Home | History | Annotate | Download | only in eap_server 
      1 /*
      2  * hostapd / EAP Authenticator state machine internal structures (RFC 4137)
      3  * Copyright (c) 2004-2007, Jouni Malinen <j (at) w1.fi>
      4  *
      5  * This software may be distributed under the terms of the BSD license.
      6  * See README for more details.
      7  */
      8 
      9 #ifndef EAP_I_H
     10 #define EAP_I_H
     11 
     12 #include "wpabuf.h"
     13 #include "eap_server/eap.h"
     14 #include "eap_common/eap_common.h"
     15 
     16 /* RFC 4137 - EAP Standalone Authenticator */
     17 
     18 /**
     19  * struct eap_method - EAP method interface
     20  * This structure defines the EAP method interface. Each method will need to
     21  * register its own EAP type, EAP name, and set of function pointers for method
     22  * specific operations. This interface is based on section 5.4 of RFC 4137.
     23  */
     24 struct eap_method {
     25 	int vendor;
     26 	EapType method;
     27 	const char *name;
     28 
     29 	void * (*init)(struct eap_sm *sm);
     30 	void * (*initPickUp)(struct eap_sm *sm);
     31 	void (*reset)(struct eap_sm *sm, void *priv);
     32 
     33 	struct wpabuf * (*buildReq)(struct eap_sm *sm, void *priv, u8 id);
     34 	int (*getTimeout)(struct eap_sm *sm, void *priv);
     35 	Boolean (*check)(struct eap_sm *sm, void *priv,
     36 			 struct wpabuf *respData);
     37 	void (*process)(struct eap_sm *sm, void *priv,
     38 			struct wpabuf *respData);
     39 	Boolean (*isDone)(struct eap_sm *sm, void *priv);
     40 	u8 * (*getKey)(struct eap_sm *sm, void *priv, size_t *len);
     41 	/* isSuccess is not specified in draft-ietf-eap-statemachine-05.txt,
     42 	 * but it is useful in implementing Policy.getDecision() */
     43 	Boolean (*isSuccess)(struct eap_sm *sm, void *priv);
     44 
     45 	/**
     46 	 * free - Free EAP method data
     47 	 * @method: Pointer to the method data registered with
     48 	 * eap_server_method_register().
     49 	 *
     50 	 * This function will be called when the EAP method is being
     51 	 * unregistered. If the EAP method allocated resources during
     52 	 * registration (e.g., allocated struct eap_method), they should be
     53 	 * freed in this function. No other method functions will be called
     54 	 * after this call. If this function is not defined (i.e., function
     55 	 * pointer is %NULL), a default handler is used to release the method
     56 	 * data with free(method). This is suitable for most cases.
     57 	 */
     58 	void (*free)(struct eap_method *method);
     59 
     60 #define EAP_SERVER_METHOD_INTERFACE_VERSION 1
     61 	/**
     62 	 * version - Version of the EAP server method interface
     63 	 *
     64 	 * The EAP server method implementation should set this variable to
     65 	 * EAP_SERVER_METHOD_INTERFACE_VERSION. This is used to verify that the
     66 	 * EAP method is using supported API version when using dynamically
     67 	 * loadable EAP methods.
     68 	 */
     69 	int version;
     70 
     71 	/**
     72 	 * next - Pointer to the next EAP method
     73 	 *
     74 	 * This variable is used internally in the EAP method registration code
     75 	 * to create a linked list of registered EAP methods.
     76 	 */
     77 	struct eap_method *next;
     78 
     79 	/**
     80 	 * get_emsk - Get EAP method specific keying extended material (EMSK)
     81 	 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
     82 	 * @priv: Pointer to private EAP method data from eap_method::init()
     83 	 * @len: Pointer to a variable to store EMSK length
     84 	 * Returns: EMSK or %NULL if not available
     85 	 *
     86 	 * This function can be used to get the extended keying material from
     87 	 * the EAP method. The key may already be stored in the method-specific
     88 	 * private data or this function may derive the key.
     89 	 */
     90 	u8 * (*get_emsk)(struct eap_sm *sm, void *priv, size_t *len);
     91 };
     92 
     93 /**
     94  * struct eap_sm - EAP server state machine data
     95  */
     96 struct eap_sm {
     97 	enum {
     98 		EAP_DISABLED, EAP_INITIALIZE, EAP_IDLE, EAP_RECEIVED,
     99 		EAP_INTEGRITY_CHECK, EAP_METHOD_RESPONSE, EAP_METHOD_REQUEST,
    100 		EAP_PROPOSE_METHOD, EAP_SELECT_ACTION, EAP_SEND_REQUEST,
    101 		EAP_DISCARD, EAP_NAK, EAP_RETRANSMIT, EAP_SUCCESS, EAP_FAILURE,
    102 		EAP_TIMEOUT_FAILURE, EAP_PICK_UP_METHOD,
    103 		EAP_INITIALIZE_PASSTHROUGH, EAP_IDLE2, EAP_RETRANSMIT2,
    104 		EAP_RECEIVED2, EAP_DISCARD2, EAP_SEND_REQUEST2,
    105 		EAP_AAA_REQUEST, EAP_AAA_RESPONSE, EAP_AAA_IDLE,
    106 		EAP_TIMEOUT_FAILURE2, EAP_FAILURE2, EAP_SUCCESS2
    107 	} EAP_state;
    108 
    109 	/* Constants */
    110 	int MaxRetrans;
    111 
    112 	struct eap_eapol_interface eap_if;
    113 
    114 	/* Full authenticator state machine local variables */
    115 
    116 	/* Long-term (maintained between packets) */
    117 	EapType currentMethod;
    118 	int currentId;
    119 	enum {
    120 		METHOD_PROPOSED, METHOD_CONTINUE, METHOD_END
    121 	} methodState;
    122 	int retransCount;
    123 	struct wpabuf *lastReqData;
    124 	int methodTimeout;
    125 
    126 	/* Short-term (not maintained between packets) */
    127 	Boolean rxResp;
    128 	int respId;
    129 	EapType respMethod;
    130 	int respVendor;
    131 	u32 respVendorMethod;
    132 	Boolean ignore;
    133 	enum {
    134 		DECISION_SUCCESS, DECISION_FAILURE, DECISION_CONTINUE,
    135 		DECISION_PASSTHROUGH
    136 	} decision;
    137 
    138 	/* Miscellaneous variables */
    139 	const struct eap_method *m; /* selected EAP method */
    140 	/* not defined in RFC 4137 */
    141 	Boolean changed;
    142 	void *eapol_ctx, *msg_ctx;
    143 	struct eapol_callbacks *eapol_cb;
    144 	void *eap_method_priv;
    145 	u8 *identity;
    146 	size_t identity_len;
    147 	/* Whether Phase 2 method should validate identity match */
    148 	int require_identity_match;
    149 	int lastId; /* Identifier used in the last EAP-Packet */
    150 	struct eap_user *user;
    151 	int user_eap_method_index;
    152 	int init_phase2;
    153 	void *ssl_ctx;
    154 	struct eap_sim_db_data *eap_sim_db_priv;
    155 	Boolean backend_auth;
    156 	Boolean update_user;
    157 	int eap_server;
    158 
    159 	int num_rounds;
    160 	enum {
    161 		METHOD_PENDING_NONE, METHOD_PENDING_WAIT, METHOD_PENDING_CONT
    162 	} method_pending;
    163 
    164 	u8 *auth_challenge;
    165 	u8 *peer_challenge;
    166 
    167 	u8 *pac_opaque_encr_key;
    168 	u8 *eap_fast_a_id;
    169 	size_t eap_fast_a_id_len;
    170 	char *eap_fast_a_id_info;
    171 	enum {
    172 		NO_PROV, ANON_PROV, AUTH_PROV, BOTH_PROV
    173 	} eap_fast_prov;
    174 	int pac_key_lifetime;
    175 	int pac_key_refresh_time;
    176 	int eap_sim_aka_result_ind;
    177 	int tnc;
    178 	u16 pwd_group;
    179 	struct wps_context *wps;
    180 	struct wpabuf *assoc_wps_ie;
    181 	struct wpabuf *assoc_p2p_ie;
    182 
    183 	Boolean start_reauth;
    184 
    185 	u8 peer_addr[ETH_ALEN];
    186 
    187 	/* Fragmentation size for EAP method init() handler */
    188 	int fragment_size;
    189 
    190 	int pbc_in_m1;
    191 };
    192 
    193 int eap_user_get(struct eap_sm *sm, const u8 *identity, size_t identity_len,
    194 		 int phase2);
    195 void eap_sm_process_nak(struct eap_sm *sm, const u8 *nak_list, size_t len);
    196 
    197 #endif /* EAP_I_H */
    198