139beb93cSSam Leffler /* 239beb93cSSam Leffler * hostapd / EAP Authenticator state machine internal structures (RFC 4137) 339beb93cSSam Leffler * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi> 439beb93cSSam Leffler * 5f05cddf9SRui Paulo * This software may be distributed under the terms of the BSD license. 6f05cddf9SRui Paulo * See README for more details. 739beb93cSSam Leffler */ 839beb93cSSam Leffler 939beb93cSSam Leffler #ifndef EAP_I_H 1039beb93cSSam Leffler #define EAP_I_H 1139beb93cSSam Leffler 1239beb93cSSam Leffler #include "wpabuf.h" 1339beb93cSSam Leffler #include "eap_server/eap.h" 1439beb93cSSam Leffler #include "eap_common/eap_common.h" 1539beb93cSSam Leffler 1639beb93cSSam Leffler /* RFC 4137 - EAP Standalone Authenticator */ 1739beb93cSSam Leffler 1839beb93cSSam Leffler /** 1939beb93cSSam Leffler * struct eap_method - EAP method interface 2039beb93cSSam Leffler * This structure defines the EAP method interface. Each method will need to 2139beb93cSSam Leffler * register its own EAP type, EAP name, and set of function pointers for method 2239beb93cSSam Leffler * specific operations. This interface is based on section 5.4 of RFC 4137. 2339beb93cSSam Leffler */ 2439beb93cSSam Leffler struct eap_method { 2539beb93cSSam Leffler int vendor; 2639beb93cSSam Leffler EapType method; 2739beb93cSSam Leffler const char *name; 2839beb93cSSam Leffler 2939beb93cSSam Leffler void * (*init)(struct eap_sm *sm); 3039beb93cSSam Leffler void * (*initPickUp)(struct eap_sm *sm); 3139beb93cSSam Leffler void (*reset)(struct eap_sm *sm, void *priv); 3239beb93cSSam Leffler 3339beb93cSSam Leffler struct wpabuf * (*buildReq)(struct eap_sm *sm, void *priv, u8 id); 3439beb93cSSam Leffler int (*getTimeout)(struct eap_sm *sm, void *priv); 3539beb93cSSam Leffler Boolean (*check)(struct eap_sm *sm, void *priv, 3639beb93cSSam Leffler struct wpabuf *respData); 3739beb93cSSam Leffler void (*process)(struct eap_sm *sm, void *priv, 3839beb93cSSam Leffler struct wpabuf *respData); 3939beb93cSSam Leffler Boolean (*isDone)(struct eap_sm *sm, void *priv); 4039beb93cSSam Leffler u8 * (*getKey)(struct eap_sm *sm, void *priv, size_t *len); 4139beb93cSSam Leffler /* isSuccess is not specified in draft-ietf-eap-statemachine-05.txt, 4239beb93cSSam Leffler * but it is useful in implementing Policy.getDecision() */ 4339beb93cSSam Leffler Boolean (*isSuccess)(struct eap_sm *sm, void *priv); 4439beb93cSSam Leffler 4539beb93cSSam Leffler /** 4639beb93cSSam Leffler * free - Free EAP method data 4739beb93cSSam Leffler * @method: Pointer to the method data registered with 4839beb93cSSam Leffler * eap_server_method_register(). 4939beb93cSSam Leffler * 5039beb93cSSam Leffler * This function will be called when the EAP method is being 5139beb93cSSam Leffler * unregistered. If the EAP method allocated resources during 5239beb93cSSam Leffler * registration (e.g., allocated struct eap_method), they should be 5339beb93cSSam Leffler * freed in this function. No other method functions will be called 5439beb93cSSam Leffler * after this call. If this function is not defined (i.e., function 5539beb93cSSam Leffler * pointer is %NULL), a default handler is used to release the method 5639beb93cSSam Leffler * data with free(method). This is suitable for most cases. 5739beb93cSSam Leffler */ 5839beb93cSSam Leffler void (*free)(struct eap_method *method); 5939beb93cSSam Leffler 6039beb93cSSam Leffler #define EAP_SERVER_METHOD_INTERFACE_VERSION 1 6139beb93cSSam Leffler /** 6239beb93cSSam Leffler * version - Version of the EAP server method interface 6339beb93cSSam Leffler * 6439beb93cSSam Leffler * The EAP server method implementation should set this variable to 6539beb93cSSam Leffler * EAP_SERVER_METHOD_INTERFACE_VERSION. This is used to verify that the 6639beb93cSSam Leffler * EAP method is using supported API version when using dynamically 6739beb93cSSam Leffler * loadable EAP methods. 6839beb93cSSam Leffler */ 6939beb93cSSam Leffler int version; 7039beb93cSSam Leffler 7139beb93cSSam Leffler /** 7239beb93cSSam Leffler * next - Pointer to the next EAP method 7339beb93cSSam Leffler * 7439beb93cSSam Leffler * This variable is used internally in the EAP method registration code 7539beb93cSSam Leffler * to create a linked list of registered EAP methods. 7639beb93cSSam Leffler */ 7739beb93cSSam Leffler struct eap_method *next; 7839beb93cSSam Leffler 7939beb93cSSam Leffler /** 8039beb93cSSam Leffler * get_emsk - Get EAP method specific keying extended material (EMSK) 8139beb93cSSam Leffler * @sm: Pointer to EAP state machine allocated with eap_sm_init() 8239beb93cSSam Leffler * @priv: Pointer to private EAP method data from eap_method::init() 8339beb93cSSam Leffler * @len: Pointer to a variable to store EMSK length 8439beb93cSSam Leffler * Returns: EMSK or %NULL if not available 8539beb93cSSam Leffler * 8639beb93cSSam Leffler * This function can be used to get the extended keying material from 8739beb93cSSam Leffler * the EAP method. The key may already be stored in the method-specific 8839beb93cSSam Leffler * private data or this function may derive the key. 8939beb93cSSam Leffler */ 9039beb93cSSam Leffler u8 * (*get_emsk)(struct eap_sm *sm, void *priv, size_t *len); 915b9c547cSRui Paulo 925b9c547cSRui Paulo /** 935b9c547cSRui Paulo * getSessionId - Get EAP method specific Session-Id 945b9c547cSRui Paulo * @sm: Pointer to EAP state machine allocated with eap_server_sm_init() 955b9c547cSRui Paulo * @priv: Pointer to private EAP method data from eap_method::init() 965b9c547cSRui Paulo * @len: Pointer to a variable to store Session-Id length 975b9c547cSRui Paulo * Returns: Session-Id or %NULL if not available 985b9c547cSRui Paulo * 995b9c547cSRui Paulo * This function can be used to get the Session-Id from the EAP method. 1005b9c547cSRui Paulo * The Session-Id may already be stored in the method-specific private 1015b9c547cSRui Paulo * data or this function may derive the Session-Id. 1025b9c547cSRui Paulo */ 1035b9c547cSRui Paulo u8 * (*getSessionId)(struct eap_sm *sm, void *priv, size_t *len); 10439beb93cSSam Leffler }; 10539beb93cSSam Leffler 10639beb93cSSam Leffler /** 10739beb93cSSam Leffler * struct eap_sm - EAP server state machine data 10839beb93cSSam Leffler */ 10939beb93cSSam Leffler struct eap_sm { 11039beb93cSSam Leffler enum { 11139beb93cSSam Leffler EAP_DISABLED, EAP_INITIALIZE, EAP_IDLE, EAP_RECEIVED, 11239beb93cSSam Leffler EAP_INTEGRITY_CHECK, EAP_METHOD_RESPONSE, EAP_METHOD_REQUEST, 11339beb93cSSam Leffler EAP_PROPOSE_METHOD, EAP_SELECT_ACTION, EAP_SEND_REQUEST, 11439beb93cSSam Leffler EAP_DISCARD, EAP_NAK, EAP_RETRANSMIT, EAP_SUCCESS, EAP_FAILURE, 11539beb93cSSam Leffler EAP_TIMEOUT_FAILURE, EAP_PICK_UP_METHOD, 11639beb93cSSam Leffler EAP_INITIALIZE_PASSTHROUGH, EAP_IDLE2, EAP_RETRANSMIT2, 11739beb93cSSam Leffler EAP_RECEIVED2, EAP_DISCARD2, EAP_SEND_REQUEST2, 11839beb93cSSam Leffler EAP_AAA_REQUEST, EAP_AAA_RESPONSE, EAP_AAA_IDLE, 1195b9c547cSRui Paulo EAP_TIMEOUT_FAILURE2, EAP_FAILURE2, EAP_SUCCESS2, 1205b9c547cSRui Paulo EAP_INITIATE_REAUTH_START, EAP_INITIATE_RECEIVED 12139beb93cSSam Leffler } EAP_state; 12239beb93cSSam Leffler 12339beb93cSSam Leffler /* Constants */ 12439beb93cSSam Leffler int MaxRetrans; 12539beb93cSSam Leffler 12639beb93cSSam Leffler struct eap_eapol_interface eap_if; 12739beb93cSSam Leffler 12839beb93cSSam Leffler /* Full authenticator state machine local variables */ 12939beb93cSSam Leffler 130f05cddf9SRui Paulo /* Long-term (maintained between packets) */ 13139beb93cSSam Leffler EapType currentMethod; 13239beb93cSSam Leffler int currentId; 13339beb93cSSam Leffler enum { 13439beb93cSSam Leffler METHOD_PROPOSED, METHOD_CONTINUE, METHOD_END 13539beb93cSSam Leffler } methodState; 13639beb93cSSam Leffler int retransCount; 13739beb93cSSam Leffler struct wpabuf *lastReqData; 13839beb93cSSam Leffler int methodTimeout; 13939beb93cSSam Leffler 14039beb93cSSam Leffler /* Short-term (not maintained between packets) */ 14139beb93cSSam Leffler Boolean rxResp; 1425b9c547cSRui Paulo Boolean rxInitiate; 14339beb93cSSam Leffler int respId; 14439beb93cSSam Leffler EapType respMethod; 14539beb93cSSam Leffler int respVendor; 14639beb93cSSam Leffler u32 respVendorMethod; 14739beb93cSSam Leffler Boolean ignore; 14839beb93cSSam Leffler enum { 14939beb93cSSam Leffler DECISION_SUCCESS, DECISION_FAILURE, DECISION_CONTINUE, 1505b9c547cSRui Paulo DECISION_PASSTHROUGH, DECISION_INITIATE_REAUTH_START 15139beb93cSSam Leffler } decision; 15239beb93cSSam Leffler 15339beb93cSSam Leffler /* Miscellaneous variables */ 15439beb93cSSam Leffler const struct eap_method *m; /* selected EAP method */ 15539beb93cSSam Leffler /* not defined in RFC 4137 */ 15639beb93cSSam Leffler Boolean changed; 15739beb93cSSam Leffler void *eapol_ctx, *msg_ctx; 158*325151a3SRui Paulo const struct eapol_callbacks *eapol_cb; 15939beb93cSSam Leffler void *eap_method_priv; 16039beb93cSSam Leffler u8 *identity; 16139beb93cSSam Leffler size_t identity_len; 16239beb93cSSam Leffler /* Whether Phase 2 method should validate identity match */ 16339beb93cSSam Leffler int require_identity_match; 16439beb93cSSam Leffler int lastId; /* Identifier used in the last EAP-Packet */ 16539beb93cSSam Leffler struct eap_user *user; 16639beb93cSSam Leffler int user_eap_method_index; 16739beb93cSSam Leffler int init_phase2; 16839beb93cSSam Leffler void *ssl_ctx; 169f05cddf9SRui Paulo struct eap_sim_db_data *eap_sim_db_priv; 17039beb93cSSam Leffler Boolean backend_auth; 17139beb93cSSam Leffler Boolean update_user; 17239beb93cSSam Leffler int eap_server; 17339beb93cSSam Leffler 17439beb93cSSam Leffler int num_rounds; 17539beb93cSSam Leffler enum { 17639beb93cSSam Leffler METHOD_PENDING_NONE, METHOD_PENDING_WAIT, METHOD_PENDING_CONT 17739beb93cSSam Leffler } method_pending; 17839beb93cSSam Leffler 17939beb93cSSam Leffler u8 *auth_challenge; 18039beb93cSSam Leffler u8 *peer_challenge; 18139beb93cSSam Leffler 18239beb93cSSam Leffler u8 *pac_opaque_encr_key; 18339beb93cSSam Leffler u8 *eap_fast_a_id; 18439beb93cSSam Leffler size_t eap_fast_a_id_len; 18539beb93cSSam Leffler char *eap_fast_a_id_info; 18639beb93cSSam Leffler enum { 18739beb93cSSam Leffler NO_PROV, ANON_PROV, AUTH_PROV, BOTH_PROV 18839beb93cSSam Leffler } eap_fast_prov; 18939beb93cSSam Leffler int pac_key_lifetime; 19039beb93cSSam Leffler int pac_key_refresh_time; 19139beb93cSSam Leffler int eap_sim_aka_result_ind; 19239beb93cSSam Leffler int tnc; 193f05cddf9SRui Paulo u16 pwd_group; 19439beb93cSSam Leffler struct wps_context *wps; 19539beb93cSSam Leffler struct wpabuf *assoc_wps_ie; 196f05cddf9SRui Paulo struct wpabuf *assoc_p2p_ie; 1973157ba21SRui Paulo 1983157ba21SRui Paulo Boolean start_reauth; 199e28a4053SRui Paulo 200e28a4053SRui Paulo u8 peer_addr[ETH_ALEN]; 201f05cddf9SRui Paulo 202f05cddf9SRui Paulo /* Fragmentation size for EAP method init() handler */ 203f05cddf9SRui Paulo int fragment_size; 204f05cddf9SRui Paulo 205f05cddf9SRui Paulo int pbc_in_m1; 2065b9c547cSRui Paulo 2075b9c547cSRui Paulo const u8 *server_id; 2085b9c547cSRui Paulo size_t server_id_len; 2095b9c547cSRui Paulo 2105b9c547cSRui Paulo Boolean initiate_reauth_start_sent; 2115b9c547cSRui Paulo Boolean try_initiate_reauth; 2125b9c547cSRui Paulo int erp; 213*325151a3SRui Paulo unsigned int tls_session_lifetime; 2145b9c547cSRui Paulo 2155b9c547cSRui Paulo #ifdef CONFIG_TESTING_OPTIONS 2165b9c547cSRui Paulo u32 tls_test_flags; 2175b9c547cSRui Paulo #endif /* CONFIG_TESTING_OPTIONS */ 21839beb93cSSam Leffler }; 21939beb93cSSam Leffler 22039beb93cSSam Leffler int eap_user_get(struct eap_sm *sm, const u8 *identity, size_t identity_len, 22139beb93cSSam Leffler int phase2); 2225b9c547cSRui Paulo void eap_log_msg(struct eap_sm *sm, const char *fmt, ...) 2235b9c547cSRui Paulo PRINTF_FORMAT(2, 3); 22439beb93cSSam Leffler void eap_sm_process_nak(struct eap_sm *sm, const u8 *nak_list, size_t len); 22539beb93cSSam Leffler 22639beb93cSSam Leffler #endif /* EAP_I_H */ 227