00001 /* 00002 * hostapd / EAP Full Authenticator state machine (RFC 4137) 00003 * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi> 00004 * 00005 * This program is free software; you can redistribute it and/or modify 00006 * it under the terms of the GNU General Public License version 2 as 00007 * published by the Free Software Foundation. 00008 * 00009 * Alternatively, this software may be distributed under the terms of BSD 00010 * license. 00011 * 00012 * See README and COPYING for more details. 00013 */ 00014 00015 #ifndef EAP_H 00016 #define EAP_H 00017 00018 #include "common/defs.h" 00019 #include "eap_common/eap_defs.h" 00020 #include "eap_server/eap_methods.h" 00021 #include "wpabuf.h" 00022 00023 struct eap_sm; 00024 00025 #define EAP_MAX_METHODS 8 00026 00027 #define EAP_TTLS_AUTH_PAP 1 00028 #define EAP_TTLS_AUTH_CHAP 2 00029 #define EAP_TTLS_AUTH_MSCHAP 4 00030 #define EAP_TTLS_AUTH_MSCHAPV2 8 00031 00032 struct eap_user { 00033 struct { 00034 int vendor; 00035 u32 method; 00036 } methods[EAP_MAX_METHODS]; 00037 u8 *password; 00038 size_t password_len; 00039 int password_hash; /* whether password is hashed with 00040 * nt_password_hash() */ 00041 int phase2; 00042 int force_version; 00043 int ttls_auth; /* bitfield of 00044 * EAP_TTLS_AUTH_{PAP,CHAP,MSCHAP,MSCHAPV2} */ 00045 }; 00046 00047 struct eap_eapol_interface { 00048 /* Lower layer to full authenticator variables */ 00049 Boolean eapResp; /* shared with EAPOL Backend Authentication */ 00050 struct wpabuf *eapRespData; 00051 Boolean portEnabled; 00052 int retransWhile; 00053 Boolean eapRestart; /* shared with EAPOL Authenticator PAE */ 00054 int eapSRTT; 00055 int eapRTTVAR; 00056 00057 /* Full authenticator to lower layer variables */ 00058 Boolean eapReq; /* shared with EAPOL Backend Authentication */ 00059 Boolean eapNoReq; /* shared with EAPOL Backend Authentication */ 00060 Boolean eapSuccess; 00061 Boolean eapFail; 00062 Boolean eapTimeout; 00063 struct wpabuf *eapReqData; 00064 u8 *eapKeyData; 00065 size_t eapKeyDataLen; 00066 Boolean eapKeyAvailable; /* called keyAvailable in IEEE 802.1X-2004 */ 00067 00068 /* AAA interface to full authenticator variables */ 00069 Boolean aaaEapReq; 00070 Boolean aaaEapNoReq; 00071 Boolean aaaSuccess; 00072 Boolean aaaFail; 00073 struct wpabuf *aaaEapReqData; 00074 u8 *aaaEapKeyData; 00075 size_t aaaEapKeyDataLen; 00076 Boolean aaaEapKeyAvailable; 00077 int aaaMethodTimeout; 00078 00079 /* Full authenticator to AAA interface variables */ 00080 Boolean aaaEapResp; 00081 struct wpabuf *aaaEapRespData; 00082 /* aaaIdentity -> eap_get_identity() */ 00083 Boolean aaaTimeout; 00084 }; 00085 00086 struct eapol_callbacks { 00087 int (*get_eap_user)(void *ctx, const u8 *identity, size_t identity_len, 00088 int phase2, struct eap_user *user); 00089 const char * (*get_eap_req_id_text)(void *ctx, size_t *len); 00090 }; 00091 00092 struct eap_config { 00093 void *ssl_ctx; 00094 void *msg_ctx; 00095 void *eap_sim_db_priv; 00096 Boolean backend_auth; 00097 int eap_server; 00098 u8 *pac_opaque_encr_key; 00099 u8 *eap_fast_a_id; 00100 size_t eap_fast_a_id_len; 00101 char *eap_fast_a_id_info; 00102 int eap_fast_prov; 00103 int pac_key_lifetime; 00104 int pac_key_refresh_time; 00105 int eap_sim_aka_result_ind; 00106 int tnc; 00107 struct wps_context *wps; 00108 const struct wpabuf *assoc_wps_ie; 00109 const u8 *peer_addr; 00110 }; 00111 00112 00113 struct eap_sm * eap_server_sm_init(void *eapol_ctx, 00114 struct eapol_callbacks *eapol_cb, 00115 struct eap_config *eap_conf); 00116 void eap_server_sm_deinit(struct eap_sm *sm); 00117 int eap_server_sm_step(struct eap_sm *sm); 00118 void eap_sm_notify_cached(struct eap_sm *sm); 00119 void eap_sm_pending_cb(struct eap_sm *sm); 00120 int eap_sm_method_pending(struct eap_sm *sm); 00121 const u8 * eap_get_identity(struct eap_sm *sm, size_t *len); 00122 struct eap_eapol_interface * eap_get_interface(struct eap_sm *sm); 00123 00124 #endif /* EAP_H */