eap.h revision 351611
1/* 2 * hostapd / EAP Full Authenticator state machine (RFC 4137) 3 * Copyright (c) 2004-2014, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9#ifndef EAP_H 10#define EAP_H 11 12#include "common/defs.h" 13#include "utils/list.h" 14#include "eap_common/eap_defs.h" 15#include "eap_server/eap_methods.h" 16#include "wpabuf.h" 17 18struct eap_sm; 19 20#define EAP_TTLS_AUTH_PAP 1 21#define EAP_TTLS_AUTH_CHAP 2 22#define EAP_TTLS_AUTH_MSCHAP 4 23#define EAP_TTLS_AUTH_MSCHAPV2 8 24 25struct eap_user { 26 struct { 27 int vendor; 28 u32 method; 29 } methods[EAP_MAX_METHODS]; 30 u8 *password; 31 size_t password_len; 32 int password_hash; /* whether password is hashed with 33 * nt_password_hash() */ 34 u8 *salt; 35 size_t salt_len; 36 int phase2; 37 int force_version; 38 unsigned int remediation:1; 39 unsigned int macacl:1; 40 int ttls_auth; /* bitfield of 41 * EAP_TTLS_AUTH_{PAP,CHAP,MSCHAP,MSCHAPV2} */ 42 struct hostapd_radius_attr *accept_attr; 43 u32 t_c_timestamp; 44}; 45 46struct eap_eapol_interface { 47 /* Lower layer to full authenticator variables */ 48 Boolean eapResp; /* shared with EAPOL Backend Authentication */ 49 struct wpabuf *eapRespData; 50 Boolean portEnabled; 51 int retransWhile; 52 Boolean eapRestart; /* shared with EAPOL Authenticator PAE */ 53 int eapSRTT; 54 int eapRTTVAR; 55 56 /* Full authenticator to lower layer variables */ 57 Boolean eapReq; /* shared with EAPOL Backend Authentication */ 58 Boolean eapNoReq; /* shared with EAPOL Backend Authentication */ 59 Boolean eapSuccess; 60 Boolean eapFail; 61 Boolean eapTimeout; 62 struct wpabuf *eapReqData; 63 u8 *eapKeyData; 64 size_t eapKeyDataLen; 65 u8 *eapSessionId; 66 size_t eapSessionIdLen; 67 Boolean eapKeyAvailable; /* called keyAvailable in IEEE 802.1X-2004 */ 68 69 /* AAA interface to full authenticator variables */ 70 Boolean aaaEapReq; 71 Boolean aaaEapNoReq; 72 Boolean aaaSuccess; 73 Boolean aaaFail; 74 struct wpabuf *aaaEapReqData; 75 u8 *aaaEapKeyData; 76 size_t aaaEapKeyDataLen; 77 Boolean aaaEapKeyAvailable; 78 int aaaMethodTimeout; 79 80 /* Full authenticator to AAA interface variables */ 81 Boolean aaaEapResp; 82 struct wpabuf *aaaEapRespData; 83 /* aaaIdentity -> eap_get_identity() */ 84 Boolean aaaTimeout; 85}; 86 87struct eap_server_erp_key { 88 struct dl_list list; 89 size_t rRK_len; 90 size_t rIK_len; 91 u8 rRK[ERP_MAX_KEY_LEN]; 92 u8 rIK[ERP_MAX_KEY_LEN]; 93 u32 recv_seq; 94 u8 cryptosuite; 95 char keyname_nai[]; 96}; 97 98struct eapol_callbacks { 99 int (*get_eap_user)(void *ctx, const u8 *identity, size_t identity_len, 100 int phase2, struct eap_user *user); 101 const char * (*get_eap_req_id_text)(void *ctx, size_t *len); 102 void (*log_msg)(void *ctx, const char *msg); 103 int (*get_erp_send_reauth_start)(void *ctx); 104 const char * (*get_erp_domain)(void *ctx); 105 struct eap_server_erp_key * (*erp_get_key)(void *ctx, 106 const char *keyname); 107 int (*erp_add_key)(void *ctx, struct eap_server_erp_key *erp); 108}; 109 110struct eap_config { 111 void *ssl_ctx; 112 void *msg_ctx; 113 void *eap_sim_db_priv; 114 Boolean backend_auth; 115 int eap_server; 116 u16 pwd_group; 117 u8 *pac_opaque_encr_key; 118 u8 *eap_fast_a_id; 119 size_t eap_fast_a_id_len; 120 char *eap_fast_a_id_info; 121 int eap_fast_prov; 122 int pac_key_lifetime; 123 int pac_key_refresh_time; 124 int eap_teap_auth; 125 int eap_teap_pac_no_inner; 126 int eap_sim_aka_result_ind; 127 int eap_sim_id; 128 int tnc; 129 struct wps_context *wps; 130 const struct wpabuf *assoc_wps_ie; 131 const struct wpabuf *assoc_p2p_ie; 132 const u8 *peer_addr; 133 int fragment_size; 134 135 int pbc_in_m1; 136 137 const u8 *server_id; 138 size_t server_id_len; 139 int erp; 140 unsigned int tls_session_lifetime; 141 unsigned int tls_flags; 142 143#ifdef CONFIG_TESTING_OPTIONS 144 u32 tls_test_flags; 145#endif /* CONFIG_TESTING_OPTIONS */ 146}; 147 148 149struct eap_sm * eap_server_sm_init(void *eapol_ctx, 150 const struct eapol_callbacks *eapol_cb, 151 struct eap_config *eap_conf); 152void eap_server_sm_deinit(struct eap_sm *sm); 153int eap_server_sm_step(struct eap_sm *sm); 154void eap_sm_notify_cached(struct eap_sm *sm); 155void eap_sm_pending_cb(struct eap_sm *sm); 156int eap_sm_method_pending(struct eap_sm *sm); 157const u8 * eap_get_identity(struct eap_sm *sm, size_t *len); 158const char * eap_get_serial_num(struct eap_sm *sm); 159const char * eap_get_method(struct eap_sm *sm); 160const char * eap_get_imsi(struct eap_sm *sm); 161struct eap_eapol_interface * eap_get_interface(struct eap_sm *sm); 162void eap_server_clear_identity(struct eap_sm *sm); 163void eap_server_mschap_rx_callback(struct eap_sm *sm, const char *source, 164 const u8 *username, size_t username_len, 165 const u8 *challenge, const u8 *response); 166void eap_erp_update_identity(struct eap_sm *sm, const u8 *eap, size_t len); 167void eap_user_free(struct eap_user *user); 168 169#endif /* EAP_H */ 170