Corrected EAP-TLS retries and ids and initial EAPOL-Key handling

Mika Leppänen · Mika Leppänen · commit 6845ab80cef3 · 2019-03-22T13:56:12.000+02:00
On authenticator, if supplicant has already send a reply with an
identifier and the same identifier is received again (e.g. message
repeated on lower layers), EAP-TLS now ignores the message.

Corrected identifier for EAP Success and Failure messages, shall
be same as in last EAP Response.

Disabled EAP-TLS retries from supplicant.

If after authenticator has terminated EAP-TLS, supplicant sends
EAP-TLS packet, authenticator now ignores the packet correctly
and does not handle it as initial EAPOL-Key packet.
diff --git a/source/Security/protocols/eap_tls_sec_prot/auth_eap_tls_sec_prot.c b/source/Security/protocols/eap_tls_sec_prot/auth_eap_tls_sec_prot.c
@@ -60,6 +60,7 @@ typedef struct {
     tls_data_t                    tls_send;         /**< EAP-TLS send buffer */
     tls_data_t                    tls_recv;         /**< EAP-TLS receive buffer */
     uint8_t                       eap_id_seq;       /**< EAP sequence */
+    uint8_t                       recv_eap_id_seq;  /**< Last received EAP sequence */
     uint8_t                       eap_code;         /**< Received EAP code */
     uint8_t                       eap_type;         /**< Received EAP type */
     int8_t                        tls_result;       /**< Result of TLS operation */
@@ -129,6 +130,7 @@ static int8_t auth_eap_tls_sec_prot_init(sec_prot_t *prot)
 
     data->tls_prot = NULL;
     data->eap_id_seq = 0;
+    data->recv_eap_id_seq = 0;
     data->eap_code = 0;
     data->eap_type = 0;
     eap_tls_sec_prot_lib_message_init(&data->tls_recv);
@@ -188,8 +190,14 @@ static int8_t auth_eap_tls_sec_prot_message_handle(sec_prot_t *prot)
     uint16_t length = data->recv_eapol_pdu.msg.eap.length;
 
     bool new_seq_id = false;
-    // Confirmation that supplicant has received the message, proceed with protocol
-    if (data->recv_eapol_pdu.msg.eap.id_seq == data->eap_id_seq) {
+    bool old_seq_id = false;
+
+    // Already received sequence ID is received again, ignore
+    if (data->recv_eapol_pdu.msg.eap.id_seq < data->eap_id_seq) {
+        old_seq_id = true;
+    } else if (data->recv_eapol_pdu.msg.eap.id_seq == data->eap_id_seq) {
+        // Confirmation that supplicant has received the message, proceed with protocol
+        data->recv_eap_id_seq = data->recv_eapol_pdu.msg.eap.id_seq;
         data->eap_id_seq++;
         new_seq_id = true;
     }
@@ -198,6 +206,10 @@ static int8_t auth_eap_tls_sec_prot_message_handle(sec_prot_t *prot)
             data->eap_type == EAP_IDENTITY ? "IDENTITY" : "TLS", data->recv_eapol_pdu.msg.eap.id_seq,
             length >= 6 ? data_ptr[0] : 0, length, trace_array(sec_prot_remote_eui_64_addr_get(prot), 8));
 
+    if (old_seq_id) {
+        return EAP_TLS_MSG_DECODE_ERROR;
+    }
+
     if (data->eap_type == EAP_IDENTITY) {
         return EAP_TLS_MSG_IDENTITY;
     }
@@ -227,7 +239,10 @@ static int8_t auth_eap_tls_sec_prot_message_send(sec_prot_t *prot, uint8_t eap_c
             eap_tls_sec_prot_lib_message_allocate(&data->tls_send, TLS_HEAD_LEN, 0);
             flags = EAP_TLS_START;
         }
-    } else if (eap_code != EAP_SUCCESS && eap_code != EAP_FAILURE) {
+    } else if (eap_code == EAP_SUCCESS || eap_code == EAP_FAILURE) {
+        // Send Success and Failure with same identifier as received in EAP Response
+        data->eap_id_seq = data->recv_eap_id_seq;
+    } else {
         return -1;
     }
 
diff --git a/source/Security/protocols/eap_tls_sec_prot/supp_eap_tls_sec_prot.c b/source/Security/protocols/eap_tls_sec_prot/supp_eap_tls_sec_prot.c
@@ -403,8 +403,8 @@ static void supp_eap_tls_sec_prot_state_machine(sec_prot_t *prot)
         case EAP_TLS_STATE_REQUEST_TLS_EAP:
             // On timeout
             if (sec_prot_result_timeout_check(&data->common)) {
-                // Re-send EAP response, Identity
-                supp_eap_tls_sec_prot_message_send(prot, EAP_RESPONSE, EAP_IDENTITY, EAP_TLS_EXCHANGE_NONE);
+                /* Waits for next trickle expire. If trickle expirations reach the limit,
+                   terminates EAP-TLS */
                 return;
             }
 
@@ -436,8 +436,8 @@ static void supp_eap_tls_sec_prot_state_machine(sec_prot_t *prot)
         case EAP_TLS_STATE_REQUEST:
             // On timeout
             if (sec_prot_result_timeout_check(&data->common)) {
-                // Re-send EAP response
-                supp_eap_tls_sec_prot_message_send(prot, EAP_RESPONSE, EAP_TLS, EAP_TLS_EXCHANGE_ONGOING);
+                /* Waits for next trickle expire. If trickle expirations reach the limit,
+                   terminates EAP-TLS */
                 return;
             }
 
diff --git a/source/Security/protocols/key_sec_prot/key_sec_prot.c b/source/Security/protocols/key_sec_prot/key_sec_prot.c
@@ -198,6 +198,12 @@ static int8_t key_sec_prot_receive(sec_prot_t *prot, void *pdu, uint16_t size)
 
     // Decoding is successful
     if (eapol_parse_pdu_header(pdu, size, &eapol_pdu)) {
+        if (eapol_pdu.packet_type != EAPOL_KEY_TYPE) {
+            tr_info("not EAPOL-Key packet");
+            prot->finished(prot);
+            return -1;
+        }
+
         uint16_t kde_len;
         uint8_t *kde = sec_prot_lib_message_handle(prot->sec_keys->ptk, &kde_len, &eapol_pdu);
         if (!kde) {
