eapol_supp_sm.h revision 189251
1189251Ssam/* 2189251Ssam * EAPOL supplicant state machines 3189251Ssam * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi> 4189251Ssam * 5189251Ssam * This program is free software; you can redistribute it and/or modify 6189251Ssam * it under the terms of the GNU General Public License version 2 as 7189251Ssam * published by the Free Software Foundation. 8189251Ssam * 9189251Ssam * Alternatively, this software may be distributed under the terms of BSD 10189251Ssam * license. 11189251Ssam * 12189251Ssam * See README and COPYING for more details. 13189251Ssam */ 14189251Ssam 15189251Ssam#ifndef EAPOL_SUPP_SM_H 16189251Ssam#define EAPOL_SUPP_SM_H 17189251Ssam 18189251Ssam#include "defs.h" 19189251Ssam 20189251Ssamtypedef enum { Unauthorized, Authorized } PortStatus; 21189251Ssamtypedef enum { Auto, ForceUnauthorized, ForceAuthorized } PortControl; 22189251Ssam 23189251Ssam/** 24189251Ssam * struct eapol_config - Per network configuration for EAPOL state machines 25189251Ssam */ 26189251Ssamstruct eapol_config { 27189251Ssam /** 28189251Ssam * accept_802_1x_keys - Accept IEEE 802.1X (non-WPA) EAPOL-Key frames 29189251Ssam * 30189251Ssam * This variable should be set to 1 when using EAPOL state machines 31189251Ssam * with non-WPA security policy to generate dynamic WEP keys. When 32189251Ssam * using WPA, this should be set to 0 so that WPA state machine can 33189251Ssam * process the EAPOL-Key frames. 34189251Ssam */ 35189251Ssam int accept_802_1x_keys; 36189251Ssam 37189251Ssam#define EAPOL_REQUIRE_KEY_UNICAST BIT(0) 38189251Ssam#define EAPOL_REQUIRE_KEY_BROADCAST BIT(1) 39189251Ssam /** 40189251Ssam * required_keys - Which EAPOL-Key packets are required 41189251Ssam * 42189251Ssam * This variable determines which EAPOL-Key packets are required before 43189251Ssam * marking connection authenticated. This is a bit field of 44189251Ssam * EAPOL_REQUIRE_KEY_UNICAST and EAPOL_REQUIRE_KEY_BROADCAST flags. 45189251Ssam */ 46189251Ssam int required_keys; 47189251Ssam 48189251Ssam /** 49189251Ssam * fast_reauth - Whether fast EAP reauthentication is enabled 50189251Ssam */ 51189251Ssam int fast_reauth; 52189251Ssam 53189251Ssam /** 54189251Ssam * workaround - Whether EAP workarounds are enabled 55189251Ssam */ 56189251Ssam unsigned int workaround; 57189251Ssam 58189251Ssam /** 59189251Ssam * eap_disabled - Whether EAP is disabled 60189251Ssam */ 61189251Ssam int eap_disabled; 62189251Ssam}; 63189251Ssam 64189251Ssamstruct eapol_sm; 65189251Ssamstruct wpa_config_blob; 66189251Ssam 67189251Ssam/** 68189251Ssam * struct eapol_ctx - Global (for all networks) EAPOL state machine context 69189251Ssam */ 70189251Ssamstruct eapol_ctx { 71189251Ssam /** 72189251Ssam * ctx - Pointer to arbitrary upper level context 73189251Ssam */ 74189251Ssam void *ctx; 75189251Ssam 76189251Ssam /** 77189251Ssam * preauth - IEEE 802.11i/RSN pre-authentication 78189251Ssam * 79189251Ssam * This EAPOL state machine is used for IEEE 802.11i/RSN 80189251Ssam * pre-authentication 81189251Ssam */ 82189251Ssam int preauth; 83189251Ssam 84189251Ssam /** 85189251Ssam * cb - Function to be called when EAPOL negotiation has been completed 86189251Ssam * @eapol: Pointer to EAPOL state machine data 87189251Ssam * @success: Whether the authentication was completed successfully 88189251Ssam * @ctx: Pointer to context data (cb_ctx) 89189251Ssam * 90189251Ssam * This optional callback function will be called when the EAPOL 91189251Ssam * authentication has been completed. This allows the owner of the 92189251Ssam * EAPOL state machine to process the key and terminate the EAPOL state 93189251Ssam * machine. Currently, this is used only in RSN pre-authentication. 94189251Ssam */ 95189251Ssam void (*cb)(struct eapol_sm *eapol, int success, void *ctx); 96189251Ssam 97189251Ssam /** 98189251Ssam * cb_ctx - Callback context for cb() 99189251Ssam */ 100189251Ssam void *cb_ctx; 101189251Ssam 102189251Ssam /** 103189251Ssam * msg_ctx - Callback context for wpa_msg() calls 104189251Ssam */ 105189251Ssam void *msg_ctx; 106189251Ssam 107189251Ssam /** 108189251Ssam * scard_ctx - Callback context for PC/SC scard_*() function calls 109189251Ssam * 110189251Ssam * This context can be updated with eapol_sm_register_scard_ctx(). 111189251Ssam */ 112189251Ssam void *scard_ctx; 113189251Ssam 114189251Ssam /** 115189251Ssam * eapol_send_ctx - Callback context for eapol_send() calls 116189251Ssam */ 117189251Ssam void *eapol_send_ctx; 118189251Ssam 119189251Ssam /** 120189251Ssam * eapol_done_cb - Function to be called at successful completion 121189251Ssam * @ctx: Callback context (ctx) 122189251Ssam * 123189251Ssam * This function is called at the successful completion of EAPOL 124189251Ssam * authentication. If dynamic WEP keys are used, this is called only 125189251Ssam * after all the expected keys have been received. 126189251Ssam */ 127189251Ssam void (*eapol_done_cb)(void *ctx); 128189251Ssam 129189251Ssam /** 130189251Ssam * eapol_send - Send EAPOL packets 131189251Ssam * @ctx: Callback context (eapol_send_ctx) 132189251Ssam * @type: EAPOL type (IEEE802_1X_TYPE_*) 133189251Ssam * @buf: Pointer to EAPOL payload 134189251Ssam * @len: Length of the EAPOL payload 135189251Ssam * Returns: 0 on success, -1 on failure 136189251Ssam */ 137189251Ssam int (*eapol_send)(void *ctx, int type, const u8 *buf, size_t len); 138189251Ssam 139189251Ssam /** 140189251Ssam * set_wep_key - Configure WEP keys 141189251Ssam * @ctx: Callback context (ctx) 142189251Ssam * @unicast: Non-zero = unicast, 0 = multicast/broadcast key 143189251Ssam * @keyidx: Key index (0..3) 144189251Ssam * @key: WEP key 145189251Ssam * @keylen: Length of the WEP key 146189251Ssam * Returns: 0 on success, -1 on failure 147189251Ssam */ 148189251Ssam int (*set_wep_key)(void *ctx, int unicast, int keyidx, 149189251Ssam const u8 *key, size_t keylen); 150189251Ssam 151189251Ssam /** 152189251Ssam * set_config_blob - Set or add a named configuration blob 153189251Ssam * @ctx: Callback context (ctx) 154189251Ssam * @blob: New value for the blob 155189251Ssam * 156189251Ssam * Adds a new configuration blob or replaces the current value of an 157189251Ssam * existing blob. 158189251Ssam */ 159189251Ssam void (*set_config_blob)(void *ctx, struct wpa_config_blob *blob); 160189251Ssam 161189251Ssam /** 162189251Ssam * get_config_blob - Get a named configuration blob 163189251Ssam * @ctx: Callback context (ctx) 164189251Ssam * @name: Name of the blob 165189251Ssam * Returns: Pointer to blob data or %NULL if not found 166189251Ssam */ 167189251Ssam const struct wpa_config_blob * (*get_config_blob)(void *ctx, 168189251Ssam const char *name); 169189251Ssam 170189251Ssam /** 171189251Ssam * aborted_cached - Notify that cached PMK attempt was aborted 172189251Ssam * @ctx: Callback context (ctx) 173189251Ssam */ 174189251Ssam void (*aborted_cached)(void *ctx); 175189251Ssam 176189251Ssam#ifdef EAP_TLS_OPENSSL 177189251Ssam /** 178189251Ssam * opensc_engine_path - Path to the OpenSSL engine for opensc 179189251Ssam * 180189251Ssam * This is an OpenSSL specific configuration option for loading OpenSC 181189251Ssam * engine (engine_opensc.so); if %NULL, this engine is not loaded. 182189251Ssam */ 183189251Ssam const char *opensc_engine_path; 184189251Ssam 185189251Ssam /** 186189251Ssam * pkcs11_engine_path - Path to the OpenSSL engine for PKCS#11 187189251Ssam * 188189251Ssam * This is an OpenSSL specific configuration option for loading PKCS#11 189189251Ssam * engine (engine_pkcs11.so); if %NULL, this engine is not loaded. 190189251Ssam */ 191189251Ssam const char *pkcs11_engine_path; 192189251Ssam 193189251Ssam /** 194189251Ssam * pkcs11_module_path - Path to the OpenSSL OpenSC/PKCS#11 module 195189251Ssam * 196189251Ssam * This is an OpenSSL specific configuration option for configuring 197189251Ssam * path to OpenSC/PKCS#11 engine (opensc-pkcs11.so); if %NULL, this 198189251Ssam * module is not loaded. 199189251Ssam */ 200189251Ssam const char *pkcs11_module_path; 201189251Ssam#endif /* EAP_TLS_OPENSSL */ 202189251Ssam 203189251Ssam /** 204189251Ssam * wps - WPS context data 205189251Ssam * 206189251Ssam * This is only used by EAP-WSC and can be left %NULL if not available. 207189251Ssam */ 208189251Ssam struct wps_context *wps; 209189251Ssam 210189251Ssam /** 211189251Ssam * eap_param_needed - Notify that EAP parameter is needed 212189251Ssam * @ctx: Callback context (ctx) 213189251Ssam * @field: Field name (e.g., "IDENTITY") 214189251Ssam * @txt: User readable text describing the required parameter 215189251Ssam */ 216189251Ssam void (*eap_param_needed)(void *ctx, const char *field, 217189251Ssam const char *txt); 218189251Ssam}; 219189251Ssam 220189251Ssam 221189251Ssamstruct eap_peer_config; 222189251Ssam 223189251Ssam#ifdef IEEE8021X_EAPOL 224189251Ssamstruct eapol_sm *eapol_sm_init(struct eapol_ctx *ctx); 225189251Ssamvoid eapol_sm_deinit(struct eapol_sm *sm); 226189251Ssamvoid eapol_sm_step(struct eapol_sm *sm); 227189251Ssamint eapol_sm_get_status(struct eapol_sm *sm, char *buf, size_t buflen, 228189251Ssam int verbose); 229189251Ssamint eapol_sm_get_mib(struct eapol_sm *sm, char *buf, size_t buflen); 230189251Ssamvoid eapol_sm_configure(struct eapol_sm *sm, int heldPeriod, int authPeriod, 231189251Ssam int startPeriod, int maxStart); 232189251Ssamint eapol_sm_rx_eapol(struct eapol_sm *sm, const u8 *src, const u8 *buf, 233189251Ssam size_t len); 234189251Ssamvoid eapol_sm_notify_tx_eapol_key(struct eapol_sm *sm); 235189251Ssamvoid eapol_sm_notify_portEnabled(struct eapol_sm *sm, Boolean enabled); 236189251Ssamvoid eapol_sm_notify_portValid(struct eapol_sm *sm, Boolean valid); 237189251Ssamvoid eapol_sm_notify_eap_success(struct eapol_sm *sm, Boolean success); 238189251Ssamvoid eapol_sm_notify_eap_fail(struct eapol_sm *sm, Boolean fail); 239189251Ssamvoid eapol_sm_notify_config(struct eapol_sm *sm, 240189251Ssam struct eap_peer_config *config, 241189251Ssam const struct eapol_config *conf); 242189251Ssamint eapol_sm_get_key(struct eapol_sm *sm, u8 *key, size_t len); 243189251Ssamvoid eapol_sm_notify_logoff(struct eapol_sm *sm, Boolean logoff); 244189251Ssamvoid eapol_sm_notify_cached(struct eapol_sm *sm); 245189251Ssamvoid eapol_sm_notify_pmkid_attempt(struct eapol_sm *sm, int attempt); 246189251Ssamvoid eapol_sm_register_scard_ctx(struct eapol_sm *sm, void *ctx); 247189251Ssamvoid eapol_sm_notify_portControl(struct eapol_sm *sm, PortControl portControl); 248189251Ssamvoid eapol_sm_notify_ctrl_attached(struct eapol_sm *sm); 249189251Ssamvoid eapol_sm_notify_ctrl_response(struct eapol_sm *sm); 250189251Ssamvoid eapol_sm_request_reauth(struct eapol_sm *sm); 251189251Ssamvoid eapol_sm_notify_lower_layer_success(struct eapol_sm *sm, int in_eapol_sm); 252189251Ssamvoid eapol_sm_invalidate_cached_session(struct eapol_sm *sm); 253189251Ssam#else /* IEEE8021X_EAPOL */ 254189251Ssamstatic inline struct eapol_sm *eapol_sm_init(struct eapol_ctx *ctx) 255189251Ssam{ 256189251Ssam free(ctx); 257189251Ssam return (struct eapol_sm *) 1; 258189251Ssam} 259189251Ssamstatic inline void eapol_sm_deinit(struct eapol_sm *sm) 260189251Ssam{ 261189251Ssam} 262189251Ssamstatic inline void eapol_sm_step(struct eapol_sm *sm) 263189251Ssam{ 264189251Ssam} 265189251Ssamstatic inline int eapol_sm_get_status(struct eapol_sm *sm, char *buf, 266189251Ssam size_t buflen, int verbose) 267189251Ssam{ 268189251Ssam return 0; 269189251Ssam} 270189251Ssamstatic inline int eapol_sm_get_mib(struct eapol_sm *sm, char *buf, 271189251Ssam size_t buflen) 272189251Ssam{ 273189251Ssam return 0; 274189251Ssam} 275189251Ssamstatic inline void eapol_sm_configure(struct eapol_sm *sm, int heldPeriod, 276189251Ssam int authPeriod, int startPeriod, 277189251Ssam int maxStart) 278189251Ssam{ 279189251Ssam} 280189251Ssamstatic inline int eapol_sm_rx_eapol(struct eapol_sm *sm, const u8 *src, 281189251Ssam const u8 *buf, size_t len) 282189251Ssam{ 283189251Ssam return 0; 284189251Ssam} 285189251Ssamstatic inline void eapol_sm_notify_tx_eapol_key(struct eapol_sm *sm) 286189251Ssam{ 287189251Ssam} 288189251Ssamstatic inline void eapol_sm_notify_portEnabled(struct eapol_sm *sm, 289189251Ssam Boolean enabled) 290189251Ssam{ 291189251Ssam} 292189251Ssamstatic inline void eapol_sm_notify_portValid(struct eapol_sm *sm, 293189251Ssam Boolean valid) 294189251Ssam{ 295189251Ssam} 296189251Ssamstatic inline void eapol_sm_notify_eap_success(struct eapol_sm *sm, 297189251Ssam Boolean success) 298189251Ssam{ 299189251Ssam} 300189251Ssamstatic inline void eapol_sm_notify_eap_fail(struct eapol_sm *sm, Boolean fail) 301189251Ssam{ 302189251Ssam} 303189251Ssamstatic inline void eapol_sm_notify_config(struct eapol_sm *sm, 304189251Ssam struct eap_peer_config *config, 305189251Ssam struct eapol_config *conf) 306189251Ssam{ 307189251Ssam} 308189251Ssamstatic inline int eapol_sm_get_key(struct eapol_sm *sm, u8 *key, size_t len) 309189251Ssam{ 310189251Ssam return -1; 311189251Ssam} 312189251Ssamstatic inline void eapol_sm_notify_logoff(struct eapol_sm *sm, Boolean logoff) 313189251Ssam{ 314189251Ssam} 315189251Ssamstatic inline void eapol_sm_notify_cached(struct eapol_sm *sm) 316189251Ssam{ 317189251Ssam} 318189251Ssam#define eapol_sm_notify_pmkid_attempt(sm, attempt) do { } while (0) 319189251Ssam#define eapol_sm_register_scard_ctx(sm, ctx) do { } while (0) 320189251Ssamstatic inline void eapol_sm_notify_portControl(struct eapol_sm *sm, 321189251Ssam PortControl portControl) 322189251Ssam{ 323189251Ssam} 324189251Ssamstatic inline void eapol_sm_notify_ctrl_attached(struct eapol_sm *sm) 325189251Ssam{ 326189251Ssam} 327189251Ssamstatic inline void eapol_sm_notify_ctrl_response(struct eapol_sm *sm) 328189251Ssam{ 329189251Ssam} 330189251Ssamstatic inline void eapol_sm_request_reauth(struct eapol_sm *sm) 331189251Ssam{ 332189251Ssam} 333189251Ssamstatic inline void eapol_sm_notify_lower_layer_success(struct eapol_sm *sm, 334189251Ssam int in_eapol_sm) 335189251Ssam{ 336189251Ssam} 337189251Ssamstatic inline void eapol_sm_invalidate_cached_session(struct eapol_sm *sm) 338189251Ssam{ 339189251Ssam} 340189251Ssam#endif /* IEEE8021X_EAPOL */ 341189251Ssam 342189251Ssam#endif /* EAPOL_SUPP_SM_H */ 343