• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * hostapd / EAP Full Authenticator state machine (RFC 4137)
3  * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #ifndef EAP_H
10 #define EAP_H
11 
12 #include "common/defs.h"
13 #include "eap_common/eap_defs.h"
14 #include "eap_server/eap_methods.h"
15 #include "wpabuf.h"
16 
17 struct eap_sm;
18 
19 #define EAP_TTLS_AUTH_PAP 1
20 #define EAP_TTLS_AUTH_CHAP 2
21 #define EAP_TTLS_AUTH_MSCHAP 4
22 #define EAP_TTLS_AUTH_MSCHAPV2 8
23 
24 struct eap_user {
25 	struct {
26 		int vendor;
27 		u32 method;
28 	} methods[EAP_MAX_METHODS];
29 	u8 *password;
30 	size_t password_len;
31 	int password_hash; /* whether password is hashed with
32 			    * nt_password_hash() */
33 	int phase2;
34 	int force_version;
35 	unsigned int remediation:1;
36 	unsigned int macacl:1;
37 	int ttls_auth; /* bitfield of
38 			* EAP_TTLS_AUTH_{PAP,CHAP,MSCHAP,MSCHAPV2} */
39 	struct hostapd_radius_attr *accept_attr;
40 };
41 
42 struct eap_eapol_interface {
43 	/* Lower layer to full authenticator variables */
44 	Boolean eapResp; /* shared with EAPOL Backend Authentication */
45 	struct wpabuf *eapRespData;
46 	Boolean portEnabled;
47 	int retransWhile;
48 	Boolean eapRestart; /* shared with EAPOL Authenticator PAE */
49 	int eapSRTT;
50 	int eapRTTVAR;
51 
52 	/* Full authenticator to lower layer variables */
53 	Boolean eapReq; /* shared with EAPOL Backend Authentication */
54 	Boolean eapNoReq; /* shared with EAPOL Backend Authentication */
55 	Boolean eapSuccess;
56 	Boolean eapFail;
57 	Boolean eapTimeout;
58 	struct wpabuf *eapReqData;
59 	u8 *eapKeyData;
60 	size_t eapKeyDataLen;
61 	Boolean eapKeyAvailable; /* called keyAvailable in IEEE 802.1X-2004 */
62 
63 	/* AAA interface to full authenticator variables */
64 	Boolean aaaEapReq;
65 	Boolean aaaEapNoReq;
66 	Boolean aaaSuccess;
67 	Boolean aaaFail;
68 	struct wpabuf *aaaEapReqData;
69 	u8 *aaaEapKeyData;
70 	size_t aaaEapKeyDataLen;
71 	Boolean aaaEapKeyAvailable;
72 	int aaaMethodTimeout;
73 
74 	/* Full authenticator to AAA interface variables */
75 	Boolean aaaEapResp;
76 	struct wpabuf *aaaEapRespData;
77 	/* aaaIdentity -> eap_get_identity() */
78 	Boolean aaaTimeout;
79 };
80 
81 struct eapol_callbacks {
82 	int (*get_eap_user)(void *ctx, const u8 *identity, size_t identity_len,
83 			    int phase2, struct eap_user *user);
84 	const char * (*get_eap_req_id_text)(void *ctx, size_t *len);
85 	void (*log_msg)(void *ctx, const char *msg);
86 };
87 
88 struct eap_config {
89 	void *ssl_ctx;
90 	void *msg_ctx;
91 	void *eap_sim_db_priv;
92 	Boolean backend_auth;
93 	int eap_server;
94 	u16 pwd_group;
95 	u8 *pac_opaque_encr_key;
96 	u8 *eap_fast_a_id;
97 	size_t eap_fast_a_id_len;
98 	char *eap_fast_a_id_info;
99 	int eap_fast_prov;
100 	int pac_key_lifetime;
101 	int pac_key_refresh_time;
102 	int eap_sim_aka_result_ind;
103 	int tnc;
104 	struct wps_context *wps;
105 	const struct wpabuf *assoc_wps_ie;
106 	const struct wpabuf *assoc_p2p_ie;
107 	const u8 *peer_addr;
108 	int fragment_size;
109 
110 	int pbc_in_m1;
111 
112 	const u8 *server_id;
113 	size_t server_id_len;
114 
115 #ifdef CONFIG_TESTING_OPTIONS
116 	u32 tls_test_flags;
117 #endif /* CONFIG_TESTING_OPTIONS */
118 };
119 
120 
121 struct eap_sm * eap_server_sm_init(void *eapol_ctx,
122 				   struct eapol_callbacks *eapol_cb,
123 				   struct eap_config *eap_conf);
124 void eap_server_sm_deinit(struct eap_sm *sm);
125 int eap_server_sm_step(struct eap_sm *sm);
126 void eap_sm_notify_cached(struct eap_sm *sm);
127 void eap_sm_pending_cb(struct eap_sm *sm);
128 int eap_sm_method_pending(struct eap_sm *sm);
129 const u8 * eap_get_identity(struct eap_sm *sm, size_t *len);
130 struct eap_eapol_interface * eap_get_interface(struct eap_sm *sm);
131 void eap_server_clear_identity(struct eap_sm *sm);
132 
133 #endif /* EAP_H */
134