1 /* 2 * IEEE 802.1X-2004 Authenticator - EAPOL state machine (internal definitions) 3 * Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 * 9 * Alternatively, this software may be distributed under the terms of BSD 10 * license. 11 * 12 * See README and COPYING for more details. 13 */ 14 15 #ifndef EAPOL_AUTH_SM_I_H 16 #define EAPOL_AUTH_SM_I_H 17 18 #include "common/defs.h" 19 #include "radius/radius.h" 20 21 /* IEEE Std 802.1X-2004, Ch. 8.2 */ 22 23 typedef enum { ForceUnauthorized = 1, ForceAuthorized = 3, Auto = 2 } 24 PortTypes; 25 typedef enum { Unauthorized = 2, Authorized = 1 } PortState; 26 typedef enum { Both = 0, In = 1 } ControlledDirection; 27 typedef unsigned int Counter; 28 29 30 /** 31 * struct eapol_authenticator - Global EAPOL authenticator data 32 */ 33 struct eapol_authenticator { 34 struct eapol_auth_config conf; 35 struct eapol_auth_cb cb; 36 37 u8 *default_wep_key; 38 u8 default_wep_key_idx; 39 }; 40 41 42 /** 43 * struct eapol_state_machine - Per-Supplicant Authenticator state machines 44 */ 45 struct eapol_state_machine { 46 /* timers */ 47 int aWhile; 48 int quietWhile; 49 int reAuthWhen; 50 51 /* global variables */ 52 Boolean authAbort; 53 Boolean authFail; 54 PortState authPortStatus; 55 Boolean authStart; 56 Boolean authTimeout; 57 Boolean authSuccess; 58 Boolean eapolEap; 59 Boolean initialize; 60 Boolean keyDone; 61 Boolean keyRun; 62 Boolean keyTxEnabled; 63 PortTypes portControl; 64 Boolean portValid; 65 Boolean reAuthenticate; 66 67 /* Port Timers state machine */ 68 /* 'Boolean tick' implicitly handled as registered timeout */ 69 70 /* Authenticator PAE state machine */ 71 enum { AUTH_PAE_INITIALIZE, AUTH_PAE_DISCONNECTED, AUTH_PAE_CONNECTING, 72 AUTH_PAE_AUTHENTICATING, AUTH_PAE_AUTHENTICATED, 73 AUTH_PAE_ABORTING, AUTH_PAE_HELD, AUTH_PAE_FORCE_AUTH, 74 AUTH_PAE_FORCE_UNAUTH, AUTH_PAE_RESTART } auth_pae_state; 75 /* variables */ 76 Boolean eapolLogoff; 77 Boolean eapolStart; 78 PortTypes portMode; 79 unsigned int reAuthCount; 80 /* constants */ 81 unsigned int quietPeriod; /* default 60; 0..65535 */ 82 #define AUTH_PAE_DEFAULT_quietPeriod 60 83 unsigned int reAuthMax; /* default 2 */ 84 #define AUTH_PAE_DEFAULT_reAuthMax 2 85 /* counters */ 86 Counter authEntersConnecting; 87 Counter authEapLogoffsWhileConnecting; 88 Counter authEntersAuthenticating; 89 Counter authAuthSuccessesWhileAuthenticating; 90 Counter authAuthTimeoutsWhileAuthenticating; 91 Counter authAuthFailWhileAuthenticating; 92 Counter authAuthEapStartsWhileAuthenticating; 93 Counter authAuthEapLogoffWhileAuthenticating; 94 Counter authAuthReauthsWhileAuthenticated; 95 Counter authAuthEapStartsWhileAuthenticated; 96 Counter authAuthEapLogoffWhileAuthenticated; 97 98 /* Backend Authentication state machine */ 99 enum { BE_AUTH_REQUEST, BE_AUTH_RESPONSE, BE_AUTH_SUCCESS, 100 BE_AUTH_FAIL, BE_AUTH_TIMEOUT, BE_AUTH_IDLE, BE_AUTH_INITIALIZE, 101 BE_AUTH_IGNORE 102 } be_auth_state; 103 /* constants */ 104 unsigned int serverTimeout; /* default 30; 1..X */ 105 #define BE_AUTH_DEFAULT_serverTimeout 30 106 /* counters */ 107 Counter backendResponses; 108 Counter backendAccessChallenges; 109 Counter backendOtherRequestsToSupplicant; 110 Counter backendAuthSuccesses; 111 Counter backendAuthFails; 112 113 /* Reauthentication Timer state machine */ 114 enum { REAUTH_TIMER_INITIALIZE, REAUTH_TIMER_REAUTHENTICATE 115 } reauth_timer_state; 116 /* constants */ 117 unsigned int reAuthPeriod; /* default 3600 s */ 118 Boolean reAuthEnabled; 119 120 /* Authenticator Key Transmit state machine */ 121 enum { AUTH_KEY_TX_NO_KEY_TRANSMIT, AUTH_KEY_TX_KEY_TRANSMIT 122 } auth_key_tx_state; 123 124 /* Key Receive state machine */ 125 enum { KEY_RX_NO_KEY_RECEIVE, KEY_RX_KEY_RECEIVE } key_rx_state; 126 /* variables */ 127 Boolean rxKey; 128 129 /* Controlled Directions state machine */ 130 enum { CTRL_DIR_FORCE_BOTH, CTRL_DIR_IN_OR_BOTH } ctrl_dir_state; 131 /* variables */ 132 ControlledDirection adminControlledDirections; 133 ControlledDirection operControlledDirections; 134 Boolean operEdge; 135 136 /* Authenticator Statistics Table */ 137 Counter dot1xAuthEapolFramesRx; 138 Counter dot1xAuthEapolFramesTx; 139 Counter dot1xAuthEapolStartFramesRx; 140 Counter dot1xAuthEapolLogoffFramesRx; 141 Counter dot1xAuthEapolRespIdFramesRx; 142 Counter dot1xAuthEapolRespFramesRx; 143 Counter dot1xAuthEapolReqIdFramesTx; 144 Counter dot1xAuthEapolReqFramesTx; 145 Counter dot1xAuthInvalidEapolFramesRx; 146 Counter dot1xAuthEapLengthErrorFramesRx; 147 Counter dot1xAuthLastEapolFrameVersion; 148 149 /* Other variables - not defined in IEEE 802.1X */ 150 u8 addr[ETH_ALEN]; /* Supplicant address */ 151 int flags; /* EAPOL_SM_* */ 152 153 /* EAPOL/AAA <-> EAP full authenticator interface */ 154 struct eap_eapol_interface *eap_if; 155 156 int radius_identifier; 157 /* TODO: check when the last messages can be released */ 158 struct radius_msg *last_recv_radius; 159 u8 last_eap_id; /* last used EAP Identifier */ 160 u8 *identity; 161 size_t identity_len; 162 u8 eap_type_authsrv; /* EAP type of the last EAP packet from 163 * Authentication server */ 164 u8 eap_type_supp; /* EAP type of the last EAP packet from Supplicant */ 165 struct radius_class_data radius_class; 166 167 /* Keys for encrypting and signing EAPOL-Key frames */ 168 u8 *eapol_key_sign; 169 size_t eapol_key_sign_len; 170 u8 *eapol_key_crypt; 171 size_t eapol_key_crypt_len; 172 173 struct eap_sm *eap; 174 175 Boolean initializing; /* in process of initializing state machines */ 176 Boolean changed; 177 178 struct eapol_authenticator *eapol; 179 180 void *sta; /* station context pointer to use in callbacks */ 181 }; 182 183 #endif /* EAPOL_AUTH_SM_I_H */ 184