wpa_supplicant_node: eap

Go to the documentation of this file.
00001 /*
00002  * hostapd / EAP Authenticator state machine internal structures (RFC 4137)
00003  * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
00004  *
00005  * This program is free software; you can redistribute it and/or modify
00006  * it under the terms of the GNU General Public License version 2 as
00007  * published by the Free Software Foundation.
00008  *
00009  * Alternatively, this software may be distributed under the terms of BSD
00010  * license.
00011  *
00012  * See README and COPYING for more details.
00013  */
00014 
00015 #ifndef EAP_I_H
00016 #define EAP_I_H
00017 
00018 #include "wpabuf.h"
00019 #include "eap_server/eap.h"
00020 #include "eap_common/eap_common.h"
00021 
00022 /* RFC 4137 - EAP Standalone Authenticator */
00023 
00030 struct eap_method {
00031         int vendor;
00032         EapType method;
00033         const char *name;
00034 
00035         void * (*init)(struct eap_sm *sm);
00036         void * (*initPickUp)(struct eap_sm *sm);
00037         void (*reset)(struct eap_sm *sm, void *priv);
00038 
00039         struct wpabuf * (*buildReq)(struct eap_sm *sm, void *priv, u8 id);
00040         int (*getTimeout)(struct eap_sm *sm, void *priv);
00041         Boolean (*check)(struct eap_sm *sm, void *priv,
00042                          struct wpabuf *respData);
00043         void (*process)(struct eap_sm *sm, void *priv,
00044                         struct wpabuf *respData);
00045         Boolean (*isDone)(struct eap_sm *sm, void *priv);
00046         u8 * (*getKey)(struct eap_sm *sm, void *priv, size_t *len);
00047         /* isSuccess is not specified in draft-ietf-eap-statemachine-05.txt,
00048          * but it is useful in implementing Policy.getDecision() */
00049         Boolean (*isSuccess)(struct eap_sm *sm, void *priv);
00050 
00064         void (*free)(struct eap_method *method);
00065 
00066 #define EAP_SERVER_METHOD_INTERFACE_VERSION 1
00067 
00075         int version;
00076 
00083         struct eap_method *next;
00084 
00096         u8 * (*get_emsk)(struct eap_sm *sm, void *priv, size_t *len);
00097 };
00098 
00102 struct eap_sm {
00103         enum {
00104                 EAP_DISABLED, EAP_INITIALIZE, EAP_IDLE, EAP_RECEIVED,
00105                 EAP_INTEGRITY_CHECK, EAP_METHOD_RESPONSE, EAP_METHOD_REQUEST,
00106                 EAP_PROPOSE_METHOD, EAP_SELECT_ACTION, EAP_SEND_REQUEST,
00107                 EAP_DISCARD, EAP_NAK, EAP_RETRANSMIT, EAP_SUCCESS, EAP_FAILURE,
00108                 EAP_TIMEOUT_FAILURE, EAP_PICK_UP_METHOD,
00109                 EAP_INITIALIZE_PASSTHROUGH, EAP_IDLE2, EAP_RETRANSMIT2,
00110                 EAP_RECEIVED2, EAP_DISCARD2, EAP_SEND_REQUEST2,
00111                 EAP_AAA_REQUEST, EAP_AAA_RESPONSE, EAP_AAA_IDLE,
00112                 EAP_TIMEOUT_FAILURE2, EAP_FAILURE2, EAP_SUCCESS2
00113         } EAP_state;
00114 
00115         /* Constants */
00116         int MaxRetrans;
00117 
00118         struct eap_eapol_interface eap_if;
00119 
00120         /* Full authenticator state machine local variables */
00121 
00122         /* Long-term (maintained betwen packets) */
00123         EapType currentMethod;
00124         int currentId;
00125         enum {
00126                 METHOD_PROPOSED, METHOD_CONTINUE, METHOD_END
00127         } methodState;
00128         int retransCount;
00129         struct wpabuf *lastReqData;
00130         int methodTimeout;
00131 
00132         /* Short-term (not maintained between packets) */
00133         Boolean rxResp;
00134         int respId;
00135         EapType respMethod;
00136         int respVendor;
00137         u32 respVendorMethod;
00138         Boolean ignore;
00139         enum {
00140                 DECISION_SUCCESS, DECISION_FAILURE, DECISION_CONTINUE,
00141                 DECISION_PASSTHROUGH
00142         } decision;
00143 
00144         /* Miscellaneous variables */
00145         const struct eap_method *m; /* selected EAP method */
00146         /* not defined in RFC 4137 */
00147         Boolean changed;
00148         void *eapol_ctx, *msg_ctx;
00149         struct eapol_callbacks *eapol_cb;
00150         void *eap_method_priv;
00151         u8 *identity;
00152         size_t identity_len;
00153         /* Whether Phase 2 method should validate identity match */
00154         int require_identity_match;
00155         int lastId; /* Identifier used in the last EAP-Packet */
00156         struct eap_user *user;
00157         int user_eap_method_index;
00158         int init_phase2;
00159         void *ssl_ctx;
00160         void *eap_sim_db_priv;
00161         Boolean backend_auth;
00162         Boolean update_user;
00163         int eap_server;
00164 
00165         int num_rounds;
00166         enum {
00167                 METHOD_PENDING_NONE, METHOD_PENDING_WAIT, METHOD_PENDING_CONT
00168         } method_pending;
00169 
00170         u8 *auth_challenge;
00171         u8 *peer_challenge;
00172 
00173         u8 *pac_opaque_encr_key;
00174         u8 *eap_fast_a_id;
00175         size_t eap_fast_a_id_len;
00176         char *eap_fast_a_id_info;
00177         enum {
00178                 NO_PROV, ANON_PROV, AUTH_PROV, BOTH_PROV
00179         } eap_fast_prov;
00180         int pac_key_lifetime;
00181         int pac_key_refresh_time;
00182         int eap_sim_aka_result_ind;
00183         int tnc;
00184         struct wps_context *wps;
00185         struct wpabuf *assoc_wps_ie;
00186 
00187         Boolean start_reauth;
00188 
00189         u8 peer_addr[ETH_ALEN];
00190 };
00191 
00192 int eap_user_get(struct eap_sm *sm, const u8 *identity, size_t identity_len,
00193                  int phase2);
00194 void eap_sm_process_nak(struct eap_sm *sm, const u8 *nak_list, size_t len);
00195 
00196 #endif /* EAP_I_H */