Lines Matching refs:EAP
2 * EAP peer state machines (RFC 4137)
36 #define STATE_MACHINE_DEBUG_PREFIX "EAP"
92 wpa_printf(MSG_DEBUG, "EAP: deinitialize previously used EAP method "
105 SM_STATE(EAP, INITIALIZE)
107 SM_ENTRY(EAP, INITIALIZE);
110 wpa_printf(MSG_DEBUG, "EAP: maintaining EAP method data for "
128 * the first EAP-Packet */
148 SM_STATE(EAP, DISABLED)
150 SM_ENTRY(EAP, DISABLED);
160 SM_STATE(EAP, IDLE)
162 SM_ENTRY(EAP, IDLE);
167 * This state is entered when an EAP packet is received (eapReq == TRUE) to
170 SM_STATE(EAP, RECEIVED)
175 SM_ENTRY(EAP, RECEIVED);
187 SM_STATE(EAP, GET_METHOD)
192 SM_ENTRY(EAP, GET_METHOD);
200 wpa_printf(MSG_DEBUG, "EAP: vendor %u method %u not allowed",
218 wpa_printf(MSG_DEBUG, "EAP: Using previous method data"
230 wpa_printf(MSG_DEBUG, "EAP: Could not find selected method: "
236 wpa_printf(MSG_DEBUG, "EAP: Initialize selected EAP method: "
248 "EAP: Failed to initialize EAP method: vendor %u "
260 * current EAP packet.
262 wpa_printf(MSG_DEBUG, "EAP: Pending PIN/passphrase "
272 "EAP vendor %u method %u (%s) selected",
287 SM_STATE(EAP, METHOD)
293 SM_ENTRY(EAP, METHOD);
295 wpa_printf(MSG_WARNING, "EAP::METHOD - method not selected");
305 * a single function call to m->process() in order to optimize EAP
325 wpa_printf(MSG_DEBUG, "EAP: method process -> ignore=%s "
351 SM_STATE(EAP, SEND_RESPONSE)
353 SM_ENTRY(EAP, SEND_RESPONSE);
377 SM_STATE(EAP, DISCARD)
379 SM_ENTRY(EAP, DISCARD);
388 SM_STATE(EAP, IDENTITY)
393 SM_ENTRY(EAP, IDENTITY);
406 SM_STATE(EAP, NOTIFICATION)
411 SM_ENTRY(EAP, NOTIFICATION);
423 SM_STATE(EAP, RETRANSMIT)
425 SM_ENTRY(EAP, RETRANSMIT);
441 * and state machine waits here until port is disabled or EAP authentication is
444 SM_STATE(EAP, SUCCESS)
446 SM_ENTRY(EAP, SUCCESS);
462 * processing the received EAP frame.
467 "EAP authentication completed successfully");
473 * until port is disabled or EAP authentication is restarted.
475 SM_STATE(EAP, FAILURE)
477 SM_ENTRY(EAP, FAILURE);
489 * eapNoResp is required to be set after processing the received EAP
495 "EAP authentication failed");
503 * EAP-Success/Failure with lastId + 1 even though RFC 3748 and
505 * Ringmaster v2.1.2.0 would be using lastId + 2 in EAP-Success.
507 * Accept this kind of Id if EAP workarounds are enabled. These are
509 * security implications (bit easier to fake EAP-Success/Failure).
513 wpa_printf(MSG_DEBUG, "EAP: Workaround for unexpected "
514 "identifier field in EAP Success: "
519 wpa_printf(MSG_DEBUG, "EAP: EAP-Success Id mismatch - reqId=%d "
526 * RFC 4137 - Appendix A.1: EAP Peer State Machine - State transitions
528 SM_STEP(EAP)
534 SM_ENTER_GLOBAL(EAP, INITIALIZE);
536 SM_ENTER_GLOBAL(EAP, DISABLED);
538 /* RFC 4137 does not place any limit on number of EAP messages
540 * ended up in a state were EAP messages were sent between the
543 * total number of EAP round-trips and abort authentication if
547 wpa_msg(sm->msg_ctx, MSG_INFO, "EAP: more than %d "
551 SM_ENTER_GLOBAL(EAP, FAILURE);
555 SM_ENTER(EAP, IDLE);
560 SM_ENTER(EAP, INITIALIZE);
566 * PEAP server not sending EAP-Success in some cases.
569 SM_ENTER(EAP, RECEIVED);
574 SM_ENTER(EAP, SUCCESS);
581 SM_ENTER(EAP, FAILURE);
585 SM_ENTER(EAP, SUCCESS);
589 SM_ENTER(EAP, SUCCESS);
597 * verification for duplicate EAP requests. However,
604 wpa_printf(MSG_DEBUG, "EAP: AS used the same Id again,"
605 " but EAP packets were not identical");
606 wpa_printf(MSG_DEBUG, "EAP: workaround - assume this "
613 * around odd LEAP behavior (EAP-Success in the middle of
620 SM_ENTER(EAP, SUCCESS);
629 SM_ENTER(EAP, FAILURE);
631 SM_ENTER(EAP, RETRANSMIT);
635 SM_ENTER(EAP, NOTIFICATION);
639 SM_ENTER(EAP, IDENTITY);
644 SM_ENTER(EAP, GET_METHOD);
648 SM_ENTER(EAP, METHOD);
651 SM_ENTER(EAP, METHOD);
653 SM_ENTER(EAP, DISCARD);
657 SM_ENTER(EAP, METHOD);
659 SM_ENTER(EAP, SEND_RESPONSE);
663 SM_ENTER(EAP, DISCARD);
665 SM_ENTER(EAP, SEND_RESPONSE);
668 SM_ENTER(EAP, IDLE);
671 SM_ENTER(EAP, IDLE);
674 SM_ENTER(EAP, SEND_RESPONSE);
677 SM_ENTER(EAP, SEND_RESPONSE);
680 SM_ENTER(EAP, SEND_RESPONSE);
696 wpa_printf(MSG_DEBUG, "EAP: configuration does not allow: "
702 wpa_printf(MSG_DEBUG, "EAP: not included in build: "
718 wpa_printf(MSG_DEBUG, "EAP: Building expanded EAP-Nak");
741 wpa_printf(MSG_DEBUG, "EAP: allowed type: "
755 wpa_printf(MSG_DEBUG, "EAP: no more allowed methods");
780 wpa_printf(MSG_DEBUG, "EAP: Building EAP-Nak (requested type %u "
820 wpa_hexdump(MSG_DEBUG, "EAP: allowed methods",
836 "EAP authentication started");
842 * displayed. Some EAP implementasitons may piggy-back additional
847 wpa_hexdump_ascii(MSG_DEBUG, "EAP: EAP-Request Identity data",
930 * eap_sm_buildIdentity - Build EAP-Identity/Response for the current network
931 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
932 * @id: EAP identifier for the packet
934 * @encrypted: Whether the packet is for encrypted tunnel (EAP phase 2)
935 * Returns: Pointer to the allocated EAP-Identity/Response packet or %NULL on
938 * This function allocates and builds an EAP-Identity/Response packet for the
951 wpa_printf(MSG_WARNING, "EAP: buildIdentity: configuration "
959 wpa_hexdump_ascii(MSG_DEBUG, "EAP: using method re-auth "
964 wpa_hexdump_ascii(MSG_DEBUG, "EAP: using anonymous identity",
969 wpa_hexdump_ascii(MSG_DEBUG, "EAP: using real identity",
974 wpa_printf(MSG_WARNING, "EAP: buildIdentity: identity "
1022 wpa_hexdump_ascii(MSG_DEBUG, "EAP: EAP-Request Notification data",
1042 wpa_printf(MSG_DEBUG, "EAP: Generating EAP-Response Notification");
1076 wpa_printf(MSG_DEBUG, "EAP: Ignored truncated EAP-Packet "
1091 wpa_printf(MSG_DEBUG, "EAP: Too short EAP-Request - "
1100 wpa_printf(MSG_DEBUG, "EAP: Ignored truncated "
1101 "expanded EAP-Packet (plen=%lu)",
1109 wpa_printf(MSG_DEBUG, "EAP: Received EAP-Request id=%d "
1119 * need to accept EAP-Response frames if LEAP is used.
1122 wpa_printf(MSG_DEBUG, "EAP: Too short "
1123 "EAP-Response - no Type field");
1129 wpa_printf(MSG_DEBUG, "EAP: Received EAP-Response for "
1134 wpa_printf(MSG_DEBUG, "EAP: Ignored EAP-Response");
1137 wpa_printf(MSG_DEBUG, "EAP: Received EAP-Success");
1141 wpa_printf(MSG_DEBUG, "EAP: Received EAP-Failure");
1145 wpa_printf(MSG_DEBUG, "EAP: Ignored EAP-Packet with unknown "
1153 * eap_sm_init - Allocate and initialize EAP state machine
1157 * @conf: EAP configuration
1158 * Returns: Pointer to the allocated EAP state machine or %NULL on failure
1160 * This function allocates and initializes an EAP state machine. In addition,
1161 * this initializes TLS library for the new EAP state machine. eapol_cb pointer
1162 * will be in use until eap_sm_deinit() is used to deinitialize this EAP state
1164 * remains alive while the EAP state machine is active.
1197 * eap_sm_deinit - Deinitialize and free an EAP state machine
1198 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
1200 * This function deinitializes EAP state machine and frees all allocated
1207 eap_deinit_prev_method(sm, "EAP deinit");
1215 * eap_sm_step - Step EAP state machine
1216 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
1217 * Returns: 1 if EAP state was changed or 0 if not
1219 * This function advances EAP state machine to a new state to match with the
1220 * current variables. This should be called whenever variables used by the EAP
1228 SM_STEP_RUN(EAP);
1237 * eap_sm_abort - Abort EAP authentication
1238 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
1241 * session without fully deinitializing the EAP state machine.
1252 /* This is not clearly specified in the EAP statemachines draft, but
1335 * eap_sm_get_status - Get EAP state machine status
1336 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
1342 * Query EAP state machine for status information. This function fills in a
1355 "EAP state=%s\n",
1374 "selectedMethod=%d (EAP-%s)\n",
1506 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
1508 * EAP methods can call this function to request identity information for the
1521 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
1523 * EAP methods can call this function to request password information for the
1536 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
1538 * EAP methods can call this function to request new password information for
1539 * the current network. This is normally called when the EAP method indicates
1551 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
1553 * EAP methods can call this function to request SIM or smart card PIN
1566 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
1570 * EAP methods can call this function to request open time password (OTP) for
1582 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
1584 * EAP methods can call this function to request passphrase for a private key
1597 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
1599 * Notify EAP state machines that a monitor was attached to the control
1610 * interface was added. This handles cases where the EAP authentication
1638 * eap_get_phase2_type - Get EAP type for the given EAP phase 2 method name
1639 * @name: EAP method name, e.g., MD5
1640 * @vendor: Buffer for returning EAP Vendor-Id
1641 * Returns: EAP method type or %EAP_TYPE_NONE if not found
1643 * This function maps EAP type names into EAP type numbers that are allowed for
1645 * EAP-PEAP, EAP-TTLS, and EAP-FAST.
1661 * eap_get_phase2_types - Get list of allowed EAP phase 2 types
1663 * @count: Pointer to a variable to be filled with number of returned EAP types
1666 * This function generates an array of allowed EAP phase 2 (tunneled) types for
1706 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
1716 * eap_set_workaround - Update EAP workarounds setting
1717 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
1718 * @workaround: 1 = Enable EAP workarounds, 0 = Disable EAP workarounds
1728 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
1731 * EAP peer methods should avoid using this function if they can use other
1744 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
1760 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
1776 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
1792 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
1808 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
1828 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
1829 * Returns: 1 if EAP keying material is available, 0 if not
1838 * eap_notify_success - Notify EAP state machine about external success trigger
1839 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
1842 * WPA-PSK key handshake, is indicating that EAP state machine should move to
1843 * success state. This is mainly used with security modes that do not use EAP
1857 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
1859 * Notify EAP state machines that a lower layer has detected a successful
1860 * authentication. This is used to recover from dropped EAP-Success messages.
1877 "EAP authentication completed successfully (based on lower "
1883 * eap_get_eapKeyData - Get master session key (MSK) from EAP state machine
1884 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
1886 * Returns: Pointer to the EAP keying data or %NULL on failure
1888 * Fetch EAP keying material (MSK, eapKeyData) from the EAP state machine. The
1889 * key is available only after a successful authentication. EAP state machine
1906 * eap_get_eapKeyData - Get EAP response data
1907 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
1909 * Returns: Pointer to the EAP response (eapRespData) or %NULL on failure
1911 * Fetch EAP response (eapRespData) from the EAP state machine. This data is
1912 * available when EAP state machine has processed an incoming EAP request. The
1913 * EAP state machine does not maintain a reference to the response after this
1936 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
1939 * Notify EAP state machines of context data for smart card operations. This
1950 * eap_hdr_validate - Validate EAP header
1951 * @vendor: Expected EAP Vendor-Id (0 = IETF)
1952 * @eap_type: Expected EAP type number
1953 * @msg: EAP frame (starting with EAP header)
1956 * Returns: Pointer to EAP payload (after type field), or %NULL on failure
1958 * This is a helper function for EAP method implementations. This is usually
1960 * that the received EAP request packet has a valid header. This function is
1961 * able to process both legacy and expanded EAP headers and in most cases, the
1963 * the payload regardless of whether the packet used the expanded EAP header or
1976 wpa_printf(MSG_INFO, "EAP: Too short EAP frame");
1982 wpa_printf(MSG_INFO, "EAP: Invalid EAP length");
1992 wpa_printf(MSG_INFO, "EAP: Invalid expanded EAP "
2002 wpa_printf(MSG_INFO, "EAP: Invalid expanded frame "
2011 wpa_printf(MSG_INFO, "EAP: Invalid frame type");
2022 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
2036 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
2049 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
2050 * @disabled: 1 = EAP disabled, 0 = EAP enabled
2052 * This function is used to force EAP state machine to be disabled when it is
2062 * eap_msg_alloc - Allocate a buffer for an EAP message
2064 * @type: EAP type
2073 * This function can be used to allocate a buffer for an EAP message and fill
2074 * in the EAP header. This function is automatically using expanded EAP header
2075 * if the selected Vendor-Id is not IETF. In other words, most EAP methods do
2112 * eap_notify_pending - Notify that EAP method is ready to re-process a request
2113 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
2115 * An EAP method can perform a pending operation (e.g., to get a response from
2118 * received (and still unanswered) EAP request to EAP state machine.
2128 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
