From 432cc6d1d8d7c8e8b8fd690c9720a26f09c3f26c Mon Sep 17 00:00:00 2001 From: Joshua Oreman Date: Fri, 7 Aug 2009 22:31:25 -0700 Subject: [eapol] Add basic support for 802.1X EAP over LANs EAPOL is a container protocol that can wrap either EAP packets or 802.11 EAPOL-Key frames. For cleanliness' sake, add a stub that strips the framing and sends packets off to the appropriate handler if it is compiled in. Signed-off-by: Marty Connor --- src/include/gpxe/eapol.h | 112 ++++++++++++++++++++++++++++++++++++++++++++ src/include/gpxe/errfile.h | 1 + src/include/gpxe/if_ether.h | 1 + src/net/eapol.c | 85 +++++++++++++++++++++++++++++++++ 4 files changed, 199 insertions(+) create mode 100644 src/include/gpxe/eapol.h create mode 100644 src/net/eapol.c diff --git a/src/include/gpxe/eapol.h b/src/include/gpxe/eapol.h new file mode 100644 index 00000000..c9855d09 --- /dev/null +++ b/src/include/gpxe/eapol.h @@ -0,0 +1,112 @@ +/* + * Copyright (c) 2009 Joshua Oreman . + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#ifndef _GPXE_EAPOL_H +#define _GPXE_EAPOL_H + +/** @file + * + * Definitions for EAPOL (Extensible Authentication Protocol over + * LANs) frames. Definitions for the packets usually encapsulated in + * them are elsewhere. + */ + +#include +#include + +FILE_LICENCE ( GPL2_OR_LATER ); + + +/** + * @defgroup eapol_type EAPOL archetype identifiers + * @{ + */ +#define EAPOL_TYPE_EAP 0 /**< EAP authentication handshake packet */ +#define EAPOL_TYPE_START 1 /**< Request by Peer to begin (no data) */ +#define EAPOL_TYPE_LOGOFF 2 /**< Request by Peer to terminate (no data) */ +#define EAPOL_TYPE_KEY 3 /**< EAPOL-Key packet */ +/** @} */ + +/** Expected EAPOL version field value + * + * Version 2 is often seen and has no format differences from version 1; + * however, many older APs will completely drop version-2 packets, so + * we advertise ourselves as version 1. + */ +#define EAPOL_THIS_VERSION 1 + +/** Length of an EAPOL frame header */ +#define EAPOL_HDR_LEN 4 + +/** An EAPOL frame + * + * This may encapsulate an eap_pkt, an eapol_key_pkt, or a Start or + * Logoff request with no data attached. It is transmitted directly in + * an Ethernet frame, with no IP packet header. + */ +struct eapol_frame +{ + /** EAPOL version identifier, always 1 */ + u8 version; + + /** EAPOL archetype identifier indicating format of payload */ + u8 type; + + /** Length of payload, in network byte order */ + u16 length; + + /** Payload, if @a type is EAP or EAPOL-Key */ + u8 data[0]; +} __attribute__ (( packed )); + + +/** An EAPOL frame type handler + * + * Normally there will be at most two of these, one for EAP and one + * for EAPOL-Key frames. The EAPOL interface code handles Start and + * Logoff directly. + */ +struct eapol_handler +{ + /** EAPOL archetype identifier for payload this handler will handle */ + u8 type; + + /** Receive EAPOL-encapsulated packet of specified type + * + * @v iob I/O buffer containing packet payload + * @v netdev Network device from which packet was received + * @v ll_source Source link-layer address from which packet was received + * @ret rc Return status code + * + * The I/O buffer will have the EAPOL header pulled off it, so + * @c iob->data points to the first byte of the payload. + * + * This function takes ownership of the I/O buffer passed to it. + */ + int ( * rx ) ( struct io_buffer *iob, struct net_device *netdev, + const void *ll_source ); +}; + +#define EAPOL_HANDLERS __table ( struct eapol_handler, "eapol_handlers" ) +#define __eapol_handler __table_entry ( EAPOL_HANDLERS, 01 ) + + +extern struct net_protocol eapol_protocol __net_protocol; + + +#endif /* _GPXE_EAPOL_H */ diff --git a/src/include/gpxe/errfile.h b/src/include/gpxe/errfile.h index 8a997e1a..f68b9b7b 100644 --- a/src/include/gpxe/errfile.h +++ b/src/include/gpxe/errfile.h @@ -160,6 +160,7 @@ FILE_LICENCE ( GPL2_OR_LATER ); #define ERRFILE_ib_srp ( ERRFILE_NET | 0x00220000 ) #define ERRFILE_sec80211 ( ERRFILE_NET | 0x00230000 ) #define ERRFILE_wep ( ERRFILE_NET | 0x00240000 ) +#define ERRFILE_eapol ( ERRFILE_NET | 0x00250000 ) #define ERRFILE_image ( ERRFILE_IMAGE | 0x00000000 ) #define ERRFILE_elf ( ERRFILE_IMAGE | 0x00010000 ) diff --git a/src/include/gpxe/if_ether.h b/src/include/gpxe/if_ether.h index 57f8e121..b96bee08 100644 --- a/src/include/gpxe/if_ether.h +++ b/src/include/gpxe/if_ether.h @@ -20,6 +20,7 @@ FILE_LICENCE ( GPL2_OR_LATER ); #define ETH_P_RARP 0x8035 /* Reverse Address resolution Protocol */ #define ETH_P_IPV6 0x86DD /* IPv6 over blueblook */ #define ETH_P_SLOW 0x8809 /* Ethernet slow protocols */ +#define ETH_P_EAPOL 0x888E /* 802.1X EAP over LANs */ #define ETH_P_AOE 0x88A2 /* ATA over Ethernet */ /** An Ethernet link-layer header */ diff --git a/src/net/eapol.c b/src/net/eapol.c new file mode 100644 index 00000000..507c8ce2 --- /dev/null +++ b/src/net/eapol.c @@ -0,0 +1,85 @@ +/* + * Copyright (c) 2009 Joshua Oreman . + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +FILE_LICENCE ( GPL2_OR_LATER ); + +/** @file + * + * 802.1X Extensible Authentication Protocol over LANs demultiplexer + * + */ + +#include +#include +#include +#include +#include +#include + +/** + * Receive EAPOL network-layer packet + * + * @v iob I/O buffer + * @v netdev Network device + * @v ll_source Link-layer source address + * + * This function takes ownership of the I/O buffer passed to it. + */ +static int eapol_rx ( struct io_buffer *iob, struct net_device *netdev, + const void *ll_source ) +{ + struct eapol_frame *eapol = iob->data; + struct eapol_handler *handler; + + if ( iob_len ( iob ) < EAPOL_HDR_LEN ) { + free_iob ( iob ); + return -EINVAL; + } + + for_each_table_entry ( handler, EAPOL_HANDLERS ) { + if ( handler->type == eapol->type ) { + iob_pull ( iob, EAPOL_HDR_LEN ); + return handler->rx ( iob, netdev, ll_source ); + } + } + + free_iob ( iob ); + return -( ENOTSUP | ( ( eapol->type & 0x1f ) << 8 ) ); +} + +/** + * Transcribe EAPOL network-layer address + * + * @v net_addr Network-layer address + * @ret str String representation of network-layer address + * + * EAPOL doesn't have network-layer addresses, so we just return the + * string @c "". + */ +static const char * eapol_ntoa ( const void *net_addr __unused ) +{ + return ""; +} + +/** EAPOL network protocol */ +struct net_protocol eapol_protocol __net_protocol = { + .name = "EAPOL", + .rx = eapol_rx, + .ntoa = eapol_ntoa, + .net_proto = htons ( ETH_P_EAPOL ), +}; -- cgit v1.2.3-55-g7522