eap.h revision 302408
1206156Sume/* 2206156Sume * hostapd / EAP Full Authenticator state machine (RFC 4137) 3206156Sume * Copyright (c) 2004-2014, Jouni Malinen <j@w1.fi> 4206156Sume * 5206156Sume * This software may be distributed under the terms of the BSD license. 6206156Sume * See README for more details. 7206156Sume */ 8206156Sume 9206156Sume#ifndef EAP_H 10206156Sume#define EAP_H 11206156Sume 12206156Sume#include "common/defs.h" 13206156Sume#include "utils/list.h" 14206156Sume#include "eap_common/eap_defs.h" 15206156Sume#include "eap_server/eap_methods.h" 16206156Sume#include "wpabuf.h" 17206156Sume 18206156Sumestruct eap_sm; 19206156Sume 20206156Sume#define EAP_TTLS_AUTH_PAP 1 21206156Sume#define EAP_TTLS_AUTH_CHAP 2 22206156Sume#define EAP_TTLS_AUTH_MSCHAP 4 23206156Sume#define EAP_TTLS_AUTH_MSCHAPV2 8 24206156Sume 25206156Sumestruct eap_user { 26206156Sume struct { 27206156Sume int vendor; 28206156Sume u32 method; 29206156Sume } methods[EAP_MAX_METHODS]; 30206156Sume u8 *password; 31206156Sume size_t password_len; 32206156Sume int password_hash; /* whether password is hashed with 33206156Sume * nt_password_hash() */ 34206156Sume int phase2; 35206156Sume int force_version; 36206156Sume unsigned int remediation:1; 37206156Sume unsigned int macacl:1; 38206156Sume int ttls_auth; /* bitfield of 39206156Sume * EAP_TTLS_AUTH_{PAP,CHAP,MSCHAP,MSCHAPV2} */ 40206156Sume struct hostapd_radius_attr *accept_attr; 41206156Sume}; 42206156Sume 43241777Sedstruct eap_eapol_interface { 44206156Sume /* Lower layer to full authenticator variables */ 45206156Sume Boolean eapResp; /* shared with EAPOL Backend Authentication */ 46206156Sume struct wpabuf *eapRespData; 47206156Sume Boolean portEnabled; 48206156Sume int retransWhile; 49206156Sume Boolean eapRestart; /* shared with EAPOL Authenticator PAE */ 50206156Sume int eapSRTT; 51206156Sume int eapRTTVAR; 52206156Sume 53206156Sume /* Full authenticator to lower layer variables */ 54206156Sume Boolean eapReq; /* shared with EAPOL Backend Authentication */ 55206156Sume Boolean eapNoReq; /* shared with EAPOL Backend Authentication */ 56206156Sume Boolean eapSuccess; 57206156Sume Boolean eapFail; 58206156Sume Boolean eapTimeout; 59206156Sume struct wpabuf *eapReqData; 60206156Sume u8 *eapKeyData; 61206156Sume size_t eapKeyDataLen; 62206156Sume u8 *eapSessionId; 63206156Sume size_t eapSessionIdLen; 64206156Sume Boolean eapKeyAvailable; /* called keyAvailable in IEEE 802.1X-2004 */ 65206156Sume 66206156Sume /* AAA interface to full authenticator variables */ 67206156Sume Boolean aaaEapReq; 68206156Sume Boolean aaaEapNoReq; 69206156Sume Boolean aaaSuccess; 70206156Sume Boolean aaaFail; 71206156Sume struct wpabuf *aaaEapReqData; 72206156Sume u8 *aaaEapKeyData; 73206156Sume size_t aaaEapKeyDataLen; 74206156Sume Boolean aaaEapKeyAvailable; 75206156Sume int aaaMethodTimeout; 76206156Sume 77206156Sume /* Full authenticator to AAA interface variables */ 78206156Sume Boolean aaaEapResp; 79206156Sume struct wpabuf *aaaEapRespData; 80206156Sume /* aaaIdentity -> eap_get_identity() */ 81206156Sume Boolean aaaTimeout; 82206156Sume}; 83206156Sume 84206156Sumestruct eap_server_erp_key { 85206156Sume struct dl_list list; 86206156Sume size_t rRK_len; 87206156Sume size_t rIK_len; 88206156Sume u8 rRK[ERP_MAX_KEY_LEN]; 89206156Sume u8 rIK[ERP_MAX_KEY_LEN]; 90206156Sume u32 recv_seq; 91206156Sume u8 cryptosuite; 92206156Sume char keyname_nai[]; 93206156Sume}; 94206156Sume 95206156Sumestruct eapol_callbacks { 96206156Sume int (*get_eap_user)(void *ctx, const u8 *identity, size_t identity_len, 97206156Sume int phase2, struct eap_user *user); 98206156Sume const char * (*get_eap_req_id_text)(void *ctx, size_t *len); 99206156Sume void (*log_msg)(void *ctx, const char *msg); 100206156Sume int (*get_erp_send_reauth_start)(void *ctx); 101206156Sume const char * (*get_erp_domain)(void *ctx); 102206156Sume struct eap_server_erp_key * (*erp_get_key)(void *ctx, 103206156Sume const char *keyname); 104206156Sume int (*erp_add_key)(void *ctx, struct eap_server_erp_key *erp); 105206156Sume}; 106206156Sume 107206156Sumestruct eap_config { 108206156Sume void *ssl_ctx; 109206156Sume void *msg_ctx; 110206156Sume void *eap_sim_db_priv; 111206156Sume Boolean backend_auth; 112206156Sume int eap_server; 113206156Sume u16 pwd_group; 114206156Sume u8 *pac_opaque_encr_key; 115206156Sume u8 *eap_fast_a_id; 116206156Sume size_t eap_fast_a_id_len; 117206156Sume char *eap_fast_a_id_info; 118206156Sume int eap_fast_prov; 119206156Sume int pac_key_lifetime; 120206156Sume int pac_key_refresh_time; 121206156Sume int eap_sim_aka_result_ind; 122206156Sume int tnc; 123206156Sume struct wps_context *wps; 124206156Sume const struct wpabuf *assoc_wps_ie; 125206156Sume const struct wpabuf *assoc_p2p_ie; 126206156Sume const u8 *peer_addr; 127206156Sume int fragment_size; 128206156Sume 129206156Sume int pbc_in_m1; 130206156Sume 131206156Sume const u8 *server_id; 132206156Sume size_t server_id_len; 133206156Sume int erp; 134206156Sume unsigned int tls_session_lifetime; 135206156Sume 136206156Sume#ifdef CONFIG_TESTING_OPTIONS 137206156Sume u32 tls_test_flags; 138206156Sume#endif /* CONFIG_TESTING_OPTIONS */ 139206156Sume}; 140206156Sume 141206156Sume 142206156Sumestruct eap_sm * eap_server_sm_init(void *eapol_ctx, 143206156Sume const struct eapol_callbacks *eapol_cb, 144206156Sume struct eap_config *eap_conf); 145206156Sumevoid eap_server_sm_deinit(struct eap_sm *sm); 146206156Sumeint eap_server_sm_step(struct eap_sm *sm); 147206156Sumevoid eap_sm_notify_cached(struct eap_sm *sm); 148206156Sumevoid eap_sm_pending_cb(struct eap_sm *sm); 149206156Sumeint eap_sm_method_pending(struct eap_sm *sm); 150206156Sumeconst u8 * eap_get_identity(struct eap_sm *sm, size_t *len); 151206156Sumestruct eap_eapol_interface * eap_get_interface(struct eap_sm *sm); 152206156Sumevoid eap_server_clear_identity(struct eap_sm *sm); 153206156Sumevoid eap_server_mschap_rx_callback(struct eap_sm *sm, const char *source, 154206156Sume const u8 *username, size_t username_len, 155206156Sume const u8 *challenge, const u8 *response); 156206156Sume 157206156Sume#endif /* EAP_H */ 158206156Sume