1 /* 2 * hostapd / EAP Full Authenticator state machine (RFC 4137) 3 * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #ifndef EAP_H 10 #define EAP_H 11 12 #include "common/defs.h" 13 #include "eap_common/eap_defs.h" 14 #include "eap_server/eap_methods.h" 15 #include "wpabuf.h" 16 17 struct eap_sm; 18 19 #define EAP_TTLS_AUTH_PAP 1 20 #define EAP_TTLS_AUTH_CHAP 2 21 #define EAP_TTLS_AUTH_MSCHAP 4 22 #define EAP_TTLS_AUTH_MSCHAPV2 8 23 24 struct eap_user { 25 struct { 26 int vendor; 27 u32 method; 28 } methods[EAP_MAX_METHODS]; 29 u8 *password; 30 size_t password_len; 31 int password_hash; /* whether password is hashed with 32 * nt_password_hash() */ 33 int phase2; 34 int force_version; 35 unsigned int remediation:1; 36 unsigned int macacl:1; 37 int ttls_auth; /* bitfield of 38 * EAP_TTLS_AUTH_{PAP,CHAP,MSCHAP,MSCHAPV2} */ 39 struct hostapd_radius_attr *accept_attr; 40 }; 41 42 struct eap_eapol_interface { 43 /* Lower layer to full authenticator variables */ 44 Boolean eapResp; /* shared with EAPOL Backend Authentication */ 45 struct wpabuf *eapRespData; 46 Boolean portEnabled; 47 int retransWhile; 48 Boolean eapRestart; /* shared with EAPOL Authenticator PAE */ 49 int eapSRTT; 50 int eapRTTVAR; 51 52 /* Full authenticator to lower layer variables */ 53 Boolean eapReq; /* shared with EAPOL Backend Authentication */ 54 Boolean eapNoReq; /* shared with EAPOL Backend Authentication */ 55 Boolean eapSuccess; 56 Boolean eapFail; 57 Boolean eapTimeout; 58 struct wpabuf *eapReqData; 59 u8 *eapKeyData; 60 size_t eapKeyDataLen; 61 Boolean eapKeyAvailable; /* called keyAvailable in IEEE 802.1X-2004 */ 62 63 /* AAA interface to full authenticator variables */ 64 Boolean aaaEapReq; 65 Boolean aaaEapNoReq; 66 Boolean aaaSuccess; 67 Boolean aaaFail; 68 struct wpabuf *aaaEapReqData; 69 u8 *aaaEapKeyData; 70 size_t aaaEapKeyDataLen; 71 Boolean aaaEapKeyAvailable; 72 int aaaMethodTimeout; 73 74 /* Full authenticator to AAA interface variables */ 75 Boolean aaaEapResp; 76 struct wpabuf *aaaEapRespData; 77 /* aaaIdentity -> eap_get_identity() */ 78 Boolean aaaTimeout; 79 }; 80 81 struct eapol_callbacks { 82 int (*get_eap_user)(void *ctx, const u8 *identity, size_t identity_len, 83 int phase2, struct eap_user *user); 84 const char * (*get_eap_req_id_text)(void *ctx, size_t *len); 85 void (*log_msg)(void *ctx, const char *msg); 86 }; 87 88 struct eap_config { 89 void *ssl_ctx; 90 void *msg_ctx; 91 void *eap_sim_db_priv; 92 Boolean backend_auth; 93 int eap_server; 94 u16 pwd_group; 95 u8 *pac_opaque_encr_key; 96 u8 *eap_fast_a_id; 97 size_t eap_fast_a_id_len; 98 char *eap_fast_a_id_info; 99 int eap_fast_prov; 100 int pac_key_lifetime; 101 int pac_key_refresh_time; 102 int eap_sim_aka_result_ind; 103 int tnc; 104 struct wps_context *wps; 105 const struct wpabuf *assoc_wps_ie; 106 const struct wpabuf *assoc_p2p_ie; 107 const u8 *peer_addr; 108 int fragment_size; 109 110 int pbc_in_m1; 111 112 const u8 *server_id; 113 size_t server_id_len; 114 115 #ifdef CONFIG_TESTING_OPTIONS 116 u32 tls_test_flags; 117 #endif /* CONFIG_TESTING_OPTIONS */ 118 }; 119 120 121 struct eap_sm * eap_server_sm_init(void *eapol_ctx, 122 struct eapol_callbacks *eapol_cb, 123 struct eap_config *eap_conf); 124 void eap_server_sm_deinit(struct eap_sm *sm); 125 int eap_server_sm_step(struct eap_sm *sm); 126 void eap_sm_notify_cached(struct eap_sm *sm); 127 void eap_sm_pending_cb(struct eap_sm *sm); 128 int eap_sm_method_pending(struct eap_sm *sm); 129 const u8 * eap_get_identity(struct eap_sm *sm, size_t *len); 130 struct eap_eapol_interface * eap_get_interface(struct eap_sm *sm); 131 void eap_server_clear_identity(struct eap_sm *sm); 132 133 #endif /* EAP_H */ 134