iPXE
eapol.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2021 Michael Brown <mbrown@fensystems.co.uk>.
3  *
4  * This program is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU General Public License as
6  * published by the Free Software Foundation; either version 2 of the
7  * License, or any later version.
8  *
9  * This program is distributed in the hope that it will be useful, but
10  * WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12  * General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not, write to the Free Software
16  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
17  * 02110-1301, USA.
18  *
19  * You can also choose to distribute this program under the terms of
20  * the Unmodified Binary Distribution Licence (as given in the file
21  * COPYING.UBDL), provided that you have satisfied its requirements.
22  */
23 
24 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
25 
26 #include <string.h>
27 #include <assert.h>
28 #include <errno.h>
29 #include <byteswap.h>
30 #include <ipxe/iobuf.h>
31 #include <ipxe/if_ether.h>
32 #include <ipxe/if_arp.h>
33 #include <ipxe/netdevice.h>
34 #include <ipxe/vlan.h>
35 #include <ipxe/retry.h>
36 #include <ipxe/eap.h>
37 #include <ipxe/eapol.h>
38 
39 /** @file
40  *
41  * Extensible Authentication Protocol over LAN (EAPoL)
42  *
43  */
44 
45 struct net_driver eapol_driver __net_driver;
46 
47 /** EAPoL destination MAC address */
48 static const uint8_t eapol_mac[ETH_ALEN] = {
49  0x01, 0x80, 0xc2, 0x00, 0x00, 0x03
50 };
51 
52 /**
53  * Process EAPoL packet
54  *
55  * @v iobuf I/O buffer
56  * @v netdev Network device
57  * @v ll_dest Link-layer destination address
58  * @v ll_source Link-layer source address
59  * @v flags Packet flags
60  * @ret rc Return status code
61  */
62 static int eapol_rx ( struct io_buffer *iobuf, struct net_device *netdev,
63  const void *ll_dest __unused, const void *ll_source,
64  unsigned int flags __unused ) {
65  struct eapol_supplicant *supplicant;
66  struct eapol_header *eapol;
67  struct eapol_handler *handler;
68  size_t remaining;
69  size_t len;
70  int rc;
71 
72  /* Find matching supplicant */
73  supplicant = netdev_priv ( netdev, &eapol_driver );
74 
75  /* Ignore non-EAPoL devices */
76  if ( ! supplicant->eap.netdev ) {
77  DBGC ( netdev, "EAPOL %s is not an EAPoL device\n",
78  netdev->name );
79  DBGC_HDA ( netdev, 0, iobuf->data, iob_len ( iobuf ) );
80  rc = -ENOTTY;
81  goto drop;
82  }
83 
84  /* Sanity checks */
85  if ( iob_len ( iobuf ) < sizeof ( *eapol ) ) {
86  DBGC ( netdev, "EAPOL %s underlength header:\n",
87  netdev->name );
88  DBGC_HDA ( netdev, 0, iobuf->data, iob_len ( iobuf ) );
89  rc = -EINVAL;
90  goto drop;
91  }
92  eapol = iobuf->data;
93  remaining = ( iob_len ( iobuf ) - sizeof ( *eapol ) );
94  len = ntohs ( eapol->len );
95  if ( len > remaining ) {
96  DBGC ( netdev, "EAPOL %s v%d type %d len %zd underlength "
97  "payload:\n", netdev->name, eapol->version,
98  eapol->type, len );
99  DBGC_HDA ( netdev, 0, iobuf->data, iob_len ( iobuf ) );
100  rc = -EINVAL;
101  goto drop;
102  }
103 
104  /* Strip any trailing padding */
105  iob_unput ( iobuf, ( len - remaining ) );
106 
107  /* Handle according to type */
108  for_each_table_entry ( handler, EAPOL_HANDLERS ) {
109  if ( handler->type == eapol->type ) {
110  return handler->rx ( supplicant, iob_disown ( iobuf ),
111  ll_source );
112  }
113  }
114  rc = -ENOTSUP;
115  DBGC ( netdev, "EAPOL %s v%d type %d unsupported\n",
116  netdev->name, eapol->version, eapol->type );
117  DBGC_HDA ( netdev, 0, iobuf->data, iob_len ( iobuf ) );
118 
119  drop:
120  free_iob ( iobuf );
121  return rc;
122 }
123 
124 /** EAPoL protocol */
125 struct net_protocol eapol_protocol __net_protocol = {
126  .name = "EAPOL",
127  .net_proto = htons ( ETH_P_EAPOL ),
128  .rx = eapol_rx,
129 };
130 
131 /**
132  * Process EAPoL-encapsulated EAP packet
133  *
134  * @v supplicant EAPoL supplicant
135  * @v ll_source Link-layer source address
136  * @ret rc Return status code
137  */
138 static int eapol_eap_rx ( struct eapol_supplicant *supplicant,
139  struct io_buffer *iobuf,
140  const void *ll_source __unused ) {
141  struct net_device *netdev = supplicant->eap.netdev;
142  struct eapol_header *eapol;
143  int rc;
144 
145  /* Sanity check */
146  assert ( iob_len ( iobuf ) >= sizeof ( *eapol ) );
147 
148  /* Strip EAPoL header */
149  eapol = iob_pull ( iobuf, sizeof ( *eapol ) );
150 
151  /* Process EAP packet */
152  if ( ( rc = eap_rx ( &supplicant->eap, iobuf->data,
153  iob_len ( iobuf ) ) ) != 0 ) {
154  DBGC ( netdev, "EAPOL %s v%d EAP failed: %s\n",
155  netdev->name, eapol->version, strerror ( rc ) );
156  goto drop;
157  }
158 
159  /* Update EAPoL-Start transmission timer */
160  if ( supplicant->eap.flags & EAP_FL_PASSIVE ) {
161  /* Stop sending EAPoL-Start */
162  if ( timer_running ( &supplicant->timer ) ) {
163  DBGC ( netdev, "EAPOL %s becoming passive\n",
164  netdev->name );
165  }
166  stop_timer ( &supplicant->timer );
167  } else if ( supplicant->eap.flags & EAP_FL_ONGOING ) {
168  /* Delay EAPoL-Start until after next expected packet */
169  DBGC ( netdev, "EAPOL %s deferring Start\n", netdev->name );
170  start_timer_fixed ( &supplicant->timer, EAP_WAIT_TIMEOUT );
171  supplicant->count = 0;
172  }
173 
174  drop:
175  free_iob ( iobuf );
176  return rc;
177 }
178 
179 /** EAPoL handler for EAP packets */
180 struct eapol_handler eapol_eap __eapol_handler = {
181  .type = EAPOL_TYPE_EAP,
182  .rx = eapol_eap_rx,
183 };
184 
185 /**
186  * Transmit EAPoL packet
187  *
188  * @v supplicant EAPoL supplicant
189  * @v type Packet type
190  * @v data Packet body
191  * @v len Length of packet body
192  * @ret rc Return status code
193  */
194 static int eapol_tx ( struct eapol_supplicant *supplicant, unsigned int type,
195  const void *data, size_t len ) {
196  struct net_device *netdev = supplicant->eap.netdev;
197  struct io_buffer *iobuf;
198  struct eapol_header *eapol;
199  int rc;
200 
201  /* Allocate I/O buffer */
202  iobuf = alloc_iob ( MAX_LL_HEADER_LEN + sizeof ( *eapol ) + len );
203  if ( ! iobuf )
204  return -ENOMEM;
205  iob_reserve ( iobuf, MAX_LL_HEADER_LEN );
206 
207  /* Construct EAPoL header */
208  eapol = iob_put ( iobuf, sizeof ( *eapol ) );
209  eapol->version = EAPOL_VERSION_2001;
210  eapol->type = type;
211  eapol->len = htons ( len );
212 
213  /* Append packet body */
214  memcpy ( iob_put ( iobuf, len ), data, len );
215 
216  /* Transmit packet */
217  if ( ( rc = net_tx ( iob_disown ( iobuf ), netdev, &eapol_protocol,
218  &eapol_mac, netdev->ll_addr ) ) != 0 ) {
219  DBGC ( netdev, "EAPOL %s could not transmit type %d: %s\n",
220  netdev->name, type, strerror ( rc ) );
221  DBGC_HDA ( netdev, 0, data, len );
222  return rc;
223  }
224 
225  return 0;
226 }
227 
228 /**
229  * Transmit EAPoL-encapsulated EAP packet
230  *
231  * @v supplicant EAPoL supplicant
232  * @v ll_source Link-layer source address
233  * @ret rc Return status code
234  */
235 static int eapol_eap_tx ( struct eap_supplicant *eap, const void *data,
236  size_t len ) {
237  struct eapol_supplicant *supplicant =
238  container_of ( eap, struct eapol_supplicant, eap );
239 
240  /* Transmit encapsulated packet */
241  return eapol_tx ( supplicant, EAPOL_TYPE_EAP, data, len );
242 }
243 
244 /**
245  * (Re)transmit EAPoL-Start packet
246  *
247  * @v timer EAPoL-Start timer
248  * @v expired Failure indicator
249  */
250 static void eapol_expired ( struct retry_timer *timer, int fail __unused ) {
251  struct eapol_supplicant *supplicant =
252  container_of ( timer, struct eapol_supplicant, timer );
253  struct net_device *netdev = supplicant->eap.netdev;
254 
255  /* Stop transmitting after maximum number of attempts */
256  if ( supplicant->count++ >= EAPOL_START_COUNT ) {
257  DBGC ( netdev, "EAPOL %s giving up\n", netdev->name );
258  return;
259  }
260 
261  /* Schedule next transmission */
262  start_timer_fixed ( timer, EAPOL_START_INTERVAL );
263 
264  /* Transmit EAPoL-Start, ignoring errors */
265  DBGC2 ( netdev, "EAPOL %s transmitting Start\n", netdev->name );
266  eapol_tx ( supplicant, EAPOL_TYPE_START, NULL, 0 );
267 }
268 
269 /**
270  * Create EAPoL supplicant
271  *
272  * @v netdev Network device
273  * @v priv Private data
274  * @ret rc Return status code
275  */
276 static int eapol_probe ( struct net_device *netdev, void *priv ) {
277  struct eapol_supplicant *supplicant = priv;
278  struct ll_protocol *ll_protocol = netdev->ll_protocol;
279 
280  /* Ignore non-EAPoL devices */
281  if ( ll_protocol->ll_proto != htons ( ARPHRD_ETHER ) )
282  return 0;
283  if ( vlan_tag ( netdev ) )
284  return 0;
285 
286  /* Initialise structure */
287  supplicant->eap.netdev = netdev;
288  supplicant->eap.tx = eapol_eap_tx;
289  timer_init ( &supplicant->timer, eapol_expired, &netdev->refcnt );
290 
291  return 0;
292 }
293 
294 /**
295  * Handle EAPoL supplicant state change
296  *
297  * @v netdev Network device
298  * @v priv Private data
299  */
300 static void eapol_notify ( struct net_device *netdev, void *priv ) {
301  struct eapol_supplicant *supplicant = priv;
302 
303  /* Ignore non-EAPoL devices */
304  if ( ! supplicant->eap.netdev )
305  return;
306 
307  /* Terminate and reset EAP when link goes down */
308  if ( ! ( netdev_is_open ( netdev ) && netdev_link_ok ( netdev ) ) ) {
309  if ( timer_running ( &supplicant->timer ) ) {
310  DBGC ( netdev, "EAPOL %s shutting down\n",
311  netdev->name );
312  }
313  supplicant->eap.flags = 0;
314  stop_timer ( &supplicant->timer );
315  return;
316  }
317 
318  /* Do nothing if EAP is already in progress */
319  if ( timer_running ( &supplicant->timer ) )
320  return;
321 
322  /* Do nothing if EAP has already finished transmitting */
323  if ( supplicant->eap.flags & EAP_FL_PASSIVE )
324  return;
325 
326  /* Otherwise, start sending EAPoL-Start */
327  start_timer_nodelay ( &supplicant->timer );
328  supplicant->count = 0;
329  DBGC ( netdev, "EAPOL %s starting up\n", netdev->name );
330 }
331 
332 /** EAPoL driver */
333 struct net_driver eapol_driver __net_driver = {
334  .name = "EAPoL",
335  .priv_len = sizeof ( struct eapol_supplicant ),
336  .probe = eapol_probe,
337  .notify = eapol_notify,
338 };
iob_pull
#define iob_pull(iobuf, len)
Definition: iobuf.h:106
eapol_header::len
uint16_t len
Payload length.
Definition: eapol.h:24
EINVAL
#define EINVAL
Invalid argument.
Definition: errno.h:428
rc
struct arbelprm_rc_send_wqe rc
Definition: arbel.h:14
net_protocol::name
const char * name
Protocol name.
Definition: netdevice.h:66
__net_driver
struct net_driver eapol_driver __net_driver
EAPoL driver.
Definition: eapol.c:45
iob_put
#define iob_put(iobuf, len)
Definition: iobuf.h:124
start_timer_nodelay
static void start_timer_nodelay(struct retry_timer *timer)
Start timer with no delay.
Definition: retry.h:99
__net_protocol
struct net_protocol eapol_protocol __net_protocol
EAPoL protocol.
Definition: eapol.c:125
eapol_eap_rx
static int eapol_eap_rx(struct eapol_supplicant *supplicant, struct io_buffer *iobuf, const void *ll_source __unused)
Process EAPoL-encapsulated EAP packet.
Definition: eapol.c:138
eapol_eap_tx
static int eapol_eap_tx(struct eap_supplicant *eap, const void *data, size_t len)
Transmit EAPoL-encapsulated EAP packet.
Definition: eapol.c:235
errno.h
Error codes.
FILE_LICENCE
FILE_LICENCE(GPL2_OR_LATER_OR_UBDL)
iobuf.h
I/O buffers.
free_iob
void free_iob(struct io_buffer *iobuf)
Free I/O buffer.
Definition: iobuf.c:152
type
uint32_t type
Operating system type.
Definition: ena.h:12
retry.h
Retry timers.
EAPOL_START_INTERVAL
#define EAPOL_START_INTERVAL
Delay between EAPoL-Start packets.
Definition: eapol.h:50
DBGC
#define DBGC(...)
Definition: compiler.h:505
retry_timer
A retry timer.
Definition: retry.h:21
eapol_rx
static int eapol_rx(struct io_buffer *iobuf, struct net_device *netdev, const void *ll_dest __unused, const void *ll_source, unsigned int flags __unused)
Process EAPoL packet.
Definition: eapol.c:62
eap_supplicant
An EAP supplicant.
Definition: eap.h:138
eapol_expired
static void eapol_expired(struct retry_timer *timer, int fail __unused)
(Re)transmit EAPoL-Start packet
Definition: eapol.c:250
eap_rx
int eap_rx(struct eap_supplicant *supplicant, const void *data, size_t len)
Handle EAP packet.
Definition: eap.c:263
ntohs
#define ntohs(value)
Definition: byteswap.h:136
if_ether.h
EAPOL_HANDLERS
#define EAPOL_HANDLERS
EAPoL handler table.
Definition: eapol.h:74
alloc_iob
struct io_buffer * alloc_iob(size_t len)
Allocate I/O buffer.
Definition: iobuf.c:130
net_driver
A network upper-layer driver.
Definition: netdevice.h:476
ll_protocol
A link-layer protocol.
Definition: netdevice.h:114
if_arp.h
Address Resolution Protocol constants and types.
ENOTSUP
#define ENOTSUP
Operation not supported.
Definition: errno.h:589
timer
A timer.
Definition: timer.h:28
eapol_mac
static const uint8_t eapol_mac[ETH_ALEN]
EAPoL destination MAC address.
Definition: eapol.c:48
ENOMEM
#define ENOMEM
Not enough space.
Definition: errno.h:534
iob_disown
#define iob_disown(iobuf)
Disown an I/O buffer.
Definition: iobuf.h:216
memcpy
void * memcpy(void *dest, const void *src, size_t len) __nonnull
net_driver::name
const char * name
Name.
Definition: netdevice.h:478
eapol_header
EAPoL header.
Definition: eapol.h:18
netdev_is_open
static int netdev_is_open(struct net_device *netdev)
Check whether or not network device is open.
Definition: netdevice.h:661
assert.h
Assertions.
assert
assert((readw(&hdr->flags) &(GTF_reading|GTF_writing))==0)
container_of
#define container_of(ptr, type, field)
Get containing structure.
Definition: stddef.h:35
netdev_priv
void * netdev_priv(struct net_device *netdev, struct net_driver *driver)
Get network device driver private data.
Definition: netdevice.c:152
DBGC_HDA
#define DBGC_HDA(...)
Definition: compiler.h:506
__unused
#define __unused
Declare a variable or data structure as unused.
Definition: compiler.h:573
len
ring len
Length.
Definition: dwmac.h:231
netdev_link_ok
static int netdev_link_ok(struct net_device *netdev)
Check link state of network device.
Definition: netdevice.h:639
eapol_supplicant::eap
struct eap_supplicant eap
EAP supplicant.
Definition: eapol.h:42
netdev
static struct net_device * netdev
Definition: gdbudp.c:52
EAP_FL_PASSIVE
#define EAP_FL_PASSIVE
EAP supplicant is passive.
Definition: eap.h:174
MAX_LL_HEADER_LEN
#define MAX_LL_HEADER_LEN
Maximum length of a link-layer header.
Definition: netdevice.h:45
eapol.h
Extensible Authentication Protocol over LAN (EAPoL)
EAP_FL_ONGOING
#define EAP_FL_ONGOING
EAP authentication is in progress.
Definition: eap.h:164
eapol_handler
An EAPoL handler.
Definition: eapol.h:56
eapol_notify
static void eapol_notify(struct net_device *netdev, void *priv)
Handle EAPoL supplicant state change.
Definition: eapol.c:300
iob_unput
#define iob_unput(iobuf, len)
Definition: iobuf.h:139
flags
uint8_t flags
Flags.
Definition: ena.h:18
strerror
char * strerror(int errno)
Retrieve string representation of error number.
Definition: strerror.c:78
net_device::refcnt
struct refcnt refcnt
Reference counter.
Definition: netdevice.h:354
iob_len
static size_t iob_len(struct io_buffer *iobuf)
Calculate length of data in an I/O buffer.
Definition: iobuf.h:159
EAPOL_VERSION_2001
#define EAPOL_VERSION_2001
802.1X-2001
Definition: eapol.h:28
for_each_table_entry
#define for_each_table_entry(pointer, table)
Iterate through all entries within a linker table.
Definition: tables.h:385
net_device
A network device.
Definition: netdevice.h:352
uint8_t
unsigned char uint8_t
Definition: stdint.h:10
EAPOL_TYPE_EAP
#define EAPOL_TYPE_EAP
EAPoL-encapsulated EAP packets.
Definition: eapol.h:31
ETH_ALEN
#define ETH_ALEN
Definition: if_ether.h:8
EAPOL_TYPE_START
#define EAPOL_TYPE_START
EAPoL start.
Definition: eapol.h:34
eapol_handler::rx
int(* rx)(struct eapol_supplicant *supplicant, struct io_buffer *iobuf, const void *ll_source)
Process received packet.
Definition: eapol.h:69
ll_protocol::ll_proto
uint16_t ll_proto
Link-layer protocol.
Definition: netdevice.h:194
eapol_header::type
uint8_t type
Type.
Definition: eapol.h:22
net_protocol
A network-layer protocol.
Definition: netdevice.h:64
netdevice.h
Network device management.
start_timer_fixed
void start_timer_fixed(struct retry_timer *timer, unsigned long timeout)
Start timer with a specified timeout.
Definition: retry.c:64
iob_reserve
#define iob_reserve(iobuf, len)
Definition: iobuf.h:71
stop_timer
void stop_timer(struct retry_timer *timer)
Stop timer.
Definition: retry.c:117
net_device::name
char name[NETDEV_NAME_LEN]
Name of this network device.
Definition: netdevice.h:362
eap_supplicant::tx
int(* tx)(struct eap_supplicant *supplicant, const void *data, size_t len)
Transmit EAP response.
Definition: eap.h:155
net_tx
int net_tx(struct io_buffer *iobuf, struct net_device *netdev, struct net_protocol *net_protocol, const void *ll_dest, const void *ll_source)
Transmit network-layer packet.
Definition: netdevice.c:1073
DBGC2
#define DBGC2(...)
Definition: compiler.h:522
priv
static struct tlan_private * priv
Definition: tlan.c:225
ENOTTY
#define ENOTTY
Inappropriate I/O control operation.
Definition: errno.h:594
eapol_supplicant::timer
struct retry_timer timer
EAPoL-Start retransmission timer.
Definition: eapol.h:44
io_buffer::data
void * data
Start of data.
Definition: iobuf.h:52
eapol_header::version
uint8_t version
Version.
Definition: eapol.h:20
eapol_probe
static int eapol_probe(struct net_device *netdev, void *priv)
Create EAPoL supplicant.
Definition: eapol.c:276
EAP_WAIT_TIMEOUT
#define EAP_WAIT_TIMEOUT
EAP protocol wait timeout.
Definition: eap.h:135
data
uint8_t data[48]
Additional event data.
Definition: ena.h:22
vlan.h
Virtual LANs.
eapol_supplicant::count
unsigned int count
EAPoL-Start transmission count.
Definition: eapol.h:46
eap_supplicant::netdev
struct net_device * netdev
Network device.
Definition: eap.h:140
eapol_supplicant
An EAPoL supplicant.
Definition: eapol.h:40
EAPOL_START_COUNT
#define EAPOL_START_COUNT
Maximum number of EAPoL-Start packets to transmit.
Definition: eapol.h:53
ETH_P_EAPOL
#define ETH_P_EAPOL
Definition: if_ether.h:24
net_device::ll_addr
uint8_t ll_addr[MAX_LL_ADDR_LEN]
Link-layer address.
Definition: netdevice.h:387
vlan_tag
static unsigned int vlan_tag(struct net_device *netdev)
Get the VLAN tag.
Definition: vlan.h:73
ARPHRD_ETHER
#define ARPHRD_ETHER
Ethernet 10Mbps.
Definition: if_arp.h:16
NULL
#define NULL
NULL pointer (VOID *)
Definition: Base.h:321
eapol_handler::type
uint8_t type
Type.
Definition: eapol.h:58
string.h
String functions.
htons
#define htons(value)
Definition: byteswap.h:135
eapol_tx
static int eapol_tx(struct eapol_supplicant *supplicant, unsigned int type, const void *data, size_t len)
Transmit EAPoL packet.
Definition: eapol.c:194
__eapol_handler
struct eapol_handler eapol_eap __eapol_handler
EAPoL handler for EAP packets.
Definition: eapol.c:180
net_device::ll_protocol
struct ll_protocol * ll_protocol
Link-layer protocol.
Definition: netdevice.h:372
eap.h
Extensible Authentication Protocol.
eap_supplicant::flags
uint16_t flags
Flags.
Definition: eap.h:142
io_buffer
A persistent I/O buffer.
Definition: iobuf.h:37
Generated by   doxygen 1.8.15