eapol_auth_sm_i.h revision 281806
1214501Srpaulo/* 2214501Srpaulo * IEEE 802.1X-2004 Authenticator - EAPOL state machine (internal definitions) 3214501Srpaulo * Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi> 4214501Srpaulo * 5252726Srpaulo * This software may be distributed under the terms of the BSD license. 6252726Srpaulo * See README for more details. 7214501Srpaulo */ 8214501Srpaulo 9214501Srpaulo#ifndef EAPOL_AUTH_SM_I_H 10214501Srpaulo#define EAPOL_AUTH_SM_I_H 11214501Srpaulo 12214501Srpaulo#include "common/defs.h" 13214501Srpaulo#include "radius/radius.h" 14214501Srpaulo 15214501Srpaulo/* IEEE Std 802.1X-2004, Ch. 8.2 */ 16214501Srpaulo 17214501Srpaulotypedef enum { ForceUnauthorized = 1, ForceAuthorized = 3, Auto = 2 } 18214501Srpaulo PortTypes; 19214501Srpaulotypedef enum { Unauthorized = 2, Authorized = 1 } PortState; 20214501Srpaulotypedef enum { Both = 0, In = 1 } ControlledDirection; 21214501Srpaulotypedef unsigned int Counter; 22214501Srpaulo 23214501Srpaulo 24214501Srpaulo/** 25214501Srpaulo * struct eapol_authenticator - Global EAPOL authenticator data 26214501Srpaulo */ 27214501Srpaulostruct eapol_authenticator { 28214501Srpaulo struct eapol_auth_config conf; 29214501Srpaulo struct eapol_auth_cb cb; 30214501Srpaulo 31214501Srpaulo u8 *default_wep_key; 32214501Srpaulo u8 default_wep_key_idx; 33281806Srpaulo 34281806Srpaulo u32 acct_multi_session_id_hi; 35281806Srpaulo u32 acct_multi_session_id_lo; 36214501Srpaulo}; 37214501Srpaulo 38214501Srpaulo 39214501Srpaulo/** 40214501Srpaulo * struct eapol_state_machine - Per-Supplicant Authenticator state machines 41214501Srpaulo */ 42214501Srpaulostruct eapol_state_machine { 43214501Srpaulo /* timers */ 44214501Srpaulo int aWhile; 45214501Srpaulo int quietWhile; 46214501Srpaulo int reAuthWhen; 47214501Srpaulo 48214501Srpaulo /* global variables */ 49214501Srpaulo Boolean authAbort; 50214501Srpaulo Boolean authFail; 51214501Srpaulo PortState authPortStatus; 52214501Srpaulo Boolean authStart; 53214501Srpaulo Boolean authTimeout; 54214501Srpaulo Boolean authSuccess; 55214501Srpaulo Boolean eapolEap; 56214501Srpaulo Boolean initialize; 57214501Srpaulo Boolean keyDone; 58214501Srpaulo Boolean keyRun; 59214501Srpaulo Boolean keyTxEnabled; 60214501Srpaulo PortTypes portControl; 61214501Srpaulo Boolean portValid; 62214501Srpaulo Boolean reAuthenticate; 63214501Srpaulo 64214501Srpaulo /* Port Timers state machine */ 65214501Srpaulo /* 'Boolean tick' implicitly handled as registered timeout */ 66214501Srpaulo 67214501Srpaulo /* Authenticator PAE state machine */ 68214501Srpaulo enum { AUTH_PAE_INITIALIZE, AUTH_PAE_DISCONNECTED, AUTH_PAE_CONNECTING, 69214501Srpaulo AUTH_PAE_AUTHENTICATING, AUTH_PAE_AUTHENTICATED, 70214501Srpaulo AUTH_PAE_ABORTING, AUTH_PAE_HELD, AUTH_PAE_FORCE_AUTH, 71214501Srpaulo AUTH_PAE_FORCE_UNAUTH, AUTH_PAE_RESTART } auth_pae_state; 72214501Srpaulo /* variables */ 73214501Srpaulo Boolean eapolLogoff; 74214501Srpaulo Boolean eapolStart; 75214501Srpaulo PortTypes portMode; 76214501Srpaulo unsigned int reAuthCount; 77214501Srpaulo /* constants */ 78214501Srpaulo unsigned int quietPeriod; /* default 60; 0..65535 */ 79214501Srpaulo#define AUTH_PAE_DEFAULT_quietPeriod 60 80214501Srpaulo unsigned int reAuthMax; /* default 2 */ 81214501Srpaulo#define AUTH_PAE_DEFAULT_reAuthMax 2 82214501Srpaulo /* counters */ 83214501Srpaulo Counter authEntersConnecting; 84214501Srpaulo Counter authEapLogoffsWhileConnecting; 85214501Srpaulo Counter authEntersAuthenticating; 86214501Srpaulo Counter authAuthSuccessesWhileAuthenticating; 87214501Srpaulo Counter authAuthTimeoutsWhileAuthenticating; 88214501Srpaulo Counter authAuthFailWhileAuthenticating; 89214501Srpaulo Counter authAuthEapStartsWhileAuthenticating; 90214501Srpaulo Counter authAuthEapLogoffWhileAuthenticating; 91214501Srpaulo Counter authAuthReauthsWhileAuthenticated; 92214501Srpaulo Counter authAuthEapStartsWhileAuthenticated; 93214501Srpaulo Counter authAuthEapLogoffWhileAuthenticated; 94214501Srpaulo 95214501Srpaulo /* Backend Authentication state machine */ 96214501Srpaulo enum { BE_AUTH_REQUEST, BE_AUTH_RESPONSE, BE_AUTH_SUCCESS, 97214501Srpaulo BE_AUTH_FAIL, BE_AUTH_TIMEOUT, BE_AUTH_IDLE, BE_AUTH_INITIALIZE, 98214501Srpaulo BE_AUTH_IGNORE 99214501Srpaulo } be_auth_state; 100214501Srpaulo /* constants */ 101214501Srpaulo unsigned int serverTimeout; /* default 30; 1..X */ 102214501Srpaulo#define BE_AUTH_DEFAULT_serverTimeout 30 103214501Srpaulo /* counters */ 104214501Srpaulo Counter backendResponses; 105214501Srpaulo Counter backendAccessChallenges; 106214501Srpaulo Counter backendOtherRequestsToSupplicant; 107214501Srpaulo Counter backendAuthSuccesses; 108214501Srpaulo Counter backendAuthFails; 109214501Srpaulo 110214501Srpaulo /* Reauthentication Timer state machine */ 111214501Srpaulo enum { REAUTH_TIMER_INITIALIZE, REAUTH_TIMER_REAUTHENTICATE 112214501Srpaulo } reauth_timer_state; 113214501Srpaulo /* constants */ 114214501Srpaulo unsigned int reAuthPeriod; /* default 3600 s */ 115214501Srpaulo Boolean reAuthEnabled; 116214501Srpaulo 117214501Srpaulo /* Authenticator Key Transmit state machine */ 118214501Srpaulo enum { AUTH_KEY_TX_NO_KEY_TRANSMIT, AUTH_KEY_TX_KEY_TRANSMIT 119214501Srpaulo } auth_key_tx_state; 120214501Srpaulo 121214501Srpaulo /* Key Receive state machine */ 122214501Srpaulo enum { KEY_RX_NO_KEY_RECEIVE, KEY_RX_KEY_RECEIVE } key_rx_state; 123214501Srpaulo /* variables */ 124214501Srpaulo Boolean rxKey; 125214501Srpaulo 126214501Srpaulo /* Controlled Directions state machine */ 127214501Srpaulo enum { CTRL_DIR_FORCE_BOTH, CTRL_DIR_IN_OR_BOTH } ctrl_dir_state; 128214501Srpaulo /* variables */ 129214501Srpaulo ControlledDirection adminControlledDirections; 130214501Srpaulo ControlledDirection operControlledDirections; 131214501Srpaulo Boolean operEdge; 132214501Srpaulo 133214501Srpaulo /* Authenticator Statistics Table */ 134214501Srpaulo Counter dot1xAuthEapolFramesRx; 135214501Srpaulo Counter dot1xAuthEapolFramesTx; 136214501Srpaulo Counter dot1xAuthEapolStartFramesRx; 137214501Srpaulo Counter dot1xAuthEapolLogoffFramesRx; 138214501Srpaulo Counter dot1xAuthEapolRespIdFramesRx; 139214501Srpaulo Counter dot1xAuthEapolRespFramesRx; 140214501Srpaulo Counter dot1xAuthEapolReqIdFramesTx; 141214501Srpaulo Counter dot1xAuthEapolReqFramesTx; 142214501Srpaulo Counter dot1xAuthInvalidEapolFramesRx; 143214501Srpaulo Counter dot1xAuthEapLengthErrorFramesRx; 144214501Srpaulo Counter dot1xAuthLastEapolFrameVersion; 145214501Srpaulo 146214501Srpaulo /* Other variables - not defined in IEEE 802.1X */ 147214501Srpaulo u8 addr[ETH_ALEN]; /* Supplicant address */ 148214501Srpaulo int flags; /* EAPOL_SM_* */ 149214501Srpaulo 150214501Srpaulo /* EAPOL/AAA <-> EAP full authenticator interface */ 151214501Srpaulo struct eap_eapol_interface *eap_if; 152214501Srpaulo 153214501Srpaulo int radius_identifier; 154214501Srpaulo /* TODO: check when the last messages can be released */ 155214501Srpaulo struct radius_msg *last_recv_radius; 156214501Srpaulo u8 last_eap_id; /* last used EAP Identifier */ 157214501Srpaulo u8 *identity; 158214501Srpaulo size_t identity_len; 159214501Srpaulo u8 eap_type_authsrv; /* EAP type of the last EAP packet from 160214501Srpaulo * Authentication server */ 161214501Srpaulo u8 eap_type_supp; /* EAP type of the last EAP packet from Supplicant */ 162214501Srpaulo struct radius_class_data radius_class; 163252726Srpaulo struct wpabuf *radius_cui; /* Chargeable-User-Identity */ 164214501Srpaulo 165214501Srpaulo /* Keys for encrypting and signing EAPOL-Key frames */ 166214501Srpaulo u8 *eapol_key_sign; 167214501Srpaulo size_t eapol_key_sign_len; 168214501Srpaulo u8 *eapol_key_crypt; 169214501Srpaulo size_t eapol_key_crypt_len; 170214501Srpaulo 171214501Srpaulo struct eap_sm *eap; 172214501Srpaulo 173214501Srpaulo Boolean initializing; /* in process of initializing state machines */ 174214501Srpaulo Boolean changed; 175214501Srpaulo 176214501Srpaulo struct eapol_authenticator *eapol; 177214501Srpaulo 178214501Srpaulo void *sta; /* station context pointer to use in callbacks */ 179281806Srpaulo 180281806Srpaulo int remediation; 181281806Srpaulo 182281806Srpaulo u32 acct_multi_session_id_hi; 183281806Srpaulo u32 acct_multi_session_id_lo; 184214501Srpaulo}; 185214501Srpaulo 186214501Srpaulo#endif /* EAPOL_AUTH_SM_I_H */ 187