eap_i.h revision 351611 
1/*
2 * hostapd / EAP Authenticator state machine internal structures (RFC 4137)
3 * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9#ifndef EAP_I_H
10#define EAP_I_H
11
12#include "wpabuf.h"
13#include "eap_server/eap.h"
14#include "eap_common/eap_common.h"
15
16/* RFC 4137 - EAP Standalone Authenticator */
17
18/**
19 * struct eap_method - EAP method interface
20 * This structure defines the EAP method interface. Each method will need to
21 * register its own EAP type, EAP name, and set of function pointers for method
22 * specific operations. This interface is based on section 5.4 of RFC 4137.
23 */
24struct eap_method {
25	int vendor;
26	EapType method;
27	const char *name;
28
29	void * (*init)(struct eap_sm *sm);
30	void * (*initPickUp)(struct eap_sm *sm);
31	void (*reset)(struct eap_sm *sm, void *priv);
32
33	struct wpabuf * (*buildReq)(struct eap_sm *sm, void *priv, u8 id);
34	int (*getTimeout)(struct eap_sm *sm, void *priv);
35	Boolean (*check)(struct eap_sm *sm, void *priv,
36			 struct wpabuf *respData);
37	void (*process)(struct eap_sm *sm, void *priv,
38			struct wpabuf *respData);
39	Boolean (*isDone)(struct eap_sm *sm, void *priv);
40	u8 * (*getKey)(struct eap_sm *sm, void *priv, size_t *len);
41	/* isSuccess is not specified in draft-ietf-eap-statemachine-05.txt,
42	 * but it is useful in implementing Policy.getDecision() */
43	Boolean (*isSuccess)(struct eap_sm *sm, void *priv);
44
45	/**
46	 * free - Free EAP method data
47	 * @method: Pointer to the method data registered with
48	 * eap_server_method_register().
49	 *
50	 * This function will be called when the EAP method is being
51	 * unregistered. If the EAP method allocated resources during
52	 * registration (e.g., allocated struct eap_method), they should be
53	 * freed in this function. No other method functions will be called
54	 * after this call. If this function is not defined (i.e., function
55	 * pointer is %NULL), a default handler is used to release the method
56	 * data with free(method). This is suitable for most cases.
57	 */
58	void (*free)(struct eap_method *method);
59
60#define EAP_SERVER_METHOD_INTERFACE_VERSION 1
61	/**
62	 * version - Version of the EAP server method interface
63	 *
64	 * The EAP server method implementation should set this variable to
65	 * EAP_SERVER_METHOD_INTERFACE_VERSION. This is used to verify that the
66	 * EAP method is using supported API version when using dynamically
67	 * loadable EAP methods.
68	 */
69	int version;
70
71	/**
72	 * next - Pointer to the next EAP method
73	 *
74	 * This variable is used internally in the EAP method registration code
75	 * to create a linked list of registered EAP methods.
76	 */
77	struct eap_method *next;
78
79	/**
80	 * get_emsk - Get EAP method specific keying extended material (EMSK)
81	 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
82	 * @priv: Pointer to private EAP method data from eap_method::init()
83	 * @len: Pointer to a variable to store EMSK length
84	 * Returns: EMSK or %NULL if not available
85	 *
86	 * This function can be used to get the extended keying material from
87	 * the EAP method. The key may already be stored in the method-specific
88	 * private data or this function may derive the key.
89	 */
90	u8 * (*get_emsk)(struct eap_sm *sm, void *priv, size_t *len);
91
92	/**
93	 * getSessionId - Get EAP method specific Session-Id
94	 * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
95	 * @priv: Pointer to private EAP method data from eap_method::init()
96	 * @len: Pointer to a variable to store Session-Id length
97	 * Returns: Session-Id or %NULL if not available
98	 *
99	 * This function can be used to get the Session-Id from the EAP method.
100	 * The Session-Id may already be stored in the method-specific private
101	 * data or this function may derive the Session-Id.
102	 */
103	u8 * (*getSessionId)(struct eap_sm *sm, void *priv, size_t *len);
104};
105
106/**
107 * struct eap_sm - EAP server state machine data
108 */
109struct eap_sm {
110	enum {
111		EAP_DISABLED, EAP_INITIALIZE, EAP_IDLE, EAP_RECEIVED,
112		EAP_INTEGRITY_CHECK, EAP_METHOD_RESPONSE, EAP_METHOD_REQUEST,
113		EAP_PROPOSE_METHOD, EAP_SELECT_ACTION, EAP_SEND_REQUEST,
114		EAP_DISCARD, EAP_NAK, EAP_RETRANSMIT, EAP_SUCCESS, EAP_FAILURE,
115		EAP_TIMEOUT_FAILURE, EAP_PICK_UP_METHOD,
116		EAP_INITIALIZE_PASSTHROUGH, EAP_IDLE2, EAP_RETRANSMIT2,
117		EAP_RECEIVED2, EAP_DISCARD2, EAP_SEND_REQUEST2,
118		EAP_AAA_REQUEST, EAP_AAA_RESPONSE, EAP_AAA_IDLE,
119		EAP_TIMEOUT_FAILURE2, EAP_FAILURE2, EAP_SUCCESS2,
120		EAP_INITIATE_REAUTH_START, EAP_INITIATE_RECEIVED
121	} EAP_state;
122
123	/* Constants */
124	int MaxRetrans;
125
126	struct eap_eapol_interface eap_if;
127
128	/* Full authenticator state machine local variables */
129
130	/* Long-term (maintained between packets) */
131	EapType currentMethod;
132	int currentId;
133	enum {
134		METHOD_PROPOSED, METHOD_CONTINUE, METHOD_END
135	} methodState;
136	int retransCount;
137	struct wpabuf *lastReqData;
138	int methodTimeout;
139
140	/* Short-term (not maintained between packets) */
141	Boolean rxResp;
142	Boolean rxInitiate;
143	int respId;
144	EapType respMethod;
145	int respVendor;
146	u32 respVendorMethod;
147	Boolean ignore;
148	enum {
149		DECISION_SUCCESS, DECISION_FAILURE, DECISION_CONTINUE,
150		DECISION_PASSTHROUGH, DECISION_INITIATE_REAUTH_START
151	} decision;
152
153	/* Miscellaneous variables */
154	const struct eap_method *m; /* selected EAP method */
155	/* not defined in RFC 4137 */
156	Boolean changed;
157	void *eapol_ctx, *msg_ctx;
158	const struct eapol_callbacks *eapol_cb;
159	void *eap_method_priv;
160	u8 *identity;
161	size_t identity_len;
162	char *serial_num;
163	char imsi[20];
164	/* Whether Phase 2 method should validate identity match */
165	int require_identity_match;
166	int lastId; /* Identifier used in the last EAP-Packet */
167	struct eap_user *user;
168	int user_eap_method_index;
169	int init_phase2;
170	void *ssl_ctx;
171	struct eap_sim_db_data *eap_sim_db_priv;
172	Boolean backend_auth;
173	Boolean update_user;
174	int eap_server;
175
176	int num_rounds;
177	enum {
178		METHOD_PENDING_NONE, METHOD_PENDING_WAIT, METHOD_PENDING_CONT
179	} method_pending;
180
181	u8 *auth_challenge;
182	u8 *peer_challenge;
183
184	u8 *pac_opaque_encr_key;
185	u8 *eap_fast_a_id;
186	size_t eap_fast_a_id_len;
187	char *eap_fast_a_id_info;
188	enum {
189		NO_PROV, ANON_PROV, AUTH_PROV, BOTH_PROV
190	} eap_fast_prov;
191	int pac_key_lifetime;
192	int pac_key_refresh_time;
193	int eap_teap_auth;
194	int eap_teap_pac_no_inner;
195	int eap_sim_aka_result_ind;
196	int eap_sim_id;
197	int tnc;
198	u16 pwd_group;
199	struct wps_context *wps;
200	struct wpabuf *assoc_wps_ie;
201	struct wpabuf *assoc_p2p_ie;
202
203	Boolean start_reauth;
204
205	u8 peer_addr[ETH_ALEN];
206
207	/* Fragmentation size for EAP method init() handler */
208	int fragment_size;
209
210	int pbc_in_m1;
211
212	const u8 *server_id;
213	size_t server_id_len;
214
215	Boolean initiate_reauth_start_sent;
216	Boolean try_initiate_reauth;
217	int erp;
218	unsigned int tls_session_lifetime;
219	unsigned int tls_flags;
220
221#ifdef CONFIG_TESTING_OPTIONS
222	u32 tls_test_flags;
223#endif /* CONFIG_TESTING_OPTIONS */
224};
225
226int eap_user_get(struct eap_sm *sm, const u8 *identity, size_t identity_len,
227		 int phase2);
228void eap_log_msg(struct eap_sm *sm, const char *fmt, ...)
229PRINTF_FORMAT(2, 3);
230void eap_sm_process_nak(struct eap_sm *sm, const u8 *nak_list, size_t len);
231
232#endif /* EAP_I_H */
233