• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1  /*
2   * hostapd / EAP Authenticator state machine internal structures (RFC 4137)
3   * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
4   *
5   * This software may be distributed under the terms of the BSD license.
6   * See README for more details.
7   */
8  
9  #ifndef EAP_I_H
10  #define EAP_I_H
11  
12  #include "wpabuf.h"
13  #include "eap_server/eap.h"
14  #include "eap_common/eap_common.h"
15  
16  /* RFC 4137 - EAP Standalone Authenticator */
17  
18  /**
19   * struct eap_method - EAP method interface
20   * This structure defines the EAP method interface. Each method will need to
21   * register its own EAP type, EAP name, and set of function pointers for method
22   * specific operations. This interface is based on section 5.4 of RFC 4137.
23   */
24  struct eap_method {
25  	int vendor;
26  	EapType method;
27  	const char *name;
28  
29  	void * (*init)(struct eap_sm *sm);
30  	void * (*initPickUp)(struct eap_sm *sm);
31  	void (*reset)(struct eap_sm *sm, void *priv);
32  
33  	struct wpabuf * (*buildReq)(struct eap_sm *sm, void *priv, u8 id);
34  	int (*getTimeout)(struct eap_sm *sm, void *priv);
35  	Boolean (*check)(struct eap_sm *sm, void *priv,
36  			 struct wpabuf *respData);
37  	void (*process)(struct eap_sm *sm, void *priv,
38  			struct wpabuf *respData);
39  	Boolean (*isDone)(struct eap_sm *sm, void *priv);
40  	u8 * (*getKey)(struct eap_sm *sm, void *priv, size_t *len);
41  	/* isSuccess is not specified in draft-ietf-eap-statemachine-05.txt,
42  	 * but it is useful in implementing Policy.getDecision() */
43  	Boolean (*isSuccess)(struct eap_sm *sm, void *priv);
44  
45  	/**
46  	 * free - Free EAP method data
47  	 * @method: Pointer to the method data registered with
48  	 * eap_server_method_register().
49  	 *
50  	 * This function will be called when the EAP method is being
51  	 * unregistered. If the EAP method allocated resources during
52  	 * registration (e.g., allocated struct eap_method), they should be
53  	 * freed in this function. No other method functions will be called
54  	 * after this call. If this function is not defined (i.e., function
55  	 * pointer is %NULL), a default handler is used to release the method
56  	 * data with free(method). This is suitable for most cases.
57  	 */
58  	void (*free)(struct eap_method *method);
59  
60  #define EAP_SERVER_METHOD_INTERFACE_VERSION 1
61  	/**
62  	 * version - Version of the EAP server method interface
63  	 *
64  	 * The EAP server method implementation should set this variable to
65  	 * EAP_SERVER_METHOD_INTERFACE_VERSION. This is used to verify that the
66  	 * EAP method is using supported API version when using dynamically
67  	 * loadable EAP methods.
68  	 */
69  	int version;
70  
71  	/**
72  	 * next - Pointer to the next EAP method
73  	 *
74  	 * This variable is used internally in the EAP method registration code
75  	 * to create a linked list of registered EAP methods.
76  	 */
77  	struct eap_method *next;
78  
79  	/**
80  	 * get_emsk - Get EAP method specific keying extended material (EMSK)
81  	 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
82  	 * @priv: Pointer to private EAP method data from eap_method::init()
83  	 * @len: Pointer to a variable to store EMSK length
84  	 * Returns: EMSK or %NULL if not available
85  	 *
86  	 * This function can be used to get the extended keying material from
87  	 * the EAP method. The key may already be stored in the method-specific
88  	 * private data or this function may derive the key.
89  	 */
90  	u8 * (*get_emsk)(struct eap_sm *sm, void *priv, size_t *len);
91  
92  	/**
93  	 * getSessionId - Get EAP method specific Session-Id
94  	 * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
95  	 * @priv: Pointer to private EAP method data from eap_method::init()
96  	 * @len: Pointer to a variable to store Session-Id length
97  	 * Returns: Session-Id or %NULL if not available
98  	 *
99  	 * This function can be used to get the Session-Id from the EAP method.
100  	 * The Session-Id may already be stored in the method-specific private
101  	 * data or this function may derive the Session-Id.
102  	 */
103  	u8 * (*getSessionId)(struct eap_sm *sm, void *priv, size_t *len);
104  };
105  
106  /**
107   * struct eap_sm - EAP server state machine data
108   */
109  struct eap_sm {
110  	enum {
111  		EAP_DISABLED, EAP_INITIALIZE, EAP_IDLE, EAP_RECEIVED,
112  		EAP_INTEGRITY_CHECK, EAP_METHOD_RESPONSE, EAP_METHOD_REQUEST,
113  		EAP_PROPOSE_METHOD, EAP_SELECT_ACTION, EAP_SEND_REQUEST,
114  		EAP_DISCARD, EAP_NAK, EAP_RETRANSMIT, EAP_SUCCESS, EAP_FAILURE,
115  		EAP_TIMEOUT_FAILURE, EAP_PICK_UP_METHOD,
116  		EAP_INITIALIZE_PASSTHROUGH, EAP_IDLE2, EAP_RETRANSMIT2,
117  		EAP_RECEIVED2, EAP_DISCARD2, EAP_SEND_REQUEST2,
118  		EAP_AAA_REQUEST, EAP_AAA_RESPONSE, EAP_AAA_IDLE,
119  		EAP_TIMEOUT_FAILURE2, EAP_FAILURE2, EAP_SUCCESS2,
120  		EAP_INITIATE_REAUTH_START, EAP_INITIATE_RECEIVED
121  	} EAP_state;
122  
123  	/* Constants */
124  	int MaxRetrans;
125  
126  	struct eap_eapol_interface eap_if;
127  
128  	/* Full authenticator state machine local variables */
129  
130  	/* Long-term (maintained between packets) */
131  	EapType currentMethod;
132  	int currentId;
133  	enum {
134  		METHOD_PROPOSED, METHOD_CONTINUE, METHOD_END
135  	} methodState;
136  	int retransCount;
137  	struct wpabuf *lastReqData;
138  	int methodTimeout;
139  
140  	/* Short-term (not maintained between packets) */
141  	Boolean rxResp;
142  	Boolean rxInitiate;
143  	int respId;
144  	EapType respMethod;
145  	int respVendor;
146  	u32 respVendorMethod;
147  	Boolean ignore;
148  	enum {
149  		DECISION_SUCCESS, DECISION_FAILURE, DECISION_CONTINUE,
150  		DECISION_PASSTHROUGH, DECISION_INITIATE_REAUTH_START
151  	} decision;
152  
153  	/* Miscellaneous variables */
154  	const struct eap_method *m; /* selected EAP method */
155  	/* not defined in RFC 4137 */
156  	Boolean changed;
157  	void *eapol_ctx, *msg_ctx;
158  	const struct eapol_callbacks *eapol_cb;
159  	void *eap_method_priv;
160  	u8 *identity;
161  	size_t identity_len;
162  	/* Whether Phase 2 method should validate identity match */
163  	int require_identity_match;
164  	int lastId; /* Identifier used in the last EAP-Packet */
165  	struct eap_user *user;
166  	int user_eap_method_index;
167  	int init_phase2;
168  	void *ssl_ctx;
169  	struct eap_sim_db_data *eap_sim_db_priv;
170  	Boolean backend_auth;
171  	Boolean update_user;
172  	int eap_server;
173  
174  	int num_rounds;
175  	enum {
176  		METHOD_PENDING_NONE, METHOD_PENDING_WAIT, METHOD_PENDING_CONT
177  	} method_pending;
178  
179  	u8 *auth_challenge;
180  	u8 *peer_challenge;
181  
182  	u8 *pac_opaque_encr_key;
183  	u8 *eap_fast_a_id;
184  	size_t eap_fast_a_id_len;
185  	char *eap_fast_a_id_info;
186  	enum {
187  		NO_PROV, ANON_PROV, AUTH_PROV, BOTH_PROV
188  	} eap_fast_prov;
189  	int pac_key_lifetime;
190  	int pac_key_refresh_time;
191  	int eap_sim_aka_result_ind;
192  	int tnc;
193  	u16 pwd_group;
194  	struct wps_context *wps;
195  	struct wpabuf *assoc_wps_ie;
196  	struct wpabuf *assoc_p2p_ie;
197  
198  	Boolean start_reauth;
199  
200  	u8 peer_addr[ETH_ALEN];
201  
202  	/* Fragmentation size for EAP method init() handler */
203  	int fragment_size;
204  
205  	int pbc_in_m1;
206  
207  	const u8 *server_id;
208  	size_t server_id_len;
209  
210  	Boolean initiate_reauth_start_sent;
211  	Boolean try_initiate_reauth;
212  	int erp;
213  	unsigned int tls_session_lifetime;
214  
215  #ifdef CONFIG_TESTING_OPTIONS
216  	u32 tls_test_flags;
217  #endif /* CONFIG_TESTING_OPTIONS */
218  };
219  
220  int eap_user_get(struct eap_sm *sm, const u8 *identity, size_t identity_len,
221  		 int phase2);
222  void eap_log_msg(struct eap_sm *sm, const char *fmt, ...)
223  PRINTF_FORMAT(2, 3);
224  void eap_sm_process_nak(struct eap_sm *sm, const u8 *nak_list, size_t len);
225  
226  #endif /* EAP_I_H */
227