Lines Matching refs:EAP
2 * EAP peer state machines (RFC 4137)
37 #define STATE_MACHINE_DEBUG_PREFIX "EAP"
95 wpa_printf(MSG_DEBUG, "EAP: deinitialize previously used EAP method "
104 * eap_allowed_method - Check whether EAP method is allowed
105 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
107 * @method: EAP type
108 * Returns: 1 = allowed EAP method, 0 = not allowed
134 SM_STATE(EAP, INITIALIZE)
136 SM_ENTRY(EAP, INITIALIZE);
140 wpa_printf(MSG_DEBUG, "EAP: maintaining EAP method data for "
158 * the first EAP-Packet */
179 SM_STATE(EAP, DISABLED)
181 SM_ENTRY(EAP, DISABLED);
191 SM_STATE(EAP, IDLE)
193 SM_ENTRY(EAP, IDLE);
198 * This state is entered when an EAP packet is received (eapReq == TRUE) to
201 SM_STATE(EAP, RECEIVED)
205 SM_ENTRY(EAP, RECEIVED);
217 SM_STATE(EAP, GET_METHOD)
222 SM_ENTRY(EAP, GET_METHOD);
230 wpa_printf(MSG_DEBUG, "EAP: vendor %u method %u not allowed",
254 wpa_printf(MSG_DEBUG, "EAP: Using previous method data"
266 wpa_printf(MSG_DEBUG, "EAP: Could not find selected method: "
274 wpa_printf(MSG_DEBUG, "EAP: Initialize selected EAP method: "
286 "EAP: Failed to initialize EAP method: vendor %u "
298 * current EAP packet.
300 wpa_printf(MSG_DEBUG, "EAP: Pending PIN/passphrase "
310 "EAP vendor %u method %u (%s) selected",
325 SM_STATE(EAP, METHOD)
330 SM_ENTRY(EAP, METHOD);
332 wpa_printf(MSG_WARNING, "EAP::METHOD - method not selected");
342 * a single function call to m->process() in order to optimize EAP
361 wpa_printf(MSG_DEBUG, "EAP: method process -> ignore=%s "
387 SM_STATE(EAP, SEND_RESPONSE)
389 SM_ENTRY(EAP, SEND_RESPONSE);
408 SM_STATE(EAP, DISCARD)
410 SM_ENTRY(EAP, DISCARD);
419 SM_STATE(EAP, IDENTITY)
423 SM_ENTRY(EAP, IDENTITY);
435 SM_STATE(EAP, NOTIFICATION)
439 SM_ENTRY(EAP, NOTIFICATION);
451 SM_STATE(EAP, RETRANSMIT)
453 SM_ENTRY(EAP, RETRANSMIT);
464 * and state machine waits here until port is disabled or EAP authentication is
467 SM_STATE(EAP, SUCCESS)
469 SM_ENTRY(EAP, SUCCESS);
485 * processing the received EAP frame.
490 "EAP authentication completed successfully");
496 * until port is disabled or EAP authentication is restarted.
498 SM_STATE(EAP, FAILURE)
500 SM_ENTRY(EAP, FAILURE);
512 * eapNoResp is required to be set after processing the received EAP
518 "EAP authentication failed");
528 * EAP-Success/Failure with lastId + 1 even though RFC 3748 and
530 * Ringmaster v2.1.2.0 would be using lastId + 2 in EAP-Success.
532 * Accept this kind of Id if EAP workarounds are enabled. These are
534 * security implications (bit easier to fake EAP-Success/Failure).
538 wpa_printf(MSG_DEBUG, "EAP: Workaround for unexpected "
539 "identifier field in EAP Success: "
544 wpa_printf(MSG_DEBUG, "EAP: EAP-Success Id mismatch - reqId=%d "
551 * RFC 4137 - Appendix A.1: EAP Peer State Machine - State transitions
559 * not sending EAP-Success in some cases.
562 SM_ENTER(EAP, RECEIVED);
567 SM_ENTER(EAP, SUCCESS);
574 SM_ENTER(EAP, FAILURE);
578 SM_ENTER(EAP, SUCCESS);
582 SM_ENTER(EAP, SUCCESS);
595 * duplicate EAP requests. However, this misses cases where the
601 wpa_printf(MSG_DEBUG, "EAP: AS used the same Id again, but "
602 "EAP packets were not identical");
603 wpa_printf(MSG_DEBUG, "EAP: workaround - assume this is not a "
618 * odd LEAP behavior (EAP-Success in the middle of authentication and
624 SM_ENTER(EAP, SUCCESS);
633 SM_ENTER(EAP, FAILURE);
635 SM_ENTER(EAP, RETRANSMIT);
639 SM_ENTER(EAP, NOTIFICATION);
643 SM_ENTER(EAP, IDENTITY);
648 SM_ENTER(EAP, GET_METHOD);
652 SM_ENTER(EAP, METHOD);
655 SM_ENTER(EAP, METHOD);
657 SM_ENTER(EAP, DISCARD);
665 SM_ENTER(EAP, IDLE);
670 SM_ENTER(EAP, INITIALIZE);
680 SM_ENTER(EAP, METHOD);
682 SM_ENTER(EAP, SEND_RESPONSE);
686 SM_ENTER(EAP, DISCARD);
688 SM_ENTER(EAP, SEND_RESPONSE);
691 SM_ENTER(EAP, IDLE);
694 SM_ENTER(EAP, IDLE);
697 SM_ENTER(EAP, SEND_RESPONSE);
700 SM_ENTER(EAP, SEND_RESPONSE);
703 SM_ENTER(EAP, SEND_RESPONSE);
713 SM_STEP(EAP)
718 SM_ENTER_GLOBAL(EAP, INITIALIZE);
720 SM_ENTER_GLOBAL(EAP, DISABLED);
722 /* RFC 4137 does not place any limit on number of EAP messages
724 * ended up in a state were EAP messages were sent between the
727 * total number of EAP round-trips and abort authentication if
731 wpa_msg(sm->msg_ctx, MSG_INFO, "EAP: more than %d "
735 SM_ENTER_GLOBAL(EAP, FAILURE);
748 wpa_printf(MSG_DEBUG, "EAP: configuration does not allow: "
754 wpa_printf(MSG_DEBUG, "EAP: not included in build: "
768 wpa_printf(MSG_DEBUG, "EAP: Building expanded EAP-Nak");
784 wpa_printf(MSG_DEBUG, "EAP: allowed type: "
795 wpa_printf(MSG_DEBUG, "EAP: no more allowed methods");
815 wpa_printf(MSG_DEBUG, "EAP: Building EAP-Nak (requested type %u "
848 wpa_hexdump(MSG_DEBUG, "EAP: allowed methods", start, found);
863 "EAP authentication started");
869 * displayed. Some EAP implementasitons may piggy-back additional
874 wpa_hexdump_ascii(MSG_DEBUG, "EAP: EAP-Request Identity data",
960 * eap_sm_buildIdentity - Build EAP-Identity/Response for the current network
961 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
962 * @id: EAP identifier for the packet
963 * @encrypted: Whether the packet is for encrypted tunnel (EAP phase 2)
964 * Returns: Pointer to the allocated EAP-Identity/Response packet or %NULL on
967 * This function allocates and builds an EAP-Identity/Response packet for the
978 wpa_printf(MSG_WARNING, "EAP: buildIdentity: configuration "
986 wpa_hexdump_ascii(MSG_DEBUG, "EAP: using method re-auth "
991 wpa_hexdump_ascii(MSG_DEBUG, "EAP: using anonymous identity",
996 wpa_hexdump_ascii(MSG_DEBUG, "EAP: using real identity",
1001 wpa_printf(MSG_WARNING, "EAP: buildIdentity: identity "
1040 wpa_hexdump_ascii(MSG_DEBUG, "EAP: EAP-Request Notification data",
1059 wpa_printf(MSG_DEBUG, "EAP: Generating EAP-Response Notification");
1087 wpa_printf(MSG_DEBUG, "EAP: Ignored truncated EAP-Packet "
1105 wpa_printf(MSG_DEBUG, "EAP: Too short EAP-Request - "
1114 wpa_printf(MSG_DEBUG, "EAP: Ignored truncated "
1115 "expanded EAP-Packet (plen=%lu)",
1123 wpa_printf(MSG_DEBUG, "EAP: Received EAP-Request id=%d "
1133 * need to accept EAP-Response frames if LEAP is used.
1136 wpa_printf(MSG_DEBUG, "EAP: Too short "
1137 "EAP-Response - no Type field");
1143 wpa_printf(MSG_DEBUG, "EAP: Received EAP-Response for "
1148 wpa_printf(MSG_DEBUG, "EAP: Ignored EAP-Response");
1151 wpa_printf(MSG_DEBUG, "EAP: Received EAP-Success");
1155 wpa_printf(MSG_DEBUG, "EAP: Received EAP-Failure");
1159 EAP: Ignored EAP-Packet with unknown "
1207 * eap_peer_sm_init - Allocate and initialize EAP peer state machine
1211 * @conf: EAP configuration
1212 * Returns: Pointer to the allocated EAP state machine or %NULL on failure
1214 * This function allocates and initializes an EAP state machine. In addition,
1215 * this initializes TLS library for the new EAP state machine. eapol_cb pointer
1216 * will be in use until eap_peer_sm_deinit() is used to deinitialize this EAP
1218 * structure remains alive while the EAP state machine is active.
1258 * eap_peer_sm_deinit - Deinitialize and free an EAP peer state machine
1259 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1261 * This function deinitializes EAP state machine and frees all allocated
1268 eap_deinit_prev_method(sm, "EAP deinit");
1276 * eap_peer_sm_step - Step EAP peer state machine
1277 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1278 * Returns: 1 if EAP state was changed or 0 if not
1280 * This function advances EAP state machine to a new state to match with the
1281 * current variables. This should be called whenever variables used by the EAP
1289 SM_STEP_RUN(EAP);
1298 * eap_sm_abort - Abort EAP authentication
1299 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1302 * session without fully deinitializing the EAP state machine.
1313 /* This is not clearly specified in the EAP statemachines draft, but
1396 * eap_sm_get_status - Get EAP state machine status
1397 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1403 * Query EAP state machine for status information. This function fills in a
1416 "EAP state=%s\n",
1435 "selectedMethod=%d (EAP-%s)\n",
1553 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1555 * EAP methods can call this function to request identity information for the
1568 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1570 * EAP methods can call this function to request password information for the
1583 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1585 * EAP methods can call this function to request new password information for
1586 * the current network. This is normally called when the EAP method indicates
1598 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1600 * EAP methods can call this function to request SIM or smart card PIN
1613 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1617 * EAP methods can call this function to request open time password (OTP) for
1629 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1631 * EAP methods can call this function to request passphrase for a private key
1644 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1646 * Notify EAP state machines that a monitor was attached to the control
1657 * interface was added. This handles cases where the EAP authentication
1685 * eap_get_phase2_type - Get EAP type for the given EAP phase 2 method name
1686 * @name: EAP method name, e.g., MD5
1687 * @vendor: Buffer for returning EAP Vendor-Id
1688 * Returns: EAP method type or %EAP_TYPE_NONE if not found
1690 * This function maps EAP type names into EAP type numbers that are allowed for
1692 * EAP-PEAP, EAP-TTLS, and EAP-FAST.
1708 * eap_get_phase2_types - Get list of allowed EAP phase 2 types
1710 * @count: Pointer to a variable to be filled with number of returned EAP types
1713 * This function generates an array of allowed EAP phase 2 (tunneled) types for
1753 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1763 * eap_set_workaround - Update EAP workarounds setting
1764 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1765 * @workaround: 1 = Enable EAP workarounds, 0 = Disable EAP workarounds
1775 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1778 * EAP peer methods should avoid using this function if they can use other
1791 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1807 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1823 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1844 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1860 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1876 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1896 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1910 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1933 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1934 * Returns: 1 if EAP keying material is available, 0 if not
1943 * eap_notify_success - Notify EAP state machine about external success trigger
1944 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1947 * WPA-PSK key handshake, is indicating that EAP state machine should move to
1948 * success state. This is mainly used with security modes that do not use EAP
1962 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1964 * Notify EAP state machines that a lower layer has detected a successful
1965 * authentication. This is used to recover from dropped EAP-Success messages.
1982 "EAP authentication completed successfully (based on lower "
1988 * eap_get_eapKeyData - Get master session key (MSK) from EAP state machine
1989 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1991 * Returns: Pointer to the EAP keying data or %NULL on failure
1993 * Fetch EAP keying material (MSK, eapKeyData) from the EAP state machine. The
1994 * key is available only after a successful authentication. EAP state machine
2011 * eap_get_eapKeyData - Get EAP response data
2012 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
2013 * Returns: Pointer to the EAP response (eapRespData) or %NULL on failure
2015 * Fetch EAP response (eapRespData) from the EAP state machine. This data is
2016 * available when EAP state machine has processed an incoming EAP request. The
2017 * EAP state machine does not maintain a reference to the response after this
2036 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
2039 * Notify EAP state machines of context data for smart card operations. This
2051 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
2067 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
2084 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
2085 * @disabled: 1 = EAP disabled, 0 = EAP enabled
2087 * This function is used to force EAP state machine to be disabled when it is
2097 * eap_notify_pending - Notify that EAP method is ready to re-process a request
2098 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
2100 * An EAP method can perform a pending operation (e.g., to get a response from
2103 * received (and still unanswered) EAP request to EAP state machine.
2113 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
