
DBGC2
#define DBGC2(...)
Definition: compiler.h:522
eap_header::code
uint8_t code
Code.
Definition: eap.h:21
data
uint8_t data[48]
Additional event data.
Definition: ena.h:22
eap_supplicant::netdev
struct net_device * netdev
Network device.
Definition: eap.h:141

References eap_header::code, data, DBGC, DBGC2, DBGC_HDA, EAP_CODE_FAILURE, EAP_CODE_REQUEST, EAP_CODE_RESPONSE, EAP_CODE_SUCCESS, eap_rx_failure(), eap_rx_request(), eap_rx_success(), EINVAL, ENOTSUP, eap_packet::hdr, len, eap_packet::msg, net_device::name, netdev, and eap_supplicant::netdev.

Referenced by eapol_eap_rx().

Generated by   doxygen 1.8.15