1189251Ssam/* 2189251Ssam * hostapd / EAP Full Authenticator state machine (RFC 4137) 3189251Ssam * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi> 4189251Ssam * 5252726Srpaulo * This software may be distributed under the terms of the BSD license. 6252726Srpaulo * See README for more details. 7189251Ssam */ 8189251Ssam 9189251Ssam#ifndef EAP_H 10189251Ssam#define EAP_H 11189251Ssam 12214734Srpaulo#include "common/defs.h" 13189251Ssam#include "eap_common/eap_defs.h" 14189251Ssam#include "eap_server/eap_methods.h" 15189251Ssam#include "wpabuf.h" 16189251Ssam 17189251Ssamstruct eap_sm; 18189251Ssam 19189251Ssam#define EAP_TTLS_AUTH_PAP 1 20189251Ssam#define EAP_TTLS_AUTH_CHAP 2 21189251Ssam#define EAP_TTLS_AUTH_MSCHAP 4 22189251Ssam#define EAP_TTLS_AUTH_MSCHAPV2 8 23189251Ssam 24189251Ssamstruct eap_user { 25189251Ssam struct { 26189251Ssam int vendor; 27189251Ssam u32 method; 28189251Ssam } methods[EAP_MAX_METHODS]; 29189251Ssam u8 *password; 30189251Ssam size_t password_len; 31189251Ssam int password_hash; /* whether password is hashed with 32189251Ssam * nt_password_hash() */ 33189251Ssam int phase2; 34189251Ssam int force_version; 35189251Ssam int ttls_auth; /* bitfield of 36189251Ssam * EAP_TTLS_AUTH_{PAP,CHAP,MSCHAP,MSCHAPV2} */ 37189251Ssam}; 38189251Ssam 39189251Ssamstruct eap_eapol_interface { 40189251Ssam /* Lower layer to full authenticator variables */ 41189251Ssam Boolean eapResp; /* shared with EAPOL Backend Authentication */ 42189251Ssam struct wpabuf *eapRespData; 43189251Ssam Boolean portEnabled; 44189251Ssam int retransWhile; 45189251Ssam Boolean eapRestart; /* shared with EAPOL Authenticator PAE */ 46189251Ssam int eapSRTT; 47189251Ssam int eapRTTVAR; 48189251Ssam 49189251Ssam /* Full authenticator to lower layer variables */ 50189251Ssam Boolean eapReq; /* shared with EAPOL Backend Authentication */ 51189251Ssam Boolean eapNoReq; /* shared with EAPOL Backend Authentication */ 52189251Ssam Boolean eapSuccess; 53189251Ssam Boolean eapFail; 54189251Ssam Boolean eapTimeout; 55189251Ssam struct wpabuf *eapReqData; 56189251Ssam u8 *eapKeyData; 57189251Ssam size_t eapKeyDataLen; 58189251Ssam Boolean eapKeyAvailable; /* called keyAvailable in IEEE 802.1X-2004 */ 59189251Ssam 60189251Ssam /* AAA interface to full authenticator variables */ 61189251Ssam Boolean aaaEapReq; 62189251Ssam Boolean aaaEapNoReq; 63189251Ssam Boolean aaaSuccess; 64189251Ssam Boolean aaaFail; 65189251Ssam struct wpabuf *aaaEapReqData; 66189251Ssam u8 *aaaEapKeyData; 67189251Ssam size_t aaaEapKeyDataLen; 68189251Ssam Boolean aaaEapKeyAvailable; 69189251Ssam int aaaMethodTimeout; 70189251Ssam 71189251Ssam /* Full authenticator to AAA interface variables */ 72189251Ssam Boolean aaaEapResp; 73189251Ssam struct wpabuf *aaaEapRespData; 74189251Ssam /* aaaIdentity -> eap_get_identity() */ 75189251Ssam Boolean aaaTimeout; 76189251Ssam}; 77189251Ssam 78189251Ssamstruct eapol_callbacks { 79189251Ssam int (*get_eap_user)(void *ctx, const u8 *identity, size_t identity_len, 80189251Ssam int phase2, struct eap_user *user); 81189251Ssam const char * (*get_eap_req_id_text)(void *ctx, size_t *len); 82189251Ssam}; 83189251Ssam 84189251Ssamstruct eap_config { 85189251Ssam void *ssl_ctx; 86214734Srpaulo void *msg_ctx; 87189251Ssam void *eap_sim_db_priv; 88189251Ssam Boolean backend_auth; 89189251Ssam int eap_server; 90252726Srpaulo u16 pwd_group; 91189251Ssam u8 *pac_opaque_encr_key; 92189251Ssam u8 *eap_fast_a_id; 93189251Ssam size_t eap_fast_a_id_len; 94189251Ssam char *eap_fast_a_id_info; 95189251Ssam int eap_fast_prov; 96189251Ssam int pac_key_lifetime; 97189251Ssam int pac_key_refresh_time; 98189251Ssam int eap_sim_aka_result_ind; 99189251Ssam int tnc; 100189251Ssam struct wps_context *wps; 101189251Ssam const struct wpabuf *assoc_wps_ie; 102252726Srpaulo const struct wpabuf *assoc_p2p_ie; 103214734Srpaulo const u8 *peer_addr; 104252726Srpaulo int fragment_size; 105252726Srpaulo 106252726Srpaulo int pbc_in_m1; 107189251Ssam}; 108189251Ssam 109189251Ssam 110189251Ssamstruct eap_sm * eap_server_sm_init(void *eapol_ctx, 111189251Ssam struct eapol_callbacks *eapol_cb, 112189251Ssam struct eap_config *eap_conf); 113189251Ssamvoid eap_server_sm_deinit(struct eap_sm *sm); 114189251Ssamint eap_server_sm_step(struct eap_sm *sm); 115189251Ssamvoid eap_sm_notify_cached(struct eap_sm *sm); 116189251Ssamvoid eap_sm_pending_cb(struct eap_sm *sm); 117189251Ssamint eap_sm_method_pending(struct eap_sm *sm); 118189251Ssamconst u8 * eap_get_identity(struct eap_sm *sm, size_t *len); 119189251Ssamstruct eap_eapol_interface * eap_get_interface(struct eap_sm *sm); 120252726Srpaulovoid eap_server_clear_identity(struct eap_sm *sm); 121189251Ssam 122189251Ssam#endif /* EAP_H */ 123