wpa_supplicant_node: eapol_auth_sm

00001 /*
00002  * IEEE 802.1X-2004 Authenticator - EAPOL state machine (internal definitions)
00003  * Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi>
00004  *
00005  * This program is free software; you can redistribute it and/or modify
00006  * it under the terms of the GNU General Public License version 2 as
00007  * published by the Free Software Foundation.
00008  *
00009  * Alternatively, this software may be distributed under the terms of BSD
00010  * license.
00011  *
00012  * See README and COPYING for more details.
00013  */
00014 
00015 #ifndef EAPOL_AUTH_SM_I_H
00016 #define EAPOL_AUTH_SM_I_H
00017 
00018 #include "common/defs.h"
00019 #include "radius/radius.h"
00020 
00021 /* IEEE Std 802.1X-2004, Ch. 8.2 */
00022 
00023 typedef enum { ForceUnauthorized = 1, ForceAuthorized = 3, Auto = 2 }
00024         PortTypes;
00025 typedef enum { Unauthorized = 2, Authorized = 1 } PortState;
00026 typedef enum { Both = 0, In = 1 } ControlledDirection;
00027 typedef unsigned int Counter;
00028 
00029 
00033 struct eapol_authenticator {
00034         struct eapol_auth_config conf;
00035         struct eapol_auth_cb cb;
00036 
00037         u8 *default_wep_key;
00038         u8 default_wep_key_idx;
00039 };
00040 
00041 
00045 struct eapol_state_machine {
00046         /* timers */
00047         int aWhile;
00048         int quietWhile;
00049         int reAuthWhen;
00050 
00051         /* global variables */
00052         Boolean authAbort;
00053         Boolean authFail;
00054         PortState authPortStatus;
00055         Boolean authStart;
00056         Boolean authTimeout;
00057         Boolean authSuccess;
00058         Boolean eapolEap;
00059         Boolean initialize;
00060         Boolean keyDone;
00061         Boolean keyRun;
00062         Boolean keyTxEnabled;
00063         PortTypes portControl;
00064         Boolean portValid;
00065         Boolean reAuthenticate;
00066 
00067         /* Port Timers state machine */
00068         /* 'Boolean tick' implicitly handled as registered timeout */
00069 
00070         /* Authenticator PAE state machine */
00071         enum { AUTH_PAE_INITIALIZE, AUTH_PAE_DISCONNECTED, AUTH_PAE_CONNECTING,
00072                AUTH_PAE_AUTHENTICATING, AUTH_PAE_AUTHENTICATED,
00073                AUTH_PAE_ABORTING, AUTH_PAE_HELD, AUTH_PAE_FORCE_AUTH,
00074                AUTH_PAE_FORCE_UNAUTH, AUTH_PAE_RESTART } auth_pae_state;
00075         /* variables */
00076         Boolean eapolLogoff;
00077         Boolean eapolStart;
00078         PortTypes portMode;
00079         unsigned int reAuthCount;
00080         /* constants */
00081         unsigned int quietPeriod; /* default 60; 0..65535 */
00082 #define AUTH_PAE_DEFAULT_quietPeriod 60
00083         unsigned int reAuthMax; /* default 2 */
00084 #define AUTH_PAE_DEFAULT_reAuthMax 2
00085         /* counters */
00086         Counter authEntersConnecting;
00087         Counter authEapLogoffsWhileConnecting;
00088         Counter authEntersAuthenticating;
00089         Counter authAuthSuccessesWhileAuthenticating;
00090         Counter authAuthTimeoutsWhileAuthenticating;
00091         Counter authAuthFailWhileAuthenticating;
00092         Counter authAuthEapStartsWhileAuthenticating;
00093         Counter authAuthEapLogoffWhileAuthenticating;
00094         Counter authAuthReauthsWhileAuthenticated;
00095         Counter authAuthEapStartsWhileAuthenticated;
00096         Counter authAuthEapLogoffWhileAuthenticated;
00097 
00098         /* Backend Authentication state machine */
00099         enum { BE_AUTH_REQUEST, BE_AUTH_RESPONSE, BE_AUTH_SUCCESS,
00100                BE_AUTH_FAIL, BE_AUTH_TIMEOUT, BE_AUTH_IDLE, BE_AUTH_INITIALIZE,
00101                BE_AUTH_IGNORE
00102         } be_auth_state;
00103         /* constants */
00104         unsigned int serverTimeout; /* default 30; 1..X */
00105 #define BE_AUTH_DEFAULT_serverTimeout 30
00106         /* counters */
00107         Counter backendResponses;
00108         Counter backendAccessChallenges;
00109         Counter backendOtherRequestsToSupplicant;
00110         Counter backendAuthSuccesses;
00111         Counter backendAuthFails;
00112 
00113         /* Reauthentication Timer state machine */
00114         enum { REAUTH_TIMER_INITIALIZE, REAUTH_TIMER_REAUTHENTICATE
00115         } reauth_timer_state;
00116         /* constants */
00117         unsigned int reAuthPeriod; /* default 3600 s */
00118         Boolean reAuthEnabled;
00119 
00120         /* Authenticator Key Transmit state machine */
00121         enum { AUTH_KEY_TX_NO_KEY_TRANSMIT, AUTH_KEY_TX_KEY_TRANSMIT
00122         } auth_key_tx_state;
00123 
00124         /* Key Receive state machine */
00125         enum { KEY_RX_NO_KEY_RECEIVE, KEY_RX_KEY_RECEIVE } key_rx_state;
00126         /* variables */
00127         Boolean rxKey;
00128 
00129         /* Controlled Directions state machine */
00130         enum { CTRL_DIR_FORCE_BOTH, CTRL_DIR_IN_OR_BOTH } ctrl_dir_state;
00131         /* variables */
00132         ControlledDirection adminControlledDirections;
00133         ControlledDirection operControlledDirections;
00134         Boolean operEdge;
00135 
00136         /* Authenticator Statistics Table */
00137         Counter dot1xAuthEapolFramesRx;
00138         Counter dot1xAuthEapolFramesTx;
00139         Counter dot1xAuthEapolStartFramesRx;
00140         Counter dot1xAuthEapolLogoffFramesRx;
00141         Counter dot1xAuthEapolRespIdFramesRx;
00142         Counter dot1xAuthEapolRespFramesRx;
00143         Counter dot1xAuthEapolReqIdFramesTx;
00144         Counter dot1xAuthEapolReqFramesTx;
00145         Counter dot1xAuthInvalidEapolFramesRx;
00146         Counter dot1xAuthEapLengthErrorFramesRx;
00147         Counter dot1xAuthLastEapolFrameVersion;
00148 
00149         /* Other variables - not defined in IEEE 802.1X */
00150         u8 addr[ETH_ALEN]; /* Supplicant address */
00151         int flags; /* EAPOL_SM_* */
00152 
00153         /* EAPOL/AAA <-> EAP full authenticator interface */
00154         struct eap_eapol_interface *eap_if;
00155 
00156         int radius_identifier;
00157         /* TODO: check when the last messages can be released */
00158         struct radius_msg *last_recv_radius;
00159         u8 last_eap_id; /* last used EAP Identifier */
00160         u8 *identity;
00161         size_t identity_len;
00162         u8 eap_type_authsrv; /* EAP type of the last EAP packet from
00163                               * Authentication server */
00164         u8 eap_type_supp; /* EAP type of the last EAP packet from Supplicant */
00165         struct radius_class_data radius_class;
00166 
00167         /* Keys for encrypting and signing EAPOL-Key frames */
00168         u8 *eapol_key_sign;
00169         size_t eapol_key_sign_len;
00170         u8 *eapol_key_crypt;
00171         size_t eapol_key_crypt_len;
00172 
00173         struct eap_sm *eap;
00174 
00175         Boolean initializing; /* in process of initializing state machines */
00176         Boolean changed;
00177 
00178         struct eapol_authenticator *eapol;
00179 
00180         void *sta; /* station context pointer to use in callbacks */
00181 };
00182 
00183 #endif /* EAPOL_AUTH_SM_I_H */
eapol_auth_sm_i.h
