eapol_supp_sm.h revision 214734
1189251Ssam/* 2189251Ssam * EAPOL supplicant state machines 3189251Ssam * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi> 4189251Ssam * 5189251Ssam * This program is free software; you can redistribute it and/or modify 6189251Ssam * it under the terms of the GNU General Public License version 2 as 7189251Ssam * published by the Free Software Foundation. 8189251Ssam * 9189251Ssam * Alternatively, this software may be distributed under the terms of BSD 10189251Ssam * license. 11189251Ssam * 12189251Ssam * See README and COPYING for more details. 13189251Ssam */ 14189251Ssam 15189251Ssam#ifndef EAPOL_SUPP_SM_H 16189251Ssam#define EAPOL_SUPP_SM_H 17189251Ssam 18214734Srpaulo#include "common/defs.h" 19189251Ssam 20189251Ssamtypedef enum { Unauthorized, Authorized } PortStatus; 21189251Ssamtypedef enum { Auto, ForceUnauthorized, ForceAuthorized } PortControl; 22189251Ssam 23189251Ssam/** 24189251Ssam * struct eapol_config - Per network configuration for EAPOL state machines 25189251Ssam */ 26189251Ssamstruct eapol_config { 27189251Ssam /** 28189251Ssam * accept_802_1x_keys - Accept IEEE 802.1X (non-WPA) EAPOL-Key frames 29189251Ssam * 30189251Ssam * This variable should be set to 1 when using EAPOL state machines 31189251Ssam * with non-WPA security policy to generate dynamic WEP keys. When 32189251Ssam * using WPA, this should be set to 0 so that WPA state machine can 33189251Ssam * process the EAPOL-Key frames. 34189251Ssam */ 35189251Ssam int accept_802_1x_keys; 36189251Ssam 37189251Ssam#define EAPOL_REQUIRE_KEY_UNICAST BIT(0) 38189251Ssam#define EAPOL_REQUIRE_KEY_BROADCAST BIT(1) 39189251Ssam /** 40189251Ssam * required_keys - Which EAPOL-Key packets are required 41189251Ssam * 42189251Ssam * This variable determines which EAPOL-Key packets are required before 43189251Ssam * marking connection authenticated. This is a bit field of 44189251Ssam * EAPOL_REQUIRE_KEY_UNICAST and EAPOL_REQUIRE_KEY_BROADCAST flags. 45189251Ssam */ 46189251Ssam int required_keys; 47189251Ssam 48189251Ssam /** 49189251Ssam * fast_reauth - Whether fast EAP reauthentication is enabled 50189251Ssam */ 51189251Ssam int fast_reauth; 52189251Ssam 53189251Ssam /** 54189251Ssam * workaround - Whether EAP workarounds are enabled 55189251Ssam */ 56189251Ssam unsigned int workaround; 57189251Ssam 58189251Ssam /** 59189251Ssam * eap_disabled - Whether EAP is disabled 60189251Ssam */ 61189251Ssam int eap_disabled; 62189251Ssam}; 63189251Ssam 64189251Ssamstruct eapol_sm; 65189251Ssamstruct wpa_config_blob; 66189251Ssam 67189251Ssam/** 68189251Ssam * struct eapol_ctx - Global (for all networks) EAPOL state machine context 69189251Ssam */ 70189251Ssamstruct eapol_ctx { 71189251Ssam /** 72189251Ssam * ctx - Pointer to arbitrary upper level context 73189251Ssam */ 74189251Ssam void *ctx; 75189251Ssam 76189251Ssam /** 77189251Ssam * preauth - IEEE 802.11i/RSN pre-authentication 78189251Ssam * 79189251Ssam * This EAPOL state machine is used for IEEE 802.11i/RSN 80189251Ssam * pre-authentication 81189251Ssam */ 82189251Ssam int preauth; 83189251Ssam 84189251Ssam /** 85189251Ssam * cb - Function to be called when EAPOL negotiation has been completed 86189251Ssam * @eapol: Pointer to EAPOL state machine data 87189251Ssam * @success: Whether the authentication was completed successfully 88189251Ssam * @ctx: Pointer to context data (cb_ctx) 89189251Ssam * 90189251Ssam * This optional callback function will be called when the EAPOL 91189251Ssam * authentication has been completed. This allows the owner of the 92189251Ssam * EAPOL state machine to process the key and terminate the EAPOL state 93189251Ssam * machine. Currently, this is used only in RSN pre-authentication. 94189251Ssam */ 95189251Ssam void (*cb)(struct eapol_sm *eapol, int success, void *ctx); 96189251Ssam 97189251Ssam /** 98189251Ssam * cb_ctx - Callback context for cb() 99189251Ssam */ 100189251Ssam void *cb_ctx; 101189251Ssam 102189251Ssam /** 103189251Ssam * msg_ctx - Callback context for wpa_msg() calls 104189251Ssam */ 105189251Ssam void *msg_ctx; 106189251Ssam 107189251Ssam /** 108189251Ssam * scard_ctx - Callback context for PC/SC scard_*() function calls 109189251Ssam * 110189251Ssam * This context can be updated with eapol_sm_register_scard_ctx(). 111189251Ssam */ 112189251Ssam void *scard_ctx; 113189251Ssam 114189251Ssam /** 115189251Ssam * eapol_send_ctx - Callback context for eapol_send() calls 116189251Ssam */ 117189251Ssam void *eapol_send_ctx; 118189251Ssam 119189251Ssam /** 120189251Ssam * eapol_done_cb - Function to be called at successful completion 121189251Ssam * @ctx: Callback context (ctx) 122189251Ssam * 123189251Ssam * This function is called at the successful completion of EAPOL 124189251Ssam * authentication. If dynamic WEP keys are used, this is called only 125189251Ssam * after all the expected keys have been received. 126189251Ssam */ 127189251Ssam void (*eapol_done_cb)(void *ctx); 128189251Ssam 129189251Ssam /** 130189251Ssam * eapol_send - Send EAPOL packets 131189251Ssam * @ctx: Callback context (eapol_send_ctx) 132189251Ssam * @type: EAPOL type (IEEE802_1X_TYPE_*) 133189251Ssam * @buf: Pointer to EAPOL payload 134189251Ssam * @len: Length of the EAPOL payload 135189251Ssam * Returns: 0 on success, -1 on failure 136189251Ssam */ 137189251Ssam int (*eapol_send)(void *ctx, int type, const u8 *buf, size_t len); 138189251Ssam 139189251Ssam /** 140189251Ssam * set_wep_key - Configure WEP keys 141189251Ssam * @ctx: Callback context (ctx) 142189251Ssam * @unicast: Non-zero = unicast, 0 = multicast/broadcast key 143189251Ssam * @keyidx: Key index (0..3) 144189251Ssam * @key: WEP key 145189251Ssam * @keylen: Length of the WEP key 146189251Ssam * Returns: 0 on success, -1 on failure 147189251Ssam */ 148189251Ssam int (*set_wep_key)(void *ctx, int unicast, int keyidx, 149189251Ssam const u8 *key, size_t keylen); 150189251Ssam 151189251Ssam /** 152189251Ssam * set_config_blob - Set or add a named configuration blob 153189251Ssam * @ctx: Callback context (ctx) 154189251Ssam * @blob: New value for the blob 155189251Ssam * 156189251Ssam * Adds a new configuration blob or replaces the current value of an 157189251Ssam * existing blob. 158189251Ssam */ 159189251Ssam void (*set_config_blob)(void *ctx, struct wpa_config_blob *blob); 160189251Ssam 161189251Ssam /** 162189251Ssam * get_config_blob - Get a named configuration blob 163189251Ssam * @ctx: Callback context (ctx) 164189251Ssam * @name: Name of the blob 165189251Ssam * Returns: Pointer to blob data or %NULL if not found 166189251Ssam */ 167189251Ssam const struct wpa_config_blob * (*get_config_blob)(void *ctx, 168189251Ssam const char *name); 169189251Ssam 170189251Ssam /** 171189251Ssam * aborted_cached - Notify that cached PMK attempt was aborted 172189251Ssam * @ctx: Callback context (ctx) 173189251Ssam */ 174189251Ssam void (*aborted_cached)(void *ctx); 175189251Ssam 176189251Ssam /** 177189251Ssam * opensc_engine_path - Path to the OpenSSL engine for opensc 178189251Ssam * 179189251Ssam * This is an OpenSSL specific configuration option for loading OpenSC 180189251Ssam * engine (engine_opensc.so); if %NULL, this engine is not loaded. 181189251Ssam */ 182189251Ssam const char *opensc_engine_path; 183189251Ssam 184189251Ssam /** 185189251Ssam * pkcs11_engine_path - Path to the OpenSSL engine for PKCS#11 186189251Ssam * 187189251Ssam * This is an OpenSSL specific configuration option for loading PKCS#11 188189251Ssam * engine (engine_pkcs11.so); if %NULL, this engine is not loaded. 189189251Ssam */ 190189251Ssam const char *pkcs11_engine_path; 191189251Ssam 192189251Ssam /** 193189251Ssam * pkcs11_module_path - Path to the OpenSSL OpenSC/PKCS#11 module 194189251Ssam * 195189251Ssam * This is an OpenSSL specific configuration option for configuring 196189251Ssam * path to OpenSC/PKCS#11 engine (opensc-pkcs11.so); if %NULL, this 197189251Ssam * module is not loaded. 198189251Ssam */ 199189251Ssam const char *pkcs11_module_path; 200189251Ssam 201189251Ssam /** 202189251Ssam * wps - WPS context data 203189251Ssam * 204189251Ssam * This is only used by EAP-WSC and can be left %NULL if not available. 205189251Ssam */ 206189251Ssam struct wps_context *wps; 207189251Ssam 208189251Ssam /** 209189251Ssam * eap_param_needed - Notify that EAP parameter is needed 210189251Ssam * @ctx: Callback context (ctx) 211189251Ssam * @field: Field name (e.g., "IDENTITY") 212189251Ssam * @txt: User readable text describing the required parameter 213189251Ssam */ 214189251Ssam void (*eap_param_needed)(void *ctx, const char *field, 215189251Ssam const char *txt); 216214734Srpaulo 217214734Srpaulo /** 218214734Srpaulo * port_cb - Set port authorized/unauthorized callback (optional) 219214734Srpaulo * @ctx: Callback context (ctx) 220214734Srpaulo * @authorized: Whether the supplicant port is now in authorized state 221214734Srpaulo */ 222214734Srpaulo void (*port_cb)(void *ctx, int authorized); 223189251Ssam}; 224189251Ssam 225189251Ssam 226189251Ssamstruct eap_peer_config; 227189251Ssam 228189251Ssam#ifdef IEEE8021X_EAPOL 229189251Ssamstruct eapol_sm *eapol_sm_init(struct eapol_ctx *ctx); 230189251Ssamvoid eapol_sm_deinit(struct eapol_sm *sm); 231189251Ssamvoid eapol_sm_step(struct eapol_sm *sm); 232189251Ssamint eapol_sm_get_status(struct eapol_sm *sm, char *buf, size_t buflen, 233189251Ssam int verbose); 234189251Ssamint eapol_sm_get_mib(struct eapol_sm *sm, char *buf, size_t buflen); 235189251Ssamvoid eapol_sm_configure(struct eapol_sm *sm, int heldPeriod, int authPeriod, 236189251Ssam int startPeriod, int maxStart); 237189251Ssamint eapol_sm_rx_eapol(struct eapol_sm *sm, const u8 *src, const u8 *buf, 238189251Ssam size_t len); 239189251Ssamvoid eapol_sm_notify_tx_eapol_key(struct eapol_sm *sm); 240189251Ssamvoid eapol_sm_notify_portEnabled(struct eapol_sm *sm, Boolean enabled); 241189251Ssamvoid eapol_sm_notify_portValid(struct eapol_sm *sm, Boolean valid); 242189251Ssamvoid eapol_sm_notify_eap_success(struct eapol_sm *sm, Boolean success); 243189251Ssamvoid eapol_sm_notify_eap_fail(struct eapol_sm *sm, Boolean fail); 244189251Ssamvoid eapol_sm_notify_config(struct eapol_sm *sm, 245189251Ssam struct eap_peer_config *config, 246189251Ssam const struct eapol_config *conf); 247189251Ssamint eapol_sm_get_key(struct eapol_sm *sm, u8 *key, size_t len); 248189251Ssamvoid eapol_sm_notify_logoff(struct eapol_sm *sm, Boolean logoff); 249189251Ssamvoid eapol_sm_notify_cached(struct eapol_sm *sm); 250189251Ssamvoid eapol_sm_notify_pmkid_attempt(struct eapol_sm *sm, int attempt); 251189251Ssamvoid eapol_sm_register_scard_ctx(struct eapol_sm *sm, void *ctx); 252189251Ssamvoid eapol_sm_notify_portControl(struct eapol_sm *sm, PortControl portControl); 253189251Ssamvoid eapol_sm_notify_ctrl_attached(struct eapol_sm *sm); 254189251Ssamvoid eapol_sm_notify_ctrl_response(struct eapol_sm *sm); 255189251Ssamvoid eapol_sm_request_reauth(struct eapol_sm *sm); 256189251Ssamvoid eapol_sm_notify_lower_layer_success(struct eapol_sm *sm, int in_eapol_sm); 257189251Ssamvoid eapol_sm_invalidate_cached_session(struct eapol_sm *sm); 258189251Ssam#else /* IEEE8021X_EAPOL */ 259189251Ssamstatic inline struct eapol_sm *eapol_sm_init(struct eapol_ctx *ctx) 260189251Ssam{ 261189251Ssam free(ctx); 262189251Ssam return (struct eapol_sm *) 1; 263189251Ssam} 264189251Ssamstatic inline void eapol_sm_deinit(struct eapol_sm *sm) 265189251Ssam{ 266189251Ssam} 267189251Ssamstatic inline void eapol_sm_step(struct eapol_sm *sm) 268189251Ssam{ 269189251Ssam} 270189251Ssamstatic inline int eapol_sm_get_status(struct eapol_sm *sm, char *buf, 271189251Ssam size_t buflen, int verbose) 272189251Ssam{ 273189251Ssam return 0; 274189251Ssam} 275189251Ssamstatic inline int eapol_sm_get_mib(struct eapol_sm *sm, char *buf, 276189251Ssam size_t buflen) 277189251Ssam{ 278189251Ssam return 0; 279189251Ssam} 280189251Ssamstatic inline void eapol_sm_configure(struct eapol_sm *sm, int heldPeriod, 281189251Ssam int authPeriod, int startPeriod, 282189251Ssam int maxStart) 283189251Ssam{ 284189251Ssam} 285189251Ssamstatic inline int eapol_sm_rx_eapol(struct eapol_sm *sm, const u8 *src, 286189251Ssam const u8 *buf, size_t len) 287189251Ssam{ 288189251Ssam return 0; 289189251Ssam} 290189251Ssamstatic inline void eapol_sm_notify_tx_eapol_key(struct eapol_sm *sm) 291189251Ssam{ 292189251Ssam} 293189251Ssamstatic inline void eapol_sm_notify_portEnabled(struct eapol_sm *sm, 294189251Ssam Boolean enabled) 295189251Ssam{ 296189251Ssam} 297189251Ssamstatic inline void eapol_sm_notify_portValid(struct eapol_sm *sm, 298189251Ssam Boolean valid) 299189251Ssam{ 300189251Ssam} 301189251Ssamstatic inline void eapol_sm_notify_eap_success(struct eapol_sm *sm, 302189251Ssam Boolean success) 303189251Ssam{ 304189251Ssam} 305189251Ssamstatic inline void eapol_sm_notify_eap_fail(struct eapol_sm *sm, Boolean fail) 306189251Ssam{ 307189251Ssam} 308189251Ssamstatic inline void eapol_sm_notify_config(struct eapol_sm *sm, 309189251Ssam struct eap_peer_config *config, 310189251Ssam struct eapol_config *conf) 311189251Ssam{ 312189251Ssam} 313189251Ssamstatic inline int eapol_sm_get_key(struct eapol_sm *sm, u8 *key, size_t len) 314189251Ssam{ 315189251Ssam return -1; 316189251Ssam} 317189251Ssamstatic inline void eapol_sm_notify_logoff(struct eapol_sm *sm, Boolean logoff) 318189251Ssam{ 319189251Ssam} 320189251Ssamstatic inline void eapol_sm_notify_cached(struct eapol_sm *sm) 321189251Ssam{ 322189251Ssam} 323189251Ssam#define eapol_sm_notify_pmkid_attempt(sm, attempt) do { } while (0) 324189251Ssam#define eapol_sm_register_scard_ctx(sm, ctx) do { } while (0) 325189251Ssamstatic inline void eapol_sm_notify_portControl(struct eapol_sm *sm, 326189251Ssam PortControl portControl) 327189251Ssam{ 328189251Ssam} 329189251Ssamstatic inline void eapol_sm_notify_ctrl_attached(struct eapol_sm *sm) 330189251Ssam{ 331189251Ssam} 332189251Ssamstatic inline void eapol_sm_notify_ctrl_response(struct eapol_sm *sm) 333189251Ssam{ 334189251Ssam} 335189251Ssamstatic inline void eapol_sm_request_reauth(struct eapol_sm *sm) 336189251Ssam{ 337189251Ssam} 338189251Ssamstatic inline void eapol_sm_notify_lower_layer_success(struct eapol_sm *sm, 339189251Ssam int in_eapol_sm) 340189251Ssam{ 341189251Ssam} 342189251Ssamstatic inline void eapol_sm_invalidate_cached_session(struct eapol_sm *sm) 343189251Ssam{ 344189251Ssam} 345189251Ssam#endif /* IEEE8021X_EAPOL */ 346189251Ssam 347189251Ssam#endif /* EAPOL_SUPP_SM_H */ 348