eap.h revision 189251
1189251Ssam/* 2189251Ssam * EAP peer state machine functions (RFC 4137) 3189251Ssam * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi> 4189251Ssam * 5189251Ssam * This program is free software; you can redistribute it and/or modify 6189251Ssam * it under the terms of the GNU General Public License version 2 as 7189251Ssam * published by the Free Software Foundation. 8189251Ssam * 9189251Ssam * Alternatively, this software may be distributed under the terms of BSD 10189251Ssam * license. 11189251Ssam * 12189251Ssam * See README and COPYING for more details. 13189251Ssam */ 14189251Ssam 15189251Ssam#ifndef EAP_H 16189251Ssam#define EAP_H 17189251Ssam 18189251Ssam#include "defs.h" 19189251Ssam#include "eap_common/eap_defs.h" 20189251Ssam#include "eap_peer/eap_methods.h" 21189251Ssam 22189251Ssamstruct eap_sm; 23189251Ssamstruct wpa_config_blob; 24189251Ssamstruct wpabuf; 25189251Ssam 26189251Ssamstruct eap_method_type { 27189251Ssam int vendor; 28189251Ssam u32 method; 29189251Ssam}; 30189251Ssam 31189251Ssam#ifdef IEEE8021X_EAPOL 32189251Ssam 33189251Ssam/** 34189251Ssam * enum eapol_bool_var - EAPOL boolean state variables for EAP state machine 35189251Ssam * 36189251Ssam * These variables are used in the interface between EAP peer state machine and 37189251Ssam * lower layer. These are defined in RFC 4137, Sect. 4.1. Lower layer code is 38189251Ssam * expected to maintain these variables and register a callback functions for 39189251Ssam * EAP state machine to get and set the variables. 40189251Ssam */ 41189251Ssamenum eapol_bool_var { 42189251Ssam /** 43189251Ssam * EAPOL_eapSuccess - EAP SUCCESS state reached 44189251Ssam * 45189251Ssam * EAP state machine reads and writes this value. 46189251Ssam */ 47189251Ssam EAPOL_eapSuccess, 48189251Ssam 49189251Ssam /** 50189251Ssam * EAPOL_eapRestart - Lower layer request to restart authentication 51189251Ssam * 52189251Ssam * Set to TRUE in lower layer, FALSE in EAP state machine. 53189251Ssam */ 54189251Ssam EAPOL_eapRestart, 55189251Ssam 56189251Ssam /** 57189251Ssam * EAPOL_eapFail - EAP FAILURE state reached 58189251Ssam * 59189251Ssam * EAP state machine writes this value. 60189251Ssam */ 61189251Ssam EAPOL_eapFail, 62189251Ssam 63189251Ssam /** 64189251Ssam * EAPOL_eapResp - Response to send 65189251Ssam * 66189251Ssam * Set to TRUE in EAP state machine, FALSE in lower layer. 67189251Ssam */ 68189251Ssam EAPOL_eapResp, 69189251Ssam 70189251Ssam /** 71189251Ssam * EAPOL_eapNoResp - Request has been process; no response to send 72189251Ssam * 73189251Ssam * Set to TRUE in EAP state machine, FALSE in lower layer. 74189251Ssam */ 75189251Ssam EAPOL_eapNoResp, 76189251Ssam 77189251Ssam /** 78189251Ssam * EAPOL_eapReq - EAP request available from lower layer 79189251Ssam * 80189251Ssam * Set to TRUE in lower layer, FALSE in EAP state machine. 81189251Ssam */ 82189251Ssam EAPOL_eapReq, 83189251Ssam 84189251Ssam /** 85189251Ssam * EAPOL_portEnabled - Lower layer is ready for communication 86189251Ssam * 87189251Ssam * EAP state machines reads this value. 88189251Ssam */ 89189251Ssam EAPOL_portEnabled, 90189251Ssam 91189251Ssam /** 92189251Ssam * EAPOL_altAccept - Alternate indication of success (RFC3748) 93189251Ssam * 94189251Ssam * EAP state machines reads this value. 95189251Ssam */ 96189251Ssam EAPOL_altAccept, 97189251Ssam 98189251Ssam /** 99189251Ssam * EAPOL_altReject - Alternate indication of failure (RFC3748) 100189251Ssam * 101189251Ssam * EAP state machines reads this value. 102189251Ssam */ 103189251Ssam EAPOL_altReject 104189251Ssam}; 105189251Ssam 106189251Ssam/** 107189251Ssam * enum eapol_int_var - EAPOL integer state variables for EAP state machine 108189251Ssam * 109189251Ssam * These variables are used in the interface between EAP peer state machine and 110189251Ssam * lower layer. These are defined in RFC 4137, Sect. 4.1. Lower layer code is 111189251Ssam * expected to maintain these variables and register a callback functions for 112189251Ssam * EAP state machine to get and set the variables. 113189251Ssam */ 114189251Ssamenum eapol_int_var { 115189251Ssam /** 116189251Ssam * EAPOL_idleWhile - Outside time for EAP peer timeout 117189251Ssam * 118189251Ssam * This integer variable is used to provide an outside timer that the 119189251Ssam * external (to EAP state machine) code must decrement by one every 120189251Ssam * second until the value reaches zero. This is used in the same way as 121189251Ssam * EAPOL state machine timers. EAP state machine reads and writes this 122189251Ssam * value. 123189251Ssam */ 124189251Ssam EAPOL_idleWhile 125189251Ssam}; 126189251Ssam 127189251Ssam/** 128189251Ssam * struct eapol_callbacks - Callback functions from EAP to lower layer 129189251Ssam * 130189251Ssam * This structure defines the callback functions that EAP state machine 131189251Ssam * requires from the lower layer (usually EAPOL state machine) for updating 132189251Ssam * state variables and requesting information. eapol_ctx from 133189251Ssam * eap_peer_sm_init() call will be used as the ctx parameter for these 134189251Ssam * callback functions. 135189251Ssam */ 136189251Ssamstruct eapol_callbacks { 137189251Ssam /** 138189251Ssam * get_config - Get pointer to the current network configuration 139189251Ssam * @ctx: eapol_ctx from eap_peer_sm_init() call 140189251Ssam */ 141189251Ssam struct eap_peer_config * (*get_config)(void *ctx); 142189251Ssam 143189251Ssam /** 144189251Ssam * get_bool - Get a boolean EAPOL state variable 145189251Ssam * @variable: EAPOL boolean variable to get 146189251Ssam * Returns: Value of the EAPOL variable 147189251Ssam */ 148189251Ssam Boolean (*get_bool)(void *ctx, enum eapol_bool_var variable); 149189251Ssam 150189251Ssam /** 151189251Ssam * set_bool - Set a boolean EAPOL state variable 152189251Ssam * @ctx: eapol_ctx from eap_peer_sm_init() call 153189251Ssam * @variable: EAPOL boolean variable to set 154189251Ssam * @value: Value for the EAPOL variable 155189251Ssam */ 156189251Ssam void (*set_bool)(void *ctx, enum eapol_bool_var variable, 157189251Ssam Boolean value); 158189251Ssam 159189251Ssam /** 160189251Ssam * get_int - Get an integer EAPOL state variable 161189251Ssam * @ctx: eapol_ctx from eap_peer_sm_init() call 162189251Ssam * @variable: EAPOL integer variable to get 163189251Ssam * Returns: Value of the EAPOL variable 164189251Ssam */ 165189251Ssam unsigned int (*get_int)(void *ctx, enum eapol_int_var variable); 166189251Ssam 167189251Ssam /** 168189251Ssam * set_int - Set an integer EAPOL state variable 169189251Ssam * @ctx: eapol_ctx from eap_peer_sm_init() call 170189251Ssam * @variable: EAPOL integer variable to set 171189251Ssam * @value: Value for the EAPOL variable 172189251Ssam */ 173189251Ssam void (*set_int)(void *ctx, enum eapol_int_var variable, 174189251Ssam unsigned int value); 175189251Ssam 176189251Ssam /** 177189251Ssam * get_eapReqData - Get EAP-Request data 178189251Ssam * @ctx: eapol_ctx from eap_peer_sm_init() call 179189251Ssam * @len: Pointer to variable that will be set to eapReqDataLen 180189251Ssam * Returns: Reference to eapReqData (EAP state machine will not free 181189251Ssam * this) or %NULL if eapReqData not available. 182189251Ssam */ 183189251Ssam struct wpabuf * (*get_eapReqData)(void *ctx); 184189251Ssam 185189251Ssam /** 186189251Ssam * set_config_blob - Set named configuration blob 187189251Ssam * @ctx: eapol_ctx from eap_peer_sm_init() call 188189251Ssam * @blob: New value for the blob 189189251Ssam * 190189251Ssam * Adds a new configuration blob or replaces the current value of an 191189251Ssam * existing blob. 192189251Ssam */ 193189251Ssam void (*set_config_blob)(void *ctx, struct wpa_config_blob *blob); 194189251Ssam 195189251Ssam /** 196189251Ssam * get_config_blob - Get a named configuration blob 197189251Ssam * @ctx: eapol_ctx from eap_peer_sm_init() call 198189251Ssam * @name: Name of the blob 199189251Ssam * Returns: Pointer to blob data or %NULL if not found 200189251Ssam */ 201189251Ssam const struct wpa_config_blob * (*get_config_blob)(void *ctx, 202189251Ssam const char *name); 203189251Ssam 204189251Ssam /** 205189251Ssam * notify_pending - Notify that a pending request can be retried 206189251Ssam * @ctx: eapol_ctx from eap_peer_sm_init() call 207189251Ssam * 208189251Ssam * An EAP method can perform a pending operation (e.g., to get a 209189251Ssam * response from an external process). Once the response is available, 210189251Ssam * this callback function can be used to request EAPOL state machine to 211189251Ssam * retry delivering the previously received (and still unanswered) EAP 212189251Ssam * request to EAP state machine. 213189251Ssam */ 214189251Ssam void (*notify_pending)(void *ctx); 215189251Ssam 216189251Ssam /** 217189251Ssam * eap_param_needed - Notify that EAP parameter is needed 218189251Ssam * @ctx: eapol_ctx from eap_peer_sm_init() call 219189251Ssam * @field: Field name (e.g., "IDENTITY") 220189251Ssam * @txt: User readable text describing the required parameter 221189251Ssam */ 222189251Ssam void (*eap_param_needed)(void *ctx, const char *field, 223189251Ssam const char *txt); 224189251Ssam}; 225189251Ssam 226189251Ssam/** 227189251Ssam * struct eap_config - Configuration for EAP state machine 228189251Ssam */ 229189251Ssamstruct eap_config { 230189251Ssam /** 231189251Ssam * opensc_engine_path - OpenSC engine for OpenSSL engine support 232189251Ssam * 233189251Ssam * Usually, path to engine_opensc.so. 234189251Ssam */ 235189251Ssam const char *opensc_engine_path; 236189251Ssam /** 237189251Ssam * pkcs11_engine_path - PKCS#11 engine for OpenSSL engine support 238189251Ssam * 239189251Ssam * Usually, path to engine_pkcs11.so. 240189251Ssam */ 241189251Ssam const char *pkcs11_engine_path; 242189251Ssam /** 243189251Ssam * pkcs11_module_path - OpenSC PKCS#11 module for OpenSSL engine 244189251Ssam * 245189251Ssam * Usually, path to opensc-pkcs11.so. 246189251Ssam */ 247189251Ssam const char *pkcs11_module_path; 248189251Ssam /** 249189251Ssam * wps - WPS context data 250189251Ssam * 251189251Ssam * This is only used by EAP-WSC and can be left %NULL if not available. 252189251Ssam */ 253189251Ssam struct wps_context *wps; 254189251Ssam}; 255189251Ssam 256189251Ssamstruct eap_sm * eap_peer_sm_init(void *eapol_ctx, 257189251Ssam struct eapol_callbacks *eapol_cb, 258189251Ssam void *msg_ctx, struct eap_config *conf); 259189251Ssamvoid eap_peer_sm_deinit(struct eap_sm *sm); 260189251Ssamint eap_peer_sm_step(struct eap_sm *sm); 261189251Ssamvoid eap_sm_abort(struct eap_sm *sm); 262189251Ssamint eap_sm_get_status(struct eap_sm *sm, char *buf, size_t buflen, 263189251Ssam int verbose); 264189251Ssamstruct wpabuf * eap_sm_buildIdentity(struct eap_sm *sm, int id, int encrypted); 265189251Ssamvoid eap_sm_request_identity(struct eap_sm *sm); 266189251Ssamvoid eap_sm_request_password(struct eap_sm *sm); 267189251Ssamvoid eap_sm_request_new_password(struct eap_sm *sm); 268189251Ssamvoid eap_sm_request_pin(struct eap_sm *sm); 269189251Ssamvoid eap_sm_request_otp(struct eap_sm *sm, const char *msg, size_t msg_len); 270189251Ssamvoid eap_sm_request_passphrase(struct eap_sm *sm); 271189251Ssamvoid eap_sm_notify_ctrl_attached(struct eap_sm *sm); 272189251Ssamu32 eap_get_phase2_type(const char *name, int *vendor); 273189251Ssamstruct eap_method_type * eap_get_phase2_types(struct eap_peer_config *config, 274189251Ssam size_t *count); 275189251Ssamvoid eap_set_fast_reauth(struct eap_sm *sm, int enabled); 276189251Ssamvoid eap_set_workaround(struct eap_sm *sm, unsigned int workaround); 277189251Ssamvoid eap_set_force_disabled(struct eap_sm *sm, int disabled); 278189251Ssamint eap_key_available(struct eap_sm *sm); 279189251Ssamvoid eap_notify_success(struct eap_sm *sm); 280189251Ssamvoid eap_notify_lower_layer_success(struct eap_sm *sm); 281189251Ssamconst u8 * eap_get_eapKeyData(struct eap_sm *sm, size_t *len); 282189251Ssamstruct wpabuf * eap_get_eapRespData(struct eap_sm *sm); 283189251Ssamvoid eap_register_scard_ctx(struct eap_sm *sm, void *ctx); 284189251Ssamvoid eap_invalidate_cached_session(struct eap_sm *sm); 285189251Ssam 286189251Ssamint eap_is_wps_pbc_enrollee(struct eap_peer_config *conf); 287189251Ssamint eap_is_wps_pin_enrollee(struct eap_peer_config *conf); 288189251Ssam 289189251Ssam#endif /* IEEE8021X_EAPOL */ 290189251Ssam 291189251Ssam#endif /* EAP_H */ 292