1 /* 2 * IEEE 802.1X-2004 Authenticator - EAPOL state machine (internal definitions) 3 * Copyright (c) 2002-2009, Jouni Malinen <j (at) w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #ifndef EAPOL_AUTH_SM_I_H 10 #define EAPOL_AUTH_SM_I_H 11 12 #include "common/defs.h" 13 #include "radius/radius.h" 14 15 /* IEEE Std 802.1X-2004, Ch. 8.2 */ 16 17 typedef enum { ForceUnauthorized = 1, ForceAuthorized = 3, Auto = 2 } 18 PortTypes; 19 typedef enum { Unauthorized = 2, Authorized = 1 } PortState; 20 typedef enum { Both = 0, In = 1 } ControlledDirection; 21 typedef unsigned int Counter; 22 23 24 /** 25 * struct eapol_authenticator - Global EAPOL authenticator data 26 */ 27 struct eapol_authenticator { 28 struct eapol_auth_config conf; 29 struct eapol_auth_cb cb; 30 31 u8 *default_wep_key; 32 u8 default_wep_key_idx; 33 34 u32 acct_multi_session_id_hi; 35 u32 acct_multi_session_id_lo; 36 }; 37 38 39 /** 40 * struct eapol_state_machine - Per-Supplicant Authenticator state machines 41 */ 42 struct eapol_state_machine { 43 /* timers */ 44 int aWhile; 45 int quietWhile; 46 int reAuthWhen; 47 48 /* global variables */ 49 Boolean authAbort; 50 Boolean authFail; 51 PortState authPortStatus; 52 Boolean authStart; 53 Boolean authTimeout; 54 Boolean authSuccess; 55 Boolean eapolEap; 56 Boolean initialize; 57 Boolean keyDone; 58 Boolean keyRun; 59 Boolean keyTxEnabled; 60 PortTypes portControl; 61 Boolean portValid; 62 Boolean reAuthenticate; 63 64 /* Port Timers state machine */ 65 /* 'Boolean tick' implicitly handled as registered timeout */ 66 67 /* Authenticator PAE state machine */ 68 enum { AUTH_PAE_INITIALIZE, AUTH_PAE_DISCONNECTED, AUTH_PAE_CONNECTING, 69 AUTH_PAE_AUTHENTICATING, AUTH_PAE_AUTHENTICATED, 70 AUTH_PAE_ABORTING, AUTH_PAE_HELD, AUTH_PAE_FORCE_AUTH, 71 AUTH_PAE_FORCE_UNAUTH, AUTH_PAE_RESTART } auth_pae_state; 72 /* variables */ 73 Boolean eapolLogoff; 74 Boolean eapolStart; 75 PortTypes portMode; 76 unsigned int reAuthCount; 77 /* constants */ 78 unsigned int quietPeriod; /* default 60; 0..65535 */ 79 #define AUTH_PAE_DEFAULT_quietPeriod 60 80 unsigned int reAuthMax; /* default 2 */ 81 #define AUTH_PAE_DEFAULT_reAuthMax 2 82 /* counters */ 83 Counter authEntersConnecting; 84 Counter authEapLogoffsWhileConnecting; 85 Counter authEntersAuthenticating; 86 Counter authAuthSuccessesWhileAuthenticating; 87 Counter authAuthTimeoutsWhileAuthenticating; 88 Counter authAuthFailWhileAuthenticating; 89 Counter authAuthEapStartsWhileAuthenticating; 90 Counter authAuthEapLogoffWhileAuthenticating; 91 Counter authAuthReauthsWhileAuthenticated; 92 Counter authAuthEapStartsWhileAuthenticated; 93 Counter authAuthEapLogoffWhileAuthenticated; 94 95 /* Backend Authentication state machine */ 96 enum { BE_AUTH_REQUEST, BE_AUTH_RESPONSE, BE_AUTH_SUCCESS, 97 BE_AUTH_FAIL, BE_AUTH_TIMEOUT, BE_AUTH_IDLE, BE_AUTH_INITIALIZE, 98 BE_AUTH_IGNORE 99 } be_auth_state; 100 /* constants */ 101 unsigned int serverTimeout; /* default 30; 1..X */ 102 #define BE_AUTH_DEFAULT_serverTimeout 30 103 /* counters */ 104 Counter backendResponses; 105 Counter backendAccessChallenges; 106 Counter backendOtherRequestsToSupplicant; 107 Counter backendAuthSuccesses; 108 Counter backendAuthFails; 109 110 /* Reauthentication Timer state machine */ 111 enum { REAUTH_TIMER_INITIALIZE, REAUTH_TIMER_REAUTHENTICATE 112 } reauth_timer_state; 113 /* constants */ 114 unsigned int reAuthPeriod; /* default 3600 s */ 115 Boolean reAuthEnabled; 116 117 /* Authenticator Key Transmit state machine */ 118 enum { AUTH_KEY_TX_NO_KEY_TRANSMIT, AUTH_KEY_TX_KEY_TRANSMIT 119 } auth_key_tx_state; 120 121 /* Key Receive state machine */ 122 enum { KEY_RX_NO_KEY_RECEIVE, KEY_RX_KEY_RECEIVE } key_rx_state; 123 /* variables */ 124 Boolean rxKey; 125 126 /* Controlled Directions state machine */ 127 enum { CTRL_DIR_FORCE_BOTH, CTRL_DIR_IN_OR_BOTH } ctrl_dir_state; 128 /* variables */ 129 ControlledDirection adminControlledDirections; 130 ControlledDirection operControlledDirections; 131 Boolean operEdge; 132 133 /* Authenticator Statistics Table */ 134 Counter dot1xAuthEapolFramesRx; 135 Counter dot1xAuthEapolFramesTx; 136 Counter dot1xAuthEapolStartFramesRx; 137 Counter dot1xAuthEapolLogoffFramesRx; 138 Counter dot1xAuthEapolRespIdFramesRx; 139 Counter dot1xAuthEapolRespFramesRx; 140 Counter dot1xAuthEapolReqIdFramesTx; 141 Counter dot1xAuthEapolReqFramesTx; 142 Counter dot1xAuthInvalidEapolFramesRx; 143 Counter dot1xAuthEapLengthErrorFramesRx; 144 Counter dot1xAuthLastEapolFrameVersion; 145 146 /* Other variables - not defined in IEEE 802.1X */ 147 u8 addr[ETH_ALEN]; /* Supplicant address */ 148 int flags; /* EAPOL_SM_* */ 149 150 /* EAPOL/AAA <-> EAP full authenticator interface */ 151 struct eap_eapol_interface *eap_if; 152 153 int radius_identifier; 154 /* TODO: check when the last messages can be released */ 155 struct radius_msg *last_recv_radius; 156 u8 last_eap_id; /* last used EAP Identifier */ 157 u8 *identity; 158 size_t identity_len; 159 u8 eap_type_authsrv; /* EAP type of the last EAP packet from 160 * Authentication server */ 161 u8 eap_type_supp; /* EAP type of the last EAP packet from Supplicant */ 162 struct radius_class_data radius_class; 163 struct wpabuf *radius_cui; /* Chargeable-User-Identity */ 164 165 /* Keys for encrypting and signing EAPOL-Key frames */ 166 u8 *eapol_key_sign; 167 size_t eapol_key_sign_len; 168 u8 *eapol_key_crypt; 169 size_t eapol_key_crypt_len; 170 171 struct eap_sm *eap; 172 173 Boolean initializing; /* in process of initializing state machines */ 174 Boolean changed; 175 176 struct eapol_authenticator *eapol; 177 178 void *sta; /* station context pointer to use in callbacks */ 179 180 int remediation; 181 182 u32 acct_multi_session_id_hi; 183 u32 acct_multi_session_id_lo; 184 }; 185 186 #endif /* EAPOL_AUTH_SM_I_H */ 187