1 /* 2 * hostapd / EAP Full Authenticator state machine (RFC 4137) 3 * Copyright (c) 2004-2014, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #ifndef EAP_H 10 #define EAP_H 11 12 #include "common/defs.h" 13 #include "utils/list.h" 14 #include "eap_common/eap_defs.h" 15 #include "eap_server/eap_methods.h" 16 #include "wpabuf.h" 17 18 struct eap_sm; 19 20 #define EAP_TTLS_AUTH_PAP 1 21 #define EAP_TTLS_AUTH_CHAP 2 22 #define EAP_TTLS_AUTH_MSCHAP 4 23 #define EAP_TTLS_AUTH_MSCHAPV2 8 24 25 struct eap_user { 26 struct { 27 int vendor; 28 u32 method; 29 } methods[EAP_MAX_METHODS]; 30 u8 *password; 31 size_t password_len; 32 int password_hash; /* whether password is hashed with 33 * nt_password_hash() */ 34 int phase2; 35 int force_version; 36 unsigned int remediation:1; 37 unsigned int macacl:1; 38 int ttls_auth; /* bitfield of 39 * EAP_TTLS_AUTH_{PAP,CHAP,MSCHAP,MSCHAPV2} */ 40 struct hostapd_radius_attr *accept_attr; 41 }; 42 43 struct eap_eapol_interface { 44 /* Lower layer to full authenticator variables */ 45 Boolean eapResp; /* shared with EAPOL Backend Authentication */ 46 struct wpabuf *eapRespData; 47 Boolean portEnabled; 48 int retransWhile; 49 Boolean eapRestart; /* shared with EAPOL Authenticator PAE */ 50 int eapSRTT; 51 int eapRTTVAR; 52 53 /* Full authenticator to lower layer variables */ 54 Boolean eapReq; /* shared with EAPOL Backend Authentication */ 55 Boolean eapNoReq; /* shared with EAPOL Backend Authentication */ 56 Boolean eapSuccess; 57 Boolean eapFail; 58 Boolean eapTimeout; 59 struct wpabuf *eapReqData; 60 u8 *eapKeyData; 61 size_t eapKeyDataLen; 62 u8 *eapSessionId; 63 size_t eapSessionIdLen; 64 Boolean eapKeyAvailable; /* called keyAvailable in IEEE 802.1X-2004 */ 65 66 /* AAA interface to full authenticator variables */ 67 Boolean aaaEapReq; 68 Boolean aaaEapNoReq; 69 Boolean aaaSuccess; 70 Boolean aaaFail; 71 struct wpabuf *aaaEapReqData; 72 u8 *aaaEapKeyData; 73 size_t aaaEapKeyDataLen; 74 Boolean aaaEapKeyAvailable; 75 int aaaMethodTimeout; 76 77 /* Full authenticator to AAA interface variables */ 78 Boolean aaaEapResp; 79 struct wpabuf *aaaEapRespData; 80 /* aaaIdentity -> eap_get_identity() */ 81 Boolean aaaTimeout; 82 }; 83 84 struct eap_server_erp_key { 85 struct dl_list list; 86 size_t rRK_len; 87 size_t rIK_len; 88 u8 rRK[ERP_MAX_KEY_LEN]; 89 u8 rIK[ERP_MAX_KEY_LEN]; 90 u32 recv_seq; 91 u8 cryptosuite; 92 char keyname_nai[]; 93 }; 94 95 struct eapol_callbacks { 96 int (*get_eap_user)(void *ctx, const u8 *identity, size_t identity_len, 97 int phase2, struct eap_user *user); 98 const char * (*get_eap_req_id_text)(void *ctx, size_t *len); 99 void (*log_msg)(void *ctx, const char *msg); 100 int (*get_erp_send_reauth_start)(void *ctx); 101 const char * (*get_erp_domain)(void *ctx); 102 struct eap_server_erp_key * (*erp_get_key)(void *ctx, 103 const char *keyname); 104 int (*erp_add_key)(void *ctx, struct eap_server_erp_key *erp); 105 }; 106 107 struct eap_config { 108 void *ssl_ctx; 109 void *msg_ctx; 110 void *eap_sim_db_priv; 111 Boolean backend_auth; 112 int eap_server; 113 u16 pwd_group; 114 u8 *pac_opaque_encr_key; 115 u8 *eap_fast_a_id; 116 size_t eap_fast_a_id_len; 117 char *eap_fast_a_id_info; 118 int eap_fast_prov; 119 int pac_key_lifetime; 120 int pac_key_refresh_time; 121 int eap_sim_aka_result_ind; 122 int tnc; 123 struct wps_context *wps; 124 const struct wpabuf *assoc_wps_ie; 125 const struct wpabuf *assoc_p2p_ie; 126 const u8 *peer_addr; 127 int fragment_size; 128 129 int pbc_in_m1; 130 131 const u8 *server_id; 132 size_t server_id_len; 133 int erp; 134 unsigned int tls_session_lifetime; 135 136 #ifdef CONFIG_TESTING_OPTIONS 137 u32 tls_test_flags; 138 #endif /* CONFIG_TESTING_OPTIONS */ 139 }; 140 141 142 struct eap_sm * eap_server_sm_init(void *eapol_ctx, 143 const struct eapol_callbacks *eapol_cb, 144 struct eap_config *eap_conf); 145 void eap_server_sm_deinit(struct eap_sm *sm); 146 int eap_server_sm_step(struct eap_sm *sm); 147 void eap_sm_notify_cached(struct eap_sm *sm); 148 void eap_sm_pending_cb(struct eap_sm *sm); 149 int eap_sm_method_pending(struct eap_sm *sm); 150 const u8 * eap_get_identity(struct eap_sm *sm, size_t *len); 151 struct eap_eapol_interface * eap_get_interface(struct eap_sm *sm); 152 void eap_server_clear_identity(struct eap_sm *sm); 153 void eap_server_mschap_rx_callback(struct eap_sm *sm, const char *source, 154 const u8 *username, size_t username_len, 155 const u8 *challenge, const u8 *response); 156 void eap_erp_update_identity(struct eap_sm *sm, const u8 *eap, size_t len); 157 158 #endif /* EAP_H */ 159