eapol_auth_sm_i.h revision 214501
11556Srgrimes/* 21556Srgrimes * IEEE 802.1X-2004 Authenticator - EAPOL state machine (internal definitions) 31556Srgrimes * Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi> 41556Srgrimes * 51556Srgrimes * This program is free software; you can redistribute it and/or modify 61556Srgrimes * it under the terms of the GNU General Public License version 2 as 71556Srgrimes * published by the Free Software Foundation. 81556Srgrimes * 91556Srgrimes * Alternatively, this software may be distributed under the terms of BSD 101556Srgrimes * license. 111556Srgrimes * 121556Srgrimes * See README and COPYING for more details. 131556Srgrimes */ 141556Srgrimes 151556Srgrimes#ifndef EAPOL_AUTH_SM_I_H 161556Srgrimes#define EAPOL_AUTH_SM_I_H 171556Srgrimes 181556Srgrimes#include "common/defs.h" 191556Srgrimes#include "radius/radius.h" 201556Srgrimes 211556Srgrimes/* IEEE Std 802.1X-2004, Ch. 8.2 */ 221556Srgrimes 231556Srgrimestypedef enum { ForceUnauthorized = 1, ForceAuthorized = 3, Auto = 2 } 241556Srgrimes PortTypes; 251556Srgrimestypedef enum { Unauthorized = 2, Authorized = 1 } PortState; 261556Srgrimestypedef enum { Both = 0, In = 1 } ControlledDirection; 271556Srgrimestypedef unsigned int Counter; 281556Srgrimes 291556Srgrimes 301556Srgrimes/** 311556Srgrimes * struct eapol_authenticator - Global EAPOL authenticator data 321556Srgrimes */ 331556Srgrimesstruct eapol_authenticator { 341556Srgrimes struct eapol_auth_config conf; 351556Srgrimes struct eapol_auth_cb cb; 361556Srgrimes 371556Srgrimes u8 *default_wep_key; 3836150Scharnier u8 default_wep_key_idx; 3936150Scharnier}; 4036150Scharnier 4136150Scharnier 4236150Scharnier/** 431556Srgrimes * struct eapol_state_machine - Per-Supplicant Authenticator state machines 441556Srgrimes */ 451556Srgrimesstruct eapol_state_machine { 461556Srgrimes /* timers */ 471556Srgrimes int aWhile; 481556Srgrimes int quietWhile; 491556Srgrimes int reAuthWhen; 501556Srgrimes 511556Srgrimes /* global variables */ 521556Srgrimes Boolean authAbort; 531556Srgrimes Boolean authFail; 5417987Speter PortState authPortStatus; 551556Srgrimes Boolean authStart; 5617987Speter Boolean authTimeout; 571556Srgrimes Boolean authSuccess; 581556Srgrimes Boolean eapolEap; 591556Srgrimes Boolean initialize; 601556Srgrimes Boolean keyDone; 611556Srgrimes Boolean keyRun; 621556Srgrimes Boolean keyTxEnabled; 631556Srgrimes PortTypes portControl; 641556Srgrimes Boolean portValid; 651556Srgrimes Boolean reAuthenticate; 661556Srgrimes 671556Srgrimes /* Port Timers state machine */ 681556Srgrimes /* 'Boolean tick' implicitly handled as registered timeout */ 691556Srgrimes 701556Srgrimes /* Authenticator PAE state machine */ 7120425Ssteve enum { AUTH_PAE_INITIALIZE, AUTH_PAE_DISCONNECTED, AUTH_PAE_CONNECTING, 7220425Ssteve AUTH_PAE_AUTHENTICATING, AUTH_PAE_AUTHENTICATED, 731556Srgrimes AUTH_PAE_ABORTING, AUTH_PAE_HELD, AUTH_PAE_FORCE_AUTH, 741556Srgrimes AUTH_PAE_FORCE_UNAUTH, AUTH_PAE_RESTART } auth_pae_state; 751556Srgrimes /* variables */ 761556Srgrimes Boolean eapolLogoff; 771556Srgrimes Boolean eapolStart; 781556Srgrimes PortTypes portMode; 791556Srgrimes unsigned int reAuthCount; 8020425Ssteve /* constants */ 8117987Speter unsigned int quietPeriod; /* default 60; 0..65535 */ 8217987Speter#define AUTH_PAE_DEFAULT_quietPeriod 60 831556Srgrimes unsigned int reAuthMax; /* default 2 */ 841556Srgrimes#define AUTH_PAE_DEFAULT_reAuthMax 2 851556Srgrimes /* counters */ 861556Srgrimes Counter authEntersConnecting; 871556Srgrimes Counter authEapLogoffsWhileConnecting; 881556Srgrimes Counter authEntersAuthenticating; 891556Srgrimes Counter authAuthSuccessesWhileAuthenticating; 901556Srgrimes Counter authAuthTimeoutsWhileAuthenticating; 911556Srgrimes Counter authAuthFailWhileAuthenticating; 921556Srgrimes Counter authAuthEapStartsWhileAuthenticating; 931556Srgrimes Counter authAuthEapLogoffWhileAuthenticating; 941556Srgrimes Counter authAuthReauthsWhileAuthenticated; 951556Srgrimes Counter authAuthEapStartsWhileAuthenticated; 961556Srgrimes Counter authAuthEapLogoffWhileAuthenticated; 971556Srgrimes 981556Srgrimes /* Backend Authentication state machine */ 991556Srgrimes enum { BE_AUTH_REQUEST, BE_AUTH_RESPONSE, BE_AUTH_SUCCESS, 1001556Srgrimes BE_AUTH_FAIL, BE_AUTH_TIMEOUT, BE_AUTH_IDLE, BE_AUTH_INITIALIZE, 1011556Srgrimes BE_AUTH_IGNORE 10217987Speter } be_auth_state; 10317987Speter /* constants */ 1041556Srgrimes unsigned int serverTimeout; /* default 30; 1..X */ 1051556Srgrimes#define BE_AUTH_DEFAULT_serverTimeout 30 1061556Srgrimes /* counters */ 1071556Srgrimes Counter backendResponses; 1081556Srgrimes Counter backendAccessChallenges; 10917987Speter Counter backendOtherRequestsToSupplicant; 11017987Speter Counter backendAuthSuccesses; 11120425Ssteve Counter backendAuthFails; 1121556Srgrimes 1131556Srgrimes /* Reauthentication Timer state machine */ 1141556Srgrimes enum { REAUTH_TIMER_INITIALIZE, REAUTH_TIMER_REAUTHENTICATE 1151556Srgrimes } reauth_timer_state; 1161556Srgrimes /* constants */ 1171556Srgrimes unsigned int reAuthPeriod; /* default 3600 s */ 1181556Srgrimes Boolean reAuthEnabled; 1191556Srgrimes 12020425Ssteve /* Authenticator Key Transmit state machine */ 1211556Srgrimes enum { AUTH_KEY_TX_NO_KEY_TRANSMIT, AUTH_KEY_TX_KEY_TRANSMIT 1221556Srgrimes } auth_key_tx_state; 1231556Srgrimes 12420425Ssteve /* Key Receive state machine */ 12520425Ssteve enum { KEY_RX_NO_KEY_RECEIVE, KEY_RX_KEY_RECEIVE } key_rx_state; 12620425Ssteve /* variables */ 12720425Ssteve Boolean rxKey; 12820425Ssteve 12920425Ssteve /* Controlled Directions state machine */ 13020425Ssteve enum { CTRL_DIR_FORCE_BOTH, CTRL_DIR_IN_OR_BOTH } ctrl_dir_state; 13120425Ssteve /* variables */ 1321556Srgrimes ControlledDirection adminControlledDirections; 13320425Ssteve ControlledDirection operControlledDirections; 13420425Ssteve Boolean operEdge; 13520425Ssteve 13620425Ssteve /* Authenticator Statistics Table */ 13720425Ssteve Counter dot1xAuthEapolFramesRx; 13820425Ssteve Counter dot1xAuthEapolFramesTx; 13920425Ssteve Counter dot1xAuthEapolStartFramesRx; 14020425Ssteve Counter dot1xAuthEapolLogoffFramesRx; 14120425Ssteve Counter dot1xAuthEapolRespIdFramesRx; 14220425Ssteve Counter dot1xAuthEapolRespFramesRx; 14320425Ssteve Counter dot1xAuthEapolReqIdFramesTx; 14420425Ssteve Counter dot1xAuthEapolReqFramesTx; 14520425Ssteve Counter dot1xAuthInvalidEapolFramesRx; 14620425Ssteve Counter dot1xAuthEapLengthErrorFramesRx; 14720425Ssteve Counter dot1xAuthLastEapolFrameVersion; 14820425Ssteve 14920425Ssteve /* Other variables - not defined in IEEE 802.1X */ 15025222Ssteve u8 addr[ETH_ALEN]; /* Supplicant address */ 1511556Srgrimes int flags; /* EAPOL_SM_* */ 15217987Speter 1531556Srgrimes /* EAPOL/AAA <-> EAP full authenticator interface */ 1541556Srgrimes struct eap_eapol_interface *eap_if; 1551556Srgrimes 1561556Srgrimes int radius_identifier; 15717987Speter /* TODO: check when the last messages can be released */ 15817987Speter struct radius_msg *last_recv_radius; 15925222Ssteve u8 last_eap_id; /* last used EAP Identifier */ 1601556Srgrimes u8 *identity; 1611556Srgrimes size_t identity_len; 1621556Srgrimes u8 eap_type_authsrv; /* EAP type of the last EAP packet from 16325222Ssteve * Authentication server */ 16420425Ssteve u8 eap_type_supp; /* EAP type of the last EAP packet from Supplicant */ 16520425Ssteve struct radius_class_data radius_class; 16620425Ssteve 16720425Ssteve /* Keys for encrypting and signing EAPOL-Key frames */ 16820425Ssteve u8 *eapol_key_sign; 16920425Ssteve size_t eapol_key_sign_len; 17020425Ssteve u8 *eapol_key_crypt; 17120425Ssteve size_t eapol_key_crypt_len; 17217987Speter 17320425Ssteve struct eap_sm *eap; 17425222Ssteve 17520425Ssteve Boolean initializing; /* in process of initializing state machines */ 17620425Ssteve Boolean changed; 17720425Ssteve 17820425Ssteve struct eapol_authenticator *eapol; 17920425Ssteve 18020425Ssteve void *sta; /* station context pointer to use in callbacks */ 18120425Ssteve}; 18220425Ssteve 18325222Ssteve#endif /* EAPOL_AUTH_SM_I_H */ 18420425Ssteve