xref: /freebsd/contrib/wpa/src/eap_server/eap_i.h (revision a90b9d0159070121c221b966469c3e36d912bf82) 
139beb93cSSam Leffler /*
239beb93cSSam Leffler  * hostapd / EAP Authenticator state machine internal structures (RFC 4137)
339beb93cSSam Leffler  * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
439beb93cSSam Leffler  *
5f05cddf9SRui Paulo  * This software may be distributed under the terms of the BSD license.
6f05cddf9SRui Paulo  * See README for more details.
739beb93cSSam Leffler  */
839beb93cSSam Leffler 
939beb93cSSam Leffler #ifndef EAP_I_H
1039beb93cSSam Leffler #define EAP_I_H
1139beb93cSSam Leffler 
1239beb93cSSam Leffler #include "wpabuf.h"
1339beb93cSSam Leffler #include "eap_server/eap.h"
1439beb93cSSam Leffler #include "eap_common/eap_common.h"
1539beb93cSSam Leffler 
1639beb93cSSam Leffler /* RFC 4137 - EAP Standalone Authenticator */
1739beb93cSSam Leffler 
1839beb93cSSam Leffler /**
1939beb93cSSam Leffler  * struct eap_method - EAP method interface
2039beb93cSSam Leffler  * This structure defines the EAP method interface. Each method will need to
2139beb93cSSam Leffler  * register its own EAP type, EAP name, and set of function pointers for method
2239beb93cSSam Leffler  * specific operations. This interface is based on section 5.4 of RFC 4137.
2339beb93cSSam Leffler  */
2439beb93cSSam Leffler struct eap_method {
2539beb93cSSam Leffler 	int vendor;
26c1d255d3SCy Schubert 	enum eap_type method;
2739beb93cSSam Leffler 	const char *name;
2839beb93cSSam Leffler 
2939beb93cSSam Leffler 	void * (*init)(struct eap_sm *sm);
3039beb93cSSam Leffler 	void * (*initPickUp)(struct eap_sm *sm);
3139beb93cSSam Leffler 	void (*reset)(struct eap_sm *sm, void *priv);
3239beb93cSSam Leffler 
3339beb93cSSam Leffler 	struct wpabuf * (*buildReq)(struct eap_sm *sm, void *priv, u8 id);
3439beb93cSSam Leffler 	int (*getTimeout)(struct eap_sm *sm, void *priv);
35c1d255d3SCy Schubert 	bool (*check)(struct eap_sm *sm, void *priv, struct wpabuf *respData);
3639beb93cSSam Leffler 	void (*process)(struct eap_sm *sm, void *priv,
3739beb93cSSam Leffler 			struct wpabuf *respData);
38c1d255d3SCy Schubert 	bool (*isDone)(struct eap_sm *sm, void *priv);
3939beb93cSSam Leffler 	u8 * (*getKey)(struct eap_sm *sm, void *priv, size_t *len);
4039beb93cSSam Leffler 	/* isSuccess is not specified in draft-ietf-eap-statemachine-05.txt,
4139beb93cSSam Leffler 	 * but it is useful in implementing Policy.getDecision() */
42c1d255d3SCy Schubert 	bool (*isSuccess)(struct eap_sm *sm, void *priv);
4339beb93cSSam Leffler 
4439beb93cSSam Leffler 	/**
4539beb93cSSam Leffler 	 * free - Free EAP method data
4639beb93cSSam Leffler 	 * @method: Pointer to the method data registered with
4739beb93cSSam Leffler 	 * eap_server_method_register().
4839beb93cSSam Leffler 	 *
4939beb93cSSam Leffler 	 * This function will be called when the EAP method is being
5039beb93cSSam Leffler 	 * unregistered. If the EAP method allocated resources during
5139beb93cSSam Leffler 	 * registration (e.g., allocated struct eap_method), they should be
5239beb93cSSam Leffler 	 * freed in this function. No other method functions will be called
5339beb93cSSam Leffler 	 * after this call. If this function is not defined (i.e., function
5439beb93cSSam Leffler 	 * pointer is %NULL), a default handler is used to release the method
5539beb93cSSam Leffler 	 * data with free(method). This is suitable for most cases.
5639beb93cSSam Leffler 	 */
5739beb93cSSam Leffler 	void (*free)(struct eap_method *method);
5839beb93cSSam Leffler 
5939beb93cSSam Leffler #define EAP_SERVER_METHOD_INTERFACE_VERSION 1
6039beb93cSSam Leffler 	/**
6139beb93cSSam Leffler 	 * version - Version of the EAP server method interface
6239beb93cSSam Leffler 	 *
6339beb93cSSam Leffler 	 * The EAP server method implementation should set this variable to
6439beb93cSSam Leffler 	 * EAP_SERVER_METHOD_INTERFACE_VERSION. This is used to verify that the
6539beb93cSSam Leffler 	 * EAP method is using supported API version when using dynamically
6639beb93cSSam Leffler 	 * loadable EAP methods.
6739beb93cSSam Leffler 	 */
6839beb93cSSam Leffler 	int version;
6939beb93cSSam Leffler 
7039beb93cSSam Leffler 	/**
7139beb93cSSam Leffler 	 * next - Pointer to the next EAP method
7239beb93cSSam Leffler 	 *
7339beb93cSSam Leffler 	 * This variable is used internally in the EAP method registration code
7439beb93cSSam Leffler 	 * to create a linked list of registered EAP methods.
7539beb93cSSam Leffler 	 */
7639beb93cSSam Leffler 	struct eap_method *next;
7739beb93cSSam Leffler 
7839beb93cSSam Leffler 	/**
7939beb93cSSam Leffler 	 * get_emsk - Get EAP method specific keying extended material (EMSK)
8039beb93cSSam Leffler 	 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
8139beb93cSSam Leffler 	 * @priv: Pointer to private EAP method data from eap_method::init()
8239beb93cSSam Leffler 	 * @len: Pointer to a variable to store EMSK length
8339beb93cSSam Leffler 	 * Returns: EMSK or %NULL if not available
8439beb93cSSam Leffler 	 *
8539beb93cSSam Leffler 	 * This function can be used to get the extended keying material from
8639beb93cSSam Leffler 	 * the EAP method. The key may already be stored in the method-specific
8739beb93cSSam Leffler 	 * private data or this function may derive the key.
8839beb93cSSam Leffler 	 */
8939beb93cSSam Leffler 	u8 * (*get_emsk)(struct eap_sm *sm, void *priv, size_t *len);
905b9c547cSRui Paulo 
915b9c547cSRui Paulo 	/**
925b9c547cSRui Paulo 	 * getSessionId - Get EAP method specific Session-Id
935b9c547cSRui Paulo 	 * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
945b9c547cSRui Paulo 	 * @priv: Pointer to private EAP method data from eap_method::init()
955b9c547cSRui Paulo 	 * @len: Pointer to a variable to store Session-Id length
965b9c547cSRui Paulo 	 * Returns: Session-Id or %NULL if not available
975b9c547cSRui Paulo 	 *
985b9c547cSRui Paulo 	 * This function can be used to get the Session-Id from the EAP method.
995b9c547cSRui Paulo 	 * The Session-Id may already be stored in the method-specific private
1005b9c547cSRui Paulo 	 * data or this function may derive the Session-Id.
1015b9c547cSRui Paulo 	 */
1025b9c547cSRui Paulo 	u8 * (*getSessionId)(struct eap_sm *sm, void *priv, size_t *len);
10339beb93cSSam Leffler };
10439beb93cSSam Leffler 
10539beb93cSSam Leffler /**
10639beb93cSSam Leffler  * struct eap_sm - EAP server state machine data
10739beb93cSSam Leffler  */
10839beb93cSSam Leffler struct eap_sm {
10939beb93cSSam Leffler 	enum {
11039beb93cSSam Leffler 		EAP_DISABLED, EAP_INITIALIZE, EAP_IDLE, EAP_RECEIVED,
11139beb93cSSam Leffler 		EAP_INTEGRITY_CHECK, EAP_METHOD_RESPONSE, EAP_METHOD_REQUEST,
11239beb93cSSam Leffler 		EAP_PROPOSE_METHOD, EAP_SELECT_ACTION, EAP_SEND_REQUEST,
11339beb93cSSam Leffler 		EAP_DISCARD, EAP_NAK, EAP_RETRANSMIT, EAP_SUCCESS, EAP_FAILURE,
11439beb93cSSam Leffler 		EAP_TIMEOUT_FAILURE, EAP_PICK_UP_METHOD,
11539beb93cSSam Leffler 		EAP_INITIALIZE_PASSTHROUGH, EAP_IDLE2, EAP_RETRANSMIT2,
11639beb93cSSam Leffler 		EAP_RECEIVED2, EAP_DISCARD2, EAP_SEND_REQUEST2,
11739beb93cSSam Leffler 		EAP_AAA_REQUEST, EAP_AAA_RESPONSE, EAP_AAA_IDLE,
1185b9c547cSRui Paulo 		EAP_TIMEOUT_FAILURE2, EAP_FAILURE2, EAP_SUCCESS2,
1195b9c547cSRui Paulo 		EAP_INITIATE_REAUTH_START, EAP_INITIATE_RECEIVED
12039beb93cSSam Leffler 	} EAP_state;
12139beb93cSSam Leffler 
12239beb93cSSam Leffler 	/* Constants */
12339beb93cSSam Leffler 	int MaxRetrans;
12439beb93cSSam Leffler 
12539beb93cSSam Leffler 	struct eap_eapol_interface eap_if;
12639beb93cSSam Leffler 
12739beb93cSSam Leffler 	/* Full authenticator state machine local variables */
12839beb93cSSam Leffler 
129f05cddf9SRui Paulo 	/* Long-term (maintained between packets) */
130c1d255d3SCy Schubert 	enum eap_type currentMethod;
13139beb93cSSam Leffler 	int currentId;
13239beb93cSSam Leffler 	enum {
13339beb93cSSam Leffler 		METHOD_PROPOSED, METHOD_CONTINUE, METHOD_END
13439beb93cSSam Leffler 	} methodState;
13539beb93cSSam Leffler 	int retransCount;
13639beb93cSSam Leffler 	struct wpabuf *lastReqData;
13739beb93cSSam Leffler 	int methodTimeout;
13839beb93cSSam Leffler 
13939beb93cSSam Leffler 	/* Short-term (not maintained between packets) */
140c1d255d3SCy Schubert 	bool rxResp;
141c1d255d3SCy Schubert 	bool rxInitiate;
14239beb93cSSam Leffler 	int respId;
143c1d255d3SCy Schubert 	enum eap_type respMethod;
14439beb93cSSam Leffler 	int respVendor;
14539beb93cSSam Leffler 	u32 respVendorMethod;
146c1d255d3SCy Schubert 	bool ignore;
14739beb93cSSam Leffler 	enum {
14839beb93cSSam Leffler 		DECISION_SUCCESS, DECISION_FAILURE, DECISION_CONTINUE,
1495b9c547cSRui Paulo 		DECISION_PASSTHROUGH, DECISION_INITIATE_REAUTH_START
15039beb93cSSam Leffler 	} decision;
15139beb93cSSam Leffler 
15239beb93cSSam Leffler 	/* Miscellaneous variables */
15339beb93cSSam Leffler 	const struct eap_method *m; /* selected EAP method */
15439beb93cSSam Leffler 	/* not defined in RFC 4137 */
155c1d255d3SCy Schubert 	bool changed;
156c1d255d3SCy Schubert 	void *eapol_ctx;
157325151a3SRui Paulo 	const struct eapol_callbacks *eapol_cb;
15839beb93cSSam Leffler 	void *eap_method_priv;
15939beb93cSSam Leffler 	u8 *identity;
16039beb93cSSam Leffler 	size_t identity_len;
16185732ac8SCy Schubert 	char *serial_num;
1624bc52338SCy Schubert 	char imsi[20];
163*a90b9d01SCy Schubert 	char sim_aka_permanent[20];
16439beb93cSSam Leffler 	/* Whether Phase 2 method should validate identity match */
16539beb93cSSam Leffler 	int require_identity_match;
16639beb93cSSam Leffler 	int lastId; /* Identifier used in the last EAP-Packet */
16739beb93cSSam Leffler 	struct eap_user *user;
16839beb93cSSam Leffler 	int user_eap_method_index;
16939beb93cSSam Leffler 	int init_phase2;
170c1d255d3SCy Schubert 	const struct eap_config *cfg;
171c1d255d3SCy Schubert 	struct eap_config cfg_buf;
172c1d255d3SCy Schubert 	bool update_user;
17339beb93cSSam Leffler 
174c1d255d3SCy Schubert 	unsigned int num_rounds;
175c1d255d3SCy Schubert 	unsigned int num_rounds_short;
17639beb93cSSam Leffler 	enum {
17739beb93cSSam Leffler 		METHOD_PENDING_NONE, METHOD_PENDING_WAIT, METHOD_PENDING_CONT
17839beb93cSSam Leffler 	} method_pending;
17939beb93cSSam Leffler 
180*a90b9d01SCy Schubert 	/* Optional challenges generated in Phase 1 (EAP-FAST) */
18139beb93cSSam Leffler 	u8 *auth_challenge;
18239beb93cSSam Leffler 	u8 *peer_challenge;
18339beb93cSSam Leffler 
184*a90b9d01SCy Schubert 	/* Whether to use the EAP-FAST-MSCHAPv2 instantiation of EAP-MSCHAPv2.
185*a90b9d01SCy Schubert 	 * That variant is otherwise identical, but it generates the MSK using
186*a90b9d01SCy Schubert 	 * MS-MPPE keys in reverse order. */
187*a90b9d01SCy Schubert 	bool eap_fast_mschapv2;
188*a90b9d01SCy Schubert 
18939beb93cSSam Leffler 	struct wpabuf *assoc_wps_ie;
190f05cddf9SRui Paulo 	struct wpabuf *assoc_p2p_ie;
1913157ba21SRui Paulo 
192c1d255d3SCy Schubert 	bool start_reauth;
193e28a4053SRui Paulo 
194e28a4053SRui Paulo 	u8 peer_addr[ETH_ALEN];
195f05cddf9SRui Paulo 
196c1d255d3SCy Schubert 	bool initiate_reauth_start_sent;
197c1d255d3SCy Schubert 	bool try_initiate_reauth;
1985b9c547cSRui Paulo 
1995b9c547cSRui Paulo #ifdef CONFIG_TESTING_OPTIONS
2005b9c547cSRui Paulo 	u32 tls_test_flags;
2015b9c547cSRui Paulo #endif /* CONFIG_TESTING_OPTIONS */
20239beb93cSSam Leffler };
20339beb93cSSam Leffler 
20439beb93cSSam Leffler int eap_user_get(struct eap_sm *sm, const u8 *identity, size_t identity_len,
20539beb93cSSam Leffler 		 int phase2);
2065b9c547cSRui Paulo void eap_log_msg(struct eap_sm *sm, const char *fmt, ...)
2075b9c547cSRui Paulo PRINTF_FORMAT(2, 3);
20839beb93cSSam Leffler void eap_sm_process_nak(struct eap_sm *sm, const u8 *nak_list, size_t len);
20939beb93cSSam Leffler 
21039beb93cSSam Leffler #endif /* EAP_I_H */
211