idnits 2.17.1 draft-ietf-pana-statemachine-10.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** The document seems to lack a License Notice according IETF Trust Provisions of 28 Dec 2009, Section 6.b.i or Provisions of 12 Sep 2009 Section 6.b -- however, there's a paragraph with a matching beginning. Boilerplate error? (You're using the IETF Trust Provisions' Section 6.b License Notice from 12 Feb 2009 rather than one of the newer Notices. See https://trustee.ietf.org/license-info/.) Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (April 2, 2009) is 5503 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Missing Reference: 'C' is mentioned on line 1165, but not defined == Missing Reference: 'S' is mentioned on line 1091, but not defined == Missing Reference: 'P' is mentioned on line 1207, but not defined == Missing Reference: 'A' is mentioned on line 1210, but not defined Summary: 1 error (**), 0 flaws (~~), 5 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 PANA Working Group V. Fajardo, Ed. 3 Internet-Draft Y. Ohba 4 Intended status: Informational TARI 5 Expires: October 4, 2009 R. Lopez 6 Univ. of Murcia 7 April 2, 2009 9 State Machines for Protocol for Carrying Authentication for Network 10 Access (PANA) 11 draft-ietf-pana-statemachine-10 13 Status of this Memo 15 This Internet-Draft is submitted to IETF in full conformance with the 16 provisions of BCP 78 and BCP 79. 18 Internet-Drafts are working documents of the Internet Engineering 19 Task Force (IETF), its areas, and its working groups. Note that 20 other groups may also distribute working documents as Internet- 21 Drafts. 23 Internet-Drafts are draft documents valid for a maximum of six months 24 and may be updated, replaced, or obsoleted by other documents at any 25 time. It is inappropriate to use Internet-Drafts as reference 26 material or to cite them other than as "work in progress." 28 The list of current Internet-Drafts can be accessed at 29 http://www.ietf.org/ietf/1id-abstracts.txt. 31 The list of Internet-Draft Shadow Directories can be accessed at 32 http://www.ietf.org/shadow.html. 34 This Internet-Draft will expire on October 4, 2009. 36 Copyright Notice 38 Copyright (c) 2009 IETF Trust and the persons identified as the 39 document authors. All rights reserved. 41 This document is subject to BCP 78 and the IETF Trust's Legal 42 Provisions Relating to IETF Documents in effect on the date of 43 publication of this document (http://trustee.ietf.org/license-info). 44 Please review these documents carefully, as they describe your rights 45 and restrictions with respect to this document. 47 Abstract 49 This document defines the conceptual state machines for the Protocol 50 for Carrying Authentication for Network Access (PANA). The state 51 machines consist of the PANA Client (PaC) state machine and the PANA 52 Authentication Agent (PAA) state machine. The two state machines 53 show how PANA can interface with the EAP state machines. The state 54 machines and associated model are informative only. Implementations 55 may achieve the same results using different methods. 57 Table of Contents 59 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 60 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 61 3. Interface Between PANA and EAP . . . . . . . . . . . . . . . . 6 62 4. Document Authority . . . . . . . . . . . . . . . . . . . . . . 8 63 5. Notations . . . . . . . . . . . . . . . . . . . . . . . . . . 9 64 6. Common Rules . . . . . . . . . . . . . . . . . . . . . . . . . 11 65 6.1. Common Procedures . . . . . . . . . . . . . . . . . . . . 11 66 6.2. Common Variables . . . . . . . . . . . . . . . . . . . . . 13 67 6.3. Configurable Values . . . . . . . . . . . . . . . . . . . 15 68 6.4. Common Message Initialization Rules . . . . . . . . . . . 15 69 6.5. Common Retransmition Rules . . . . . . . . . . . . . . . . 15 70 6.6. Common State Transitions . . . . . . . . . . . . . . . . . 15 71 7. PaC State Machine . . . . . . . . . . . . . . . . . . . . . . 18 72 7.1. Interface between PaC and EAP Peer . . . . . . . . . . . . 18 73 7.1.1. Delivering EAP Messages from PaC to EAP Peer . . . . . 18 74 7.1.2. Delivering EAP Messages from EAP Peer to PaC . . . . . 18 75 7.1.3. EAP Restart Notification from PaC to EAP Peer . . . . 18 76 7.1.4. EAP Authentication Result Notification from EAP 77 Peer to PaC . . . . . . . . . . . . . . . . . . . . . 19 78 7.1.5. Alternate Failure Notification from PaC to EAP Peer . 19 79 7.2. Configurable Values . . . . . . . . . . . . . . . . . . . 19 80 7.3. Variables . . . . . . . . . . . . . . . . . . . . . . . . 19 81 7.4. Procedures . . . . . . . . . . . . . . . . . . . . . . . . 20 82 7.5. PaC State Transition Table . . . . . . . . . . . . . . . . 20 83 8. PAA State Machine . . . . . . . . . . . . . . . . . . . . . . 26 84 8.1. Interface between PAA and EAP Authenticator . . . . . . . 26 85 8.1.1. EAP Restart Notification from PAA to EAP 86 Authenticator . . . . . . . . . . . . . . . . . . . . 26 87 8.1.2. Delivering EAP Responses from PAA to EAP 88 Authenticator . . . . . . . . . . . . . . . . . . . . 26 89 8.1.3. Delivering EAP Messages from EAP Authenticator to 90 PAA . . . . . . . . . . . . . . . . . . . . . . . . . 26 91 8.1.4. EAP Authentication Result Notification from EAP 92 Authenticator to PAA . . . . . . . . . . . . . . . . . 26 93 8.2. Variables . . . . . . . . . . . . . . . . . . . . . . . . 27 94 8.3. Procedures . . . . . . . . . . . . . . . . . . . . . . . . 28 95 8.4. PAA State Transition Table . . . . . . . . . . . . . . . . 28 96 9. Implementation Considerations . . . . . . . . . . . . . . . . 34 97 9.1. PAA and PaC Interface to Service Management Entity . . . . 34 98 10. Security Considerations . . . . . . . . . . . . . . . . . . . 35 99 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 36 100 12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 37 101 13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 38 102 13.1. Normative References . . . . . . . . . . . . . . . . . . . 38 103 13.2. Informative References . . . . . . . . . . . . . . . . . . 38 104 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 39 106 1. Introduction 108 This document defines the state machines for Protocol Carrying 109 Authentication for Network Access (PANA) [RFC5191]. There are state 110 machines for the PANA client (PaC) and for the PANA Authentication 111 Agent (PAA). Each state machine is specified through a set of 112 variables, procedures and a state transition table. 114 A PANA protocol execution consists of several exchanges to carry 115 authentication information. Specifically, EAP PDUs are transported 116 inside PANA PDUs between PaC and PAA, that is PANA represents a lower 117 layer for EAP protocol. Thus, a PANA state machine bases its 118 execution on an EAP state machine execution and vice versa. Thus 119 this document also shows for each of PaC and PAA an interface between 120 an EAP state machine and a PANA state machine and how this interface 121 allows to exchange information between them. Thanks to this 122 interface, a PANA state machine can be informed about several events 123 generated in an EAP state machine and make its execution conditional 124 to its events. 126 The details of EAP state machines are out of the scope of this 127 document. Additional information can be found in [RFC4137]. 128 Nevertheless PANA state machines presented here have been coordinated 129 with state machines shown by [RFC4137]. 131 This document, apart from defining PaC and PAA state machines and 132 their interfaces to EAP state machines (running on top of PANA), 133 provides some implementation considerations, taking into account that 134 it is not a specification but an implementation guideline. 136 2. Terminology 138 This document reuses the terminology used in [RFC5191]. 140 3. Interface Between PANA and EAP 142 PANA carries EAP messages exchanged between an EAP peer and an EAP 143 authenticator (see Figure 1). Thus a PANA state machine interacts 144 with an EAP state machine. 146 Two state machines are defined in this document : the PaC state 147 machine (see Section 7) and the PAA state machine (see Section 8). 148 The definition of each state machine consists of a set of variables, 149 procedures and a state transition table. A subset of these variables 150 and procedures defines the interface between a PANA state machine and 151 an EAP state machine and the state transition table defines the PANA 152 state machine behavior based on results obtained through them. 154 On the one hand, the PaC state machine interacts with an EAP peer 155 state machine in order to carry out the PANA protocol on the PaC 156 side. On the other hand, the PAA state machine interacts with an EAP 157 authenticator state machine to run the PANA protocol on the PAA side. 159 Peer |EAP Auth 160 EAP <---------|------------> EAP 161 ^ | | ^ | 162 | | | EAP-Message | | EAP-Message 163 EAP-Message | |EAP-Message | | | 164 | v |PANA | v 165 PaC <---------|------------> PAA 167 Figure 1: Interface between PANA and EAP 169 Thus two interfaces are needed between PANA state machines and EAP 170 state machines, namely: 172 o Interface between the PaC state machine and the EAP peer state 173 machine 175 o Interface between the PAA state machine and the EAP authenticator 176 state machine 178 In general, the PaC and PAA state machines present EAP messages to 179 the EAP peer and authenticator state machines through the interface, 180 respectively. The EAP peer and authenticator state machines process 181 these messages and sends EAP messages through the PaC and PAA state 182 machines that is responsible for actually transmitting this message, 183 respectively. 185 For example, [RFC4137] specifies four interfaces to lower layers: (i) 186 an interface between the EAP peer state machine and a lower layer, 187 (ii) an interface between the EAP standalone authenticator state 188 machine and a lower layer, (iii) an interface between the EAP full 189 authenticator state machine and a lower layer and (iv) an interface 190 between the EAP backend authenticator state machine and a lower 191 layer. In this document, the PANA protocol is the lower layer of EAP 192 and only the first three interfaces are of interest to PANA. The 193 second and third interfaces are the same. In this regard, the EAP 194 standalone authenticator or the EAP full authenticator and its state 195 machine in [RFC4137] are referred to as the EAP authenticator and the 196 EAP authenticator state machine, respectively, in this document. If 197 an EAP peer and an EAP authenticator follow the state machines 198 defined in [RFC4137], the interfaces between PANA and EAP could be 199 based on that document. Detailed definition of interfaces between 200 PANA and EAP are described in the subsequent sections. 202 4. Document Authority 204 This document is intended to comply with the technical contents of 205 any of the related documents ([RFC5191] and [RFC4137]). When there 206 is a discrepancy, the related documents are considered authoritative 207 and they take precedence over this document. 209 5. Notations 211 The following state transition tables are completed mostly based on 212 the conventions specified in [RFC4137]. The complete text is 213 described below. 215 State transition tables are used to represent the operation of the 216 protocol by a number of cooperating state machines each comprising a 217 group of connected, mutually exclusive states. Only one state of 218 each machine can be active at any given time. 220 All permissible transitions from a given state to other states and 221 associated actions performed when the transitions occur are 222 represented by using triplets of (exit condition, exit action, exit 223 state). All conditions are expressions that evaluate to TRUE or 224 FALSE; if a condition evaluates to TRUE, then the condition is met. 225 A state "ANY" is a wildcard state that matches any state in each 226 state machine except those explicity enumerated as exception states. 227 The exit conditions of a wildcard state are evaluated after all other 228 exit conditions of specific to the current state are met. 230 On exit from a state, the exit actions defined for the state and the 231 exit condition are executed exactly once, in the order that they 232 appear. (Note that the procedures defined in [RFC4137] are executed 233 on entry to a state, which is one major difference from this 234 document.) Each exit action is deemed to be atomic; i.e., execution 235 of an exit action completes before the next sequential exit action 236 starts to execute. No exit action execute outside of a state block. 237 The exit actions in only one state block execute at a time even if 238 the conditions for execution of state blocks in different state 239 machines are satisfied. All exit actions in an executing state block 240 complete execution before the transition to and execution of any 241 other state blocks. The execution of any state block appears to be 242 atomic with respect to the execution of any other state block and the 243 transition condition to that state from the previous state is TRUE 244 when execution commences. The order of execution of state blocks in 245 different state machines is undefined except as constrained by their 246 transition conditions. A variable that is set to a particular value 247 in a state block retains this value until a subsequent state block 248 executes an exit action that modifies the value. 250 On completion of the transition from the previous state to the 251 current state, all exit conditions occurring during the current state 252 (including exit conditions defined for the wildcard state) are 253 evaluated until an exit condition for that state is met. 255 Any event variable is set to TRUE when the corresponding event occurs 256 and set to FALSE immediately after completion of the action 257 associated with the current state and the event. 259 The interpretation of the special symbols and operators used is 260 defined in [RFC4137]. 262 6. Common Rules 264 There are following procedures, variables, message initializing rules 265 and state transitions that are common to both the PaC and PAA state 266 machines. 268 Throughout this document, the character string "PANA_MESSAGE_NAME" 269 matches any one of the abbreviated PANA message names, i.e., "PCI", 270 "PAR", "PAN", "PTR", "PTA", "PNR", "PNA". 272 6.1. Common Procedures 274 void None() 276 A null procedure, i.e., nothing is done. 278 void Disconnect() 280 A procedure to delete the PANA session as well as the 281 corresponding EAP session and authorization state. 283 boolean Authorize() 285 A procedure to create or modify authorization state. It returns 286 TRUE if authorization is successful. Otherwise, it returns FALSE. 287 It is assumed that Authorize() procedure of PaC state machine 288 always returns TRUE. In the case that a non-key-generating EAP 289 method is used but a PANA SA is required after successful 290 authentication (generate_pana_sa() returns TRUE), Authorize() 291 procedure must return FALSE. 293 void Tx:PANA_MESSAGE_NAME[flag](AVPs) 295 A procedure to send a PANA message to its peering PANA entity. 296 The "flag" argument contains one or more flag (e.g., Tx:PAR[C]) to 297 be set to the message, except for 'R' (Request) flag. The "AVPs" 298 contains a list of names of optional AVPs to be inserted in the 299 message, except for AUTH AVP. 301 This procedure includes the following action before actual 302 transmission: 304 if (flag==S) 305 PANA_MESSAGE_NAME.S_flag=Set; 306 if (flag==C) 307 PANA_MESSAGE_NAME.C_flag=Set; 308 if (flag==A) 309 PANA_MESSAGE_NAME.A_flag=Set; 310 if (flag==P) 311 PANA_MESSAGE_NAME.P_flag=Set; 312 PANA_MESSAGE_NAME.insert_avp(AVPs); 313 if (key_available()) 314 PANA_MESSAGE_NANE.insert_avp("AUTH"); 316 void TxEAP() 318 A procedure to send an EAP message to the EAP state machine it 319 interfaces to. 321 void RtxTimerStart() 323 A procedure to start the retransmission timer, reset RTX_COUNTER 324 variable to zero and set an appropriate value to RTX_MAX_NUM 325 variable. Note that RTX_MAX_NUM is assumed to be set to the same 326 default value for all messages. However, implementations may also 327 reset RTX_MAX_NUM in this procedure and its value may vary 328 depending on the message that was sent. 330 void RtxTimerStop() 332 A procedure to stop the retransmission timer. 334 void SessionTimerReStart(TIMEOUT) 336 A procedure to (re)start PANA session timer. TIMEOUT specifies 337 the expiration time associated of the session timer. Expiration 338 of TIMEOUT will trigger a SESS_TIMEOUT event. 340 void SessionTimerStop() 342 A procedure to stop the current PANA session timer. 344 void Retransmit() 346 A procedure to retransmit a PANA message and increment RTX_COUNTER 347 by one(1). 349 void EAP_Restart() 351 A procedure to (re)start an EAP conversation resulting in the re- 352 initialization of an existing EAP session. 354 void PANA_MESSAGE_NAME.insert_avp("AVP_NAME1", "AVP_NAME2",...) 356 A procedure to insert AVPs for each specified AVP name in the list 357 of AVP names in the PANA message. When an AVP name ends with "*", 358 zero, one or more AVPs are inserted, otherwise one AVP is 359 inserted. 361 boolean PANA_MESSAGE_NAME.exist_avp("AVP_NAME") 363 A procedure that checks whether an AVP of the specified AVP name 364 exists in the specified PANA message and returns TRUE if the 365 specified AVP is found, otherwise returns FALSE. 367 boolean generate_pana_sa() 369 A procedure to check whether the EAP method being used generates 370 keys and that a PANA SA will be established on successful 371 authentication. For the PaC, the procedure is also used to check 372 and match the PRF and Integrity algorithm AVPs advertised by the 373 PAA in PAR[S] message. For the PAA, it is used to indicate 374 whether a PRF and Integrity algorithm AVPs will be sent in the 375 PAR[S]. This procedure will return true if a PANA SA will be 376 generated. Otherwise, it returns FALSE. 378 boolean key_available() 380 A procedure to check whether the PANA session has a PANA_AUTH_KEY. 381 If the state machine already has a PANA_AUTH_KEY, it returns TRUE. 382 If the state machine does not have a PANA_AUTH_KEY, it tries to 383 retrieve an MSK from the EAP entity. If an MSK is retrieved, it 384 computes a PANA_AUTH_KEY from the MSK and returns TRUE. 385 Otherwise, it returns FALSE. 387 6.2. Common Variables 389 PAR.RESULT_CODE 391 This variable contains the Result-Code AVP value in the PANA-Auth- 392 Request message in process. When this variable carries 393 PANA_SUCCESS it is assumed that the PAR message always contains an 394 EAP-Payload AVP which carries an EAP-Success message. 396 NONCE_SENT 398 This variable is set to TRUE to indicate that a Nonce-AVP has 399 already been sent. Otherwise it is set to FALSE. 401 RTX_COUNTER 403 This variable contains the current number of retransmissions of 404 the outstanding PANA message. 406 Rx:PANA_MESSAGE_NAME[flag] 408 This event variable is set to TRUE when the specified PANA message 409 is received from its peering PANA entity. The "flag" contains a 410 flag (e.g., Rx:PAR[C]), except for 'R' (Request) flag. 412 RTX_TIMEOUT 414 This event variable is set to TRUE when the retransmission timer 415 is expired. 417 REAUTH 419 This event variable is set to TRUE when an initiation of re- 420 authentication phase is triggered. This event variable can only 421 be set while in the OPEN state. 423 TERMINATE 425 This event variable is set to TRUE when initiation of PANA session 426 termination is triggered. This event variable can only be set 427 while in the OPEN state. 429 PANA_PING 431 This event variable is set to TRUE when initiation of liveness 432 test based on PANA-Notification exchange is triggered. This event 433 variable can only be set while in the OPEN state. 435 SESS_TIMEOUT 437 This event is variable is set to TRUE when the session timer has 438 expired. 440 LIFETIME_SESS_TIMEOUT 442 Configurable value used by the PaC and PAA to close or disconnect 443 an established session in the access phase. This variable 444 indicates the expiration of the session and is set to the value of 445 Session-Lifetime AVP if present in the last PANA-Auth-Request 446 message in the case of the PaC. Otherwise, it is assumed that the 447 value is infinite and therefore has no expiration. Expiration of 448 LIFETIME_SESS_TIMEOUT will cause the event variable SESS_TIMEOUT 449 to be set. 451 ANY 453 This event variable is set to TRUE when any event occurs. 455 6.3. Configurable Values 457 RTX_MAX_NUM 459 Configurable maximum for how many retransmissions should be 460 attempted before aborting. 462 6.4. Common Message Initialization Rules 464 When a message is prepared for sending, it is initialized as follows: 466 o For a request message, R-flag of the header is set. Otherwise, 467 R-flag is not set. 469 o Other message header flags are not set. They are set explicitly 470 by specific state machine actions. 472 o AVPs that are mandatory included in a message are inserted with 473 appropriate values set. 475 6.5. Common Retransmition Rules 477 The state machines defined in this document assumes that the PaC and 478 the PAA caches the last transmitted answer message. This scheme is 479 described in Sec 5.2 of [RFC5191]. When the PaC or PAA receives a 480 re-transmitted or duplicate request, it would be able to re-send the 481 corresponding answer without any aid from the EAP layer. However, to 482 simplify the state machine description, this caching scheme is 483 omitted in the state machines below. In the case that there is not 484 corresponding answer to a re-transmitted request, the request will be 485 handled by the corresponding statemachine. 487 6.6. Common State Transitions 489 The following transitions can occur at any state with exemptions 490 explicitly noted. 492 ---------- 493 State: ANY 494 ---------- 496 Exit Condition Exit Action Exit State 497 ------------------------+--------------------------+------------ 498 - - - - - - - - - - - - - (Re-transmissions)- - - - - - - - - - 499 RTX_TIMEOUT && Retransmit(); (no change) 500 RTX_COUNTER< 501 RTX_MAX_NUM 502 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 503 - - - - - - - (Reach maximum number of transmissions)- - - - - - 504 (RTX_TIMEOUT && Disconnect(); CLOSED 505 RTX_COUNTER>= 506 RTX_MAX_NUM) || 507 SESS_TIMEOUT 508 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 510 ------------------------- 511 State: ANY except INITIAL 512 ------------------------- 514 Exit Condition Exit Action Exit State 515 ------------------------+--------------------------+------------ 516 - - - - - - - - - - (liveness test initiated by peer)- - - - - - 517 Rx:PNR[P] Tx:PNA[P](); (no change) 519 ------------------------------- 520 State: ANY except WAIT_PNA_PING 521 ------------------------------- 523 Exit Condition Exit Action Exit State 524 ------------------------+--------------------------+------------ 525 - - - - - - - - - - - - (liveness test response) - - - - - - - - 526 Rx:PNA[P] None(); (no change) 528 The following transitions can occur on any exit condition within the 529 specified state. 531 ------------- 532 State: CLOSED 533 ------------- 535 Exit Condition Exit Action Exit State 536 ------------------------+--------------------------+------------ 537 - - - - - - - -(Catch all event on closed state) - - - - - - - - 538 ANY None(); CLOSED 539 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 541 7. PaC State Machine 543 7.1. Interface between PaC and EAP Peer 545 This interface defines the interactions between a PaC and an EAP 546 peer. The interface serves as a mechanism to deliver EAP messages 547 for the EAP peer. It allows the EAP peer to receive EAP requests and 548 send EAP responses via the PaC. It also provides a mechanism to 549 notify the EAP peer of PaC events and a mechanism to receive 550 notification of EAP peer events. The EAP message delivery mechanism 551 as well as the event notification mechanism in this interface have 552 direct correlation with the PaC state transition table entries. 553 These message delivery and event notifications mechanisms occur only 554 within the context of their associated states or exit actions. 556 7.1.1. Delivering EAP Messages from PaC to EAP Peer 558 TxEAP() procedure in the PaC state machine serves as the mechanism to 559 deliver EAP messages contained in PANA-Auth-Request messages to the 560 EAP peer. This procedure is enabled only after an EAP restart event 561 is notified to the EAP peer and before any event resulting in a 562 termination of the EAP peer session. In the case where the EAP peer 563 follows the EAP peer state machine defined in [RFC4137], TxEAP() 564 procedure sets eapReq variable of the EAP peer state machine and puts 565 the EAP request in eapReqData variable of the EAP peer state machine. 567 7.1.2. Delivering EAP Messages from EAP Peer to PaC 569 An EAP message is delivered from the EAP peer to the PaC via 570 EAP_RESPONSE event variable. The event variable is set when the EAP 571 peer passes the EAP message to its lower-layer. In the case where 572 the EAP peer follows the EAP peer state machine defined in [RFC4137], 573 EAP_RESPONSE event variable refers to eapResp variable of the EAP 574 peer state machine and the EAP message is contained in eapRespData 575 variable of the EAP peer state machine. 577 7.1.3. EAP Restart Notification from PaC to EAP Peer 579 The EAP peer state machine defined in [RFC4137] has an initialization 580 procedure before receiving an EAP message. To initialize the EAP 581 state machine, the PaC state machine defines an event notification 582 mechanism to send an EAP (re)start event to the EAP peer. The event 583 notification is done via EAP_Restart() procedure in the 584 initialization action of the PaC state machine. 586 7.1.4. EAP Authentication Result Notification from EAP Peer to PaC 588 In order for the EAP peer to notify the PaC of an EAP authentication 589 result, EAP_SUCCESS and EAP_FAILURE event variables are defined. In 590 the case where the EAP peer follows the EAP peer state machine 591 defined in [RFC4137], EAP_SUCCESS and EAP_FAILURE event variables 592 refer to eapSuccess and eapFail variables of the EAP peer state 593 machine, respectively. In this case, if EAP_SUCCESS event variable 594 is set to TRUE and an MSK is generated by the EAP authentication 595 method in use, eapKeyAvailable variable is set to TRUE and eapKeyData 596 variable contains the MSK. Note that EAP_SUCCESS and EAP_FAILURE 597 event variables may be set to TRUE even before the PaC receives a PAR 598 with a 'Complete' flag set from the PAA. 600 7.1.5. Alternate Failure Notification from PaC to EAP Peer 602 alt_reject() procedure in the PaC state machine serves as the 603 mechanism to deliver an authentication failure event to the EAP peer 604 without accompanying an EAP message. In the case where the EAP peer 605 follows the EAP peer state machine defined in [RFC4137], alt_reject() 606 procedure sets altReject variable of the EAP peer state machine. 607 Note that the EAP peer state machine in [RFC4137] also defines 608 altAccept variable, however, it is never used in PANA in which EAP- 609 Success messages are reliably delivered by the last PANA-Auth 610 exchange. 612 7.2. Configurable Values 614 FAILED_SESS_TIMEOUT 616 Configurable value that allows the PaC to determine whether a PaC 617 authentication and authorization phase has stalled without an 618 explicit EAP success or failure notification. 620 7.3. Variables 622 AUTH_USER 624 This event variable is set to TRUE when initiation of EAP-based 625 (re-)authentication is triggered by the application. 627 EAP_SUCCESS 629 This event variable is set to TRUE when the EAP peer determines 630 that EAP conversation completes with success. 632 EAP_FAILURE 634 This event variable is set to TRUE when the EAP peer determines 635 that EAP conversation completes with failure. 637 EAP_RESPONSE 639 This event variable is set to TRUE when the EAP peer delivers an 640 EAP message to the PaC. This event accompanies an EAP message 641 received from the EAP peer. 643 EAP_RESP_TIMEOUT 645 This event variable is set to TRUE when the PaC that has passed an 646 EAP message to the EAP-layer does not receive a subsequent EAP 647 message from the the EAP-layer in a given period. This provides a 648 time limit for certain EAP methods where user interaction maybe 649 required. 651 7.4. Procedures 653 boolean eap_piggyback() 655 This procedures returns TRUE to indicate whether the next EAP 656 response will be carried in the pending PAN message for 657 optimization. 659 void alt_reject() 661 This procedure informs the EAP peer of an authentication failure 662 event without accompanying an EAP message. 664 void EAP_RespTimerStart() 666 A procedure to start a timer to receive an EAP-Response from the 667 EAP peer. 669 void EAP_RespTimerStop() 671 A procedure to stop a timer to receive an EAP-Response from the 672 EAP peer. 674 7.5. PaC State Transition Table 676 ------------------------------ 677 State: INITIAL (Initial State) 678 ------------------------------ 679 Initialization Action: 681 NONCE_SENT=Unset; 682 RTX_COUNTER=0; 683 RtxTimerStop(); 685 Exit Condition Exit Action Exit State 686 ------------------------+--------------------------+----------- 687 - - - - - - - - - - (PaC-initiated Handshake) - - - - - - - - - 688 AUTH_USER Tx:PCI[](); INITIAL 689 RtxTimerStart(); 690 SessionTimerReStart 691 (FAILED_SESS_TIMEOUT); 692 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 694 - - - - - - -(PAA-initiated Handshake, not optimized) - - - - - 695 Rx:PAR[S] && EAP_Restart(); WAIT_PAA 696 !PAR.exist_avp SessionTimerReStart 697 ("EAP-Payload") (FAILED_SESS_TIMEOUT); 698 if (generate_pana_sa()) 699 Tx:PAN[S]("PRF-Algorithm", 700 "Integrity-Algorithm"); 701 else 702 Tx:PAN[S](); 703 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 705 - - - - - - - -(PAA-initiated Handshake, optimized) - - - - - - 706 Rx:PAR[S] && EAP_Restart(); INITIAL 707 PAR.exist_avp TxEAP(); 708 ("EAP-Payload") && SessionTimerReStart 709 eap_piggyback() (FAILED_SESS_TIMEOUT); 711 Rx:PAR[S] && EAP_Restart(); WAIT_EAP_MSG 712 PAR.exist_avp TxEAP(); 713 ("EAP-Payload") && SessionTimerReStart 714 !eap_piggyback() (FAILED_SESS_TIMEOUT); 715 if (generate_pana_sa()) 716 Tx:PAN[S]("PRF-Algorithm", 717 "Integrity-Algorithm"); 718 else 719 Tx:PAN[S](); 721 EAP_RESPONSE if (generate_pana_sa()) WAIT_PAA 722 Tx:PAN[S]("EAP-Payload", 723 "PRF-Algorithm", 724 "Integrity-Algorithm"); 725 else 726 Tx:PAN[S]("EAP-Payload"); 728 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 730 --------------- 731 State: WAIT_PAA 732 --------------- 734 Exit Condition Exit Action Exit State 735 ------------------------+--------------------------+------------ 736 - - - - - - - - - - - - - - -(PAR-PAN exchange) - - - - - - - - 737 Rx:PAR[] && RtxTimerStop(); WAIT_EAP_MSG 738 !eap_piggyback() TxEAP(); 739 EAP_RespTimerStart(); 740 if (NONCE_SENT==Unset) { 741 NONCE_SENT=Set; 742 Tx:PAN[]("Nonce"); 743 } 744 else 745 Tx:PAN[](); 747 Rx:PAR[] && RtxTimerStop(); WAIT_EAP_MSG 748 eap_piggyback() TxEAP(); 749 EAP_RespTimerStart(); 751 Rx:PAN[] RtxTimerStop(); WAIT_PAA 753 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 754 - - - - - - - - - - - - - - -(PANA result) - - - - - - - - - - 755 Rx:PAR[C] && TxEAP(); WAIT_EAP_RESULT 756 PAR.RESULT_CODE== 757 PANA_SUCCESS 759 Rx:PAR[C] && if (PAR.exist_avp WAIT_EAP_RESULT_ 760 PAR.RESULT_CODE!= ("EAP-Payload")) CLOSE 761 PANA_SUCCESS TxEAP(); 762 else 763 alt_reject(); 764 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 766 ------------------- 767 State: WAIT_EAP_MSG 768 ------------------- 770 Exit Condition Exit Action Exit State 771 ------------------------+--------------------------+------------ 772 - - - - - - - - - - (Return PAN/PAR from EAP) - - - - - - - - - 773 EAP_RESPONSE && EAP_RespTimerStop() WAIT_PAA 774 eap_piggyback() if (NONCE_SENT==Unset) { 775 Tx:PAN[]("EAP-Payload", 776 "Nonce"); 777 NONCE_SENT=Set; 778 } 779 else 780 Tx:PAN[]("EAP-Payload"); 782 EAP_RESPONSE && EAP_RespTimerStop() WAIT_PAA 783 !eap_piggyback() Tx:PAR[]("EAP-Payload"); 784 RtxTimerStart(); 786 EAP_RESP_TIMEOUT && Tx:PAN[](); WAIT_PAA 787 eap_piggyback() 789 EAP_FAILURE SessionTimerStop(); CLOSED 790 Disconnect(); 791 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 793 ---------------------- 794 State: WAIT_EAP_RESULT 795 ---------------------- 797 Exit Condition Exit Action Exit State 798 ------------------------+--------------------------+------------ 799 - - - - - - - - - - - - - (EAP Result) - - - - - - - - - - - - - 800 EAP_SUCCESS if (PAR.exist_avp OPEN 801 ("Key-Id")) 802 Tx:PAN[C]("Key-Id"); 803 else 804 Tx:PAN[C](); 805 Authorize(); 806 SessionTimerReStart 807 (LIFETIME_SESS_TIMEOUT); 809 EAP_FAILURE Tx:PAN[C](); CLOSED 810 SessionTimerStop(); 811 Disconnect(); 812 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 814 ---------------------------- 815 State: WAIT_EAP_RESULT_CLOSE 816 ---------------------------- 818 Exit Condition Exit Action Exit State 819 ------------------------+--------------------------+------------ 820 - - - - - - - - - - - - - (EAP Result) - - - - - - - - - - - - - 821 EAP_SUCCESS || if (EAP_SUCCESS && CLOSED 822 EAP_FAILURE PAR.exist_avp("Key-Id")) 823 Tx:PAN[C]("Key-Id"); 825 else 826 Tx:PAN[C](); 827 SessionTimerStop(); 828 Disconnect(); 829 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 831 ----------- 832 State: OPEN 833 ----------- 835 Exit Condition Exit Action Exit State 836 ------------------------+--------------------------+------------ 837 - - - - - - - - - - (liveness test initiated by PaC)- - - - - - 838 PANA_PING Tx:PNR[P](); WAIT_PNA_PING 839 RtxTimerStart(); 840 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 841 - - - - - - - - - (re-authentication initiated by PaC)- - - - - - 842 REAUTH NONCE_SENT=Unset; WAIT_PNA_REAUTH 843 Tx:PNR[A](); 844 RtxTimerStart(); 845 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 846 - - - - - - - - - (re-authentication initiated by PAA)- - - - - - 847 Rx:PAR[] EAP_RespTimerStart(); WAIT_EAP_MSG 848 TxEAP(); 849 if (!eap_piggyback()) 850 Tx:PAN[]("Nonce"); 851 else 852 NONCE_SENT=Unset; 853 SessionTimerReStart 854 (FAILED_SESS_TIMEOUT); 855 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 856 - - - - - - - -(Session termination initiated by PAA) - - - - - - 857 Rx:PTR[] Tx:PTA[](); CLOSED 858 SessionTimerStop(); 859 Disconnect(); 860 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 861 - - - - - - - -(Session termination initiated by PaC) - - - - - - 862 TERMINATE Tx:PTR[](); SESS_TERM 863 RtxTimerStart(); 864 SessionTimerStop(); 865 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 867 ---------------------- 868 State: WAIT_PNA_REAUTH 869 ---------------------- 871 Exit Condition Exit Action Exit State 872 ------------------------+--------------------------+------------ 873 - - - - - - - - -(re-authentication initiated by PaC) - - - - - 874 Rx:PNA[A] RtxTimerStop(); WAIT_PAA 875 SessionTimerReStart 876 (FAILED_SESS_TIMEOUT); 877 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 878 - - - - - - - -(Session termination initiated by PAA) - - - - - - 879 Rx:PTR[] RtxTimerStop(); CLOSED 880 Tx:PTA[](); 881 SessionTimerStop(); 882 Disconnect(); 883 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 885 -------------------- 886 State: WAIT_PNA_PING 887 -------------------- 889 Exit Condition Exit Action Exit State 890 ------------------------+--------------------------+------------ 891 - - - - - - - - -(liveness test initiated by PaC) - - - - - - - 892 Rx:PNA[P] RtxTimerStop(); OPEN 893 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 894 - - - - - - - - - (re-authentication initiated by PAA)- - - - - 895 Rx:PAR[] RtxTimerStop(); WAIT_EAP_MSG 896 EAP_RespTimerStart(); 897 TxEAP(); 898 if (!eap_piggyback()) 899 Tx:PAN[]("Nonce"); 900 else 901 NONCE_SENT=Unset; 902 SessionTimerReStart 903 (FAILED_SESS_TIMEOUT); 904 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 905 - - - - - - - -(Session termination initiated by PAA) - - - - - - 906 Rx:PTR[] RtxTimerStop(); CLOSED 907 Tx:PTA[](); 908 SessionTimerStop(); 909 Disconnect(); 910 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 912 ---------------- 913 State: SESS_TERM 914 ---------------- 916 Exit Condition Exit Action Exit State 917 ------------------------+--------------------------+------------ 918 - - - - - - - -(Session termination initiated by PaC) - - - - - 919 Rx:PTA[] Disconnect(); CLOSED 920 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 922 8. PAA State Machine 924 8.1. Interface between PAA and EAP Authenticator 926 The interface between a PAA and an EAP authenticator provides a 927 mechanism to deliver EAP messages for the EAP authenticator as well 928 as a mechanism to notify the EAP authenticator of PAA events and to 929 receive notification of EAP authenticator events. These message 930 delivery and event notification mechanisms occur only within context 931 of their associated states or exit actions. 933 8.1.1. EAP Restart Notification from PAA to EAP Authenticator 935 An EAP authenticator state machine defined in [RFC4137] has an 936 initialization procedure before sending the first EAP request. To 937 initialize the EAP state machine, the PAA state machine defines an 938 event notification mechanism to send an EAP (re)start event to the 939 EAP authenticator. The event notification is done via EAP_Restart() 940 procedure in the initialization action of the PAA state machine. 942 8.1.2. Delivering EAP Responses from PAA to EAP Authenticator 944 TxEAP() procedure in the PAA state machine serves as the mechanism to 945 deliver EAP-Responses contained in PANA-Auth-Answer messages to the 946 EAP authenticator. This procedure is enabled only after an EAP 947 restart event is notified to the EAP authenticator and before any 948 event resulting in a termination of the EAP authenticator session. 949 In the case where the EAP authenticator follows the EAP authenticator 950 state machines defined in [RFC4137], TxEAP() procedure sets eapResp 951 variable of the EAP authenticator state machine and puts the EAP 952 response in eapRespData variable of the EAP authenticator state 953 machine. 955 8.1.3. Delivering EAP Messages from EAP Authenticator to PAA 957 An EAP request is delivered from the EAP authenticator to the PAA via 958 EAP_REQUEST event variable. The event variable is set when the EAP 959 authenticator passes the EAP request to its lower-layer. In the case 960 where the EAP authenticator follows the EAP authenticator state 961 machines defined in [RFC4137], EAP_REQUEST event variable refers to 962 eapReq variable of the EAP authenticator state machine and the EAP 963 request is contained in eapReqData variable of the EAP authenticator 964 state machine. 966 8.1.4. EAP Authentication Result Notification from EAP Authenticator to 967 PAA 969 In order for the EAP authenticator to notify the PAA of the EAP 970 authentication result, EAP_SUCCESS, EAP_FAILURE and EAP_TIMEOUT event 971 variables are defined. In the case where the EAP authenticator 972 follows the EAP authenticator state machines defined in [RFC4137], 973 EAP_SUCCESS, EAP_FAILURE and EAP_TIMEOUT event variables refer to 974 eapSuccess, eapFail and eapTimeout variables of the EAP authenticator 975 state machine, respectively. In this case, if EAP_SUCCESS event 976 variable is set to TRUE, an EAP-Success message is contained in 977 eapReqData variable of the EAP authenticator state machine, and 978 additionally, eapKeyAvailable variable is set to TRUE and eapKeyData 979 variable contains an MSK if the MSK is generated as a result of 980 successful authentication by the EAP authentication method in use. 981 Similarly, if EAP_FAILURE event variable is set to TRUE, an EAP- 982 Failure message is contained in eapReqData variable of the EAP 983 authenticator state machine. The PAA uses EAP_SUCCESS, EAP_FAILURE 984 and EAP_TIMEOUT event variables as a trigger to send a PAR message to 985 the PaC. 987 8.2. Variables 989 OPTIMIZED_INIT 991 This variable indicates whether the PAA is able to piggyback an 992 EAP-Request in the initial PANA-Auth-Request. Otherwise it is set 993 to FALSE. 995 PAC_FOUND 997 This variable is set to TRUE as a result of a PAA initiated 998 handshake. 1000 REAUTH_TIMEOUT 1002 This event variable is set to TRUE to indicate that the PAA 1003 initiates a re-authentication with the PaC. The re-authentication 1004 timeout should be set to a value less than the session timeout 1005 carried in the Session-Lifetime AVP if present. 1007 EAP_SUCCESS 1009 This event variable is set to TRUE when EAP conversation completes 1010 with success. This event accompanies an EAP- Success message 1011 passed from the EAP authenticator. 1013 EAP_FAILURE 1015 This event variable is set to TRUE when EAP conversation completes 1016 with failure. This event accompanies an EAP- Failure message 1017 passed from the EAP authenticator. 1019 EAP_REQUEST 1021 This event variable is set to TRUE when the EAP authenticator 1022 delivers an EAP Request to the PAA. This event accompanies an 1023 EAP-Request message received from the EAP authenticator. 1025 EAP_TIMEOUT 1027 This event variable is set to TRUE when EAP conversation times out 1028 without generating an EAP-Success or an EAP-Failure message. This 1029 event does not accompany any EAP message. 1031 8.3. Procedures 1033 boolean new_key_available() 1035 A procedure to check whether the PANA session has a new 1036 PANA_AUTH_KEY. If the state machine already have a PANA_AUTH_KEY, 1037 it returns FALSE. If the state machine does not have a 1038 PANA_AUTH_KEY, it tries to retrieve an MSK from the EAP entity. 1039 If an MSK has been retrieved, it computes a PANA_AUTH_KEY from the 1040 MSK and returns TRUE. Otherwise, it returns FALSE. 1042 8.4. PAA State Transition Table 1044 ------------------------------ 1045 State: INITIAL (Initial State) 1046 ------------------------------ 1048 Initialization Action: 1050 OPTIMIZED_INIT=Set|Unset; 1051 NONCE_SENT=Unset; 1052 RTX_COUNTER=0; 1053 RtxTimerStop(); 1055 Exit Condition Exit Action Exit State 1056 ------------------------+--------------------------+------------ 1057 - - - - - - - - (PCI and PAA initiated PANA) - - - - - - - - - 1058 (Rx:PCI[] || if (OPTIMIZED_INIT == INITIAL 1059 PAC_FOUND) Set) { 1060 EAP_Restart(); 1061 SessionTimerReStart 1062 (FAILED_SESS_TIMEOUT); 1063 } 1064 else { 1065 if (generate_pana_sa()) 1066 Tx:PAR[S]("PRF-Algorithm", 1067 "Integrity-Algorithm"); 1068 else 1069 Tx:PAR[S](); 1070 } 1072 EAP_REQUEST if (generate_pana_sa()) INITIAL 1073 Tx:PAR[S]("EAP-Payload", 1074 "PRF-Algorithm", 1075 "Integrity-Algorithm"); 1076 else 1077 Tx:PAR[S]("EAP-Payload"); 1078 RtxTimerStart(); 1079 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1081 - - - - - - - - - - - - - - (PAN Handling) - - - - - - - - - - 1082 Rx:PAN[S] && if (PAN.exist_avp WAIT_EAP_MSG 1083 ((OPTIMIZED_INIT == ("EAP-Payload")) 1084 Unset) || TxEAP(); 1085 PAN.exist_avp else { 1086 ("EAP-Payload")) EAP_Restart(); 1087 SessionTimerReStart 1088 (FAILED_SESS_TIMEOUT); 1089 } 1091 Rx:PAN[S] && None(); WAIT_PAN_OR_PAR 1092 (OPTIMIZED_INIT == 1093 Set) && 1094 ! PAN.exist_avp 1095 ("EAP-Payload") 1097 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1099 ------------------- 1100 State: WAIT_EAP_MSG 1101 ------------------- 1103 Exit Condition Exit Action Exit State 1104 ------------------------+--------------------------+------------ 1105 - - - - - - - - - - - -(Receiving EAP-Request)- - - - - - - - - 1106 EAP_REQUEST if (NONCE_SENT==Unset) { WAIT_PAN_OR_PAR 1107 Tx:PAR[]("Nonce", 1108 "EAP-Payload"); 1109 NONCE_SENT=Set; 1110 } 1111 else 1112 Tx:PAR[]("EAP-Payload"); 1113 RtxTimerStart(); 1114 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1115 - - - - - - - - - - -(Receiving EAP-Success/Failure) - - - - - 1116 EAP_FAILURE PAR.RESULT_CODE = WAIT_FAIL_PAN 1117 PANA_AUTHENTICATION_ 1118 REJECTED; 1119 Tx:PAR[C]("EAP-Payload"); 1120 RtxTimerStart(); 1121 SessionTimerStop(); 1123 EAP_SUCCESS && PAR.RESULT_CODE = WAIT_SUCC_PAN 1124 Authorize() PANA_SUCCESS; 1125 if (new_key_available()) 1126 Tx:PAR[C]("EAP-Payload", 1127 "Key-Id"); 1128 else 1129 Tx:PAR[C]("EAP-Payload"); 1130 RtxTimerStart(); 1132 EAP_SUCCESS && PAR.RESULT_CODE = WAIT_FAIL_PAN 1133 !Authorize() PANA_AUTHORIZATION_ 1134 REJECTED; 1135 if (new_key_available()) 1136 Tx:PAR[C]("EAP-Payload", 1137 "Key-Id"); 1138 else 1139 Tx:PAR[C]("EAP-Payload"); 1140 RtxTimerStart(); 1141 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1142 - - - - - (Receiving EAP-Timeout or invalid message) - - - - - 1143 EAP_TIMEOUT SessionTimerStop(); CLOSED 1144 Disconnect(); 1145 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1147 -------------------- 1148 State: WAIT_SUCC_PAN 1149 -------------------- 1151 Event/Condition Action Exit State 1152 ------------------------+--------------------------+------------ 1153 - - - - - - - - - - - - - (PAN Processing)- - - - - - - - - - - 1154 Rx:PAN[C] RtxTimerStop(); OPEN 1155 SessionTimerReStart 1156 (LIFETIME_SESS_TIMEOUT); 1157 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1159 -------------------- 1160 State: WAIT_FAIL_PAN 1161 -------------------- 1162 Exit Condition Exit Action Exit State 1163 ------------------------+--------------------------+------------ 1164 - - - - - - - - - - - - - - (PAN Processing)- - - - - - - - - - 1165 Rx:PAN[C] RtxTimerStop(); CLOSED 1166 Disconnect(); 1167 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1169 ----------- 1170 State: OPEN 1171 ----------- 1173 Event/Condition Action Exit State 1174 ------------------------+--------------------------+------------ 1175 - - - - - - - - (re-authentication initiated by PaC) - - - - - - 1176 Rx:PNR[A] NONCE_SENT=Unset; WAIT_EAP_MSG 1177 EAP_Restart(); 1178 Tx:PNA[A](); 1179 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1180 - - - - - - - - (re-authentication initiated by PAA)- - - - - - 1181 REAUTH || NONCE_SENT=Unset; WAIT_EAP_MSG 1182 REAUTH_TIMEOUT EAP_Restart(); 1184 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1185 - - (liveness test based on PNR-PNA exchange initiated by PAA)- 1186 PANA_PING Tx:PNR[P](); WAIT_PNA_PING 1187 RtxTimerStart(); 1188 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1189 - - - - - - - - (Session termination initated from PAA) - - - - 1190 TERMINATE Tx:PTR[](); SESS_TERM 1191 SessionTimerStop(); 1192 RtxTimerStart(); 1193 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1194 - - - - - - - - (Session termination initated from PaC) - - - - 1195 Rx:PTR[] Tx:PTA[](); CLOSED 1196 SessionTimerStop(); 1197 Disconnect(); 1198 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1200 -------------------- 1201 State: WAIT_PNA_PING 1202 -------------------- 1204 Exit Condition Exit Action Exit State 1205 ------------------------+--------------------------+------------ 1206 - - - - - - - - - - - - - -(PNA processing) - - - - - - - - - - 1207 Rx:PNA[P] RtxTimerStop(); OPEN 1208 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1209 - - - - - - - - (re-authentication initiated by PaC) - - - - - - 1210 Rx:PNR[A] RtxTimerStop(); WAIT_EAP_MSG 1211 NONCE_SENT=Unset; 1212 EAP_Restart(); 1213 Tx:PNA[A](); 1214 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1215 - - - - - - - - (Session termination initated from PaC) - - - - 1216 Rx:PTR[] RtxTimerStop(); CLOSED 1217 Tx:PTA[](); 1218 SessionTimerStop(); 1219 Disconnect(); 1220 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1222 ---------------------- 1223 State: WAIT_PAN_OR_PAR 1224 ---------------------- 1226 Exit Condition Exit Action Exit State 1227 ------------------------+--------------------------+------------ 1228 - - - - - - - - - - - - - (PAR Processing)- - - - - - - - - - - 1229 Rx:PAR[] TxEAP(); WAIT_EAP_MSG 1230 RtxTimerStop(); 1231 Tx:PAN[](); 1232 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1233 - - - - - - (Pass EAP Response to the EAP authenticator)- - - - 1234 Rx:PAN[] && TxEAP(); WAIT_EAP_MSG 1235 PAN.exist_avp RtxTimerStop(); 1236 ("EAP-Payload") 1237 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1238 - - - - - - - - - - (PAN without an EAP response) - - - - - - - 1239 Rx:PAN[] && RtxTimerStop(); WAIT_PAN_OR_PAR 1240 !PAN.exist_avp 1241 ("EAP-Payload") 1242 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1243 - - - - - - - - - - - -(EAP retransmission) - - - - - - - - - - 1244 EAP_REQUEST RtxTimerStop(); WAIT_PAN_OR_PAR 1245 Tx:PAR[]("EAP-Payload"); 1246 RtxTimerStart(); 1247 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1248 - - - - - - - (EAP authentication timeout or failure)- - - - - 1249 EAP_FAILURE || RtxTimerStop(); CLOSED 1250 EAP_TIMEOUT SessionTimerStop(); 1251 Disconnect(); 1252 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1254 ---------------- 1255 State: SESS_TERM 1256 ---------------- 1257 Exit Condition Exit Action Exit State 1258 ------------------------+--------------------------+------------ 1259 - - - - - - - - - - - - - -(PTA processing) - - - - - - - - - - 1260 Rx:PTA[] RtxTimerStop(); CLOSED 1261 Disconnect(); 1262 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1264 9. Implementation Considerations 1266 9.1. PAA and PaC Interface to Service Management Entity 1268 In general, it is assumed each device or network equipment has a PANA 1269 protocol stack available for use by other modules within the device 1270 or network equipment. One such module is the Service Management 1271 Entity (SME). The SME is a generic term for modules that manages 1272 different services (including network protocols) that installed on a 1273 device or equipment. To integrate PANA protocol with the SME, it is 1274 recommended that a generic interface (i.e., the SME-PANA interface) 1275 between the SME and the PANA protocol stack be provided by the 1276 implementation. This interface should include common procedures such 1277 as startup, shutdown and re-authenticate signals. It should also 1278 provision for extracting keying material. For the PAA, the SME-PANA 1279 interface should also provide a method for communicating filtering 1280 parameters to the EP(s) when cryptographic filtering is used. The 1281 filtering parameters include keying material used for bootstrapping 1282 secured transport such as IPsec. When a PAA device interacts with 1283 the backend authentication server using a AAA protocol, its SME may 1284 also provide an interface to the AAA protocol to obtain authorization 1285 parameters such as the authorization lifetime and additional 1286 filtering parameters. 1288 10. Security Considerations 1290 This document's intent is to describe the PANA state machines fully. 1291 To this end, any security concerns with this document are likely a 1292 reflection of security concerns with PANA itself. 1294 11. IANA Considerations 1296 This document has no actions for IANA. 1298 12. Acknowledgments 1300 This work was started from state machines originally made by Dan 1301 Forsberg. 1303 13. References 1305 13.1. Normative References 1307 [RFC5191] Forsberg, D., Ohba, Y., Patil, B., Tschofenig, H., and A. 1308 Yegin, "Protocol for Carrying Authentication for Network 1309 Access (PANA)", RFC 5191, May 2008. 1311 13.2. Informative References 1313 [RFC4137] Vollbrecht, J., Eronen, P., Petroni, N., and Y. Ohba, 1314 "State Machines for Extensible Authentication Protocol 1315 (EAP) Peer and Authenticator", RFC 4137, August 2005. 1317 Authors' Addresses 1319 Victor Fajardo (editor) 1320 Toshiba America Research, Inc. 1321 1 Telcordia Drive 1322 Piscataway, NJ 08854 1323 USA 1325 Phone: +1 732 699 5368 1326 Email: vfajardo@tari.toshiba.com 1328 Yoshihiro Ohba 1329 Toshiba America Research, Inc. 1330 1 Telcordia Drive 1331 Piscataway, NJ 08854 1332 USA 1334 Phone: +1 732 699 5305 1335 Email: yohba@tari.toshiba.com 1337 Rafa Marin Lopez 1338 University of Murcia 1339 30071 Murcia 1340 Spain 1342 Email: rafa@dif.um.es