hostapd
eap_i.h
1 /*
2  * EAP peer state machines internal structures (RFC 4137)
3  * Copyright (c) 2004-2014, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #ifndef EAP_I_H
10 #define EAP_I_H
11 
12 #include "wpabuf.h"
13 #include "utils/list.h"
14 #include "eap_peer/eap.h"
15 #include "eap_common/eap_common.h"
16 
17 /* RFC 4137 - EAP Peer state machine */
18 
19 typedef enum {
20  DECISION_FAIL, DECISION_COND_SUCC, DECISION_UNCOND_SUCC
21 } EapDecision;
22 
23 typedef enum {
24  METHOD_NONE, METHOD_INIT, METHOD_CONT, METHOD_MAY_CONT, METHOD_DONE
25 } EapMethodState;
26 
35 struct eap_method_ret {
39  Boolean ignore;
40 
44  EapMethodState methodState;
45 
49  EapDecision decision;
50 
54  Boolean allowNotifications;
55 };
56 
57 
64 struct eap_method {
68  int vendor;
69 
73  EapType method;
74 
78  const char *name;
79 
90  void * (*init)(struct eap_sm *sm);
91 
99  void (*deinit)(struct eap_sm *sm, void *priv);
100 
116  struct wpabuf * (*process)(struct eap_sm *sm, void *priv,
117  struct eap_method_ret *ret,
118  const struct wpabuf *reqData);
119 
126  Boolean (*isKeyAvailable)(struct eap_sm *sm, void *priv);
127 
139  u8 * (*getKey)(struct eap_sm *sm, void *priv, size_t *len);
140 
155  int (*get_status)(struct eap_sm *sm, void *priv, char *buf,
156  size_t buflen, int verbose);
157 
168  Boolean (*has_reauth_data)(struct eap_sm *sm, void *priv);
169 
181  void (*deinit_for_reauth)(struct eap_sm *sm, void *priv);
182 
193  void * (*init_for_reauth)(struct eap_sm *sm, void *priv);
194 
206  const u8 * (*get_identity)(struct eap_sm *sm, void *priv, size_t *len);
207 
221  void (*free)(struct eap_method *method);
222 
223 #define EAP_PEER_METHOD_INTERFACE_VERSION 1
224 
232  int version;
233 
240  struct eap_method *next;
241 
242 #ifdef CONFIG_DYNAMIC_EAP_METHODS
243 
250  void *dl_handle;
251 #endif /* CONFIG_DYNAMIC_EAP_METHODS */
252 
264  u8 * (*get_emsk)(struct eap_sm *sm, void *priv, size_t *len);
265 
277  u8 * (*getSessionId)(struct eap_sm *sm, void *priv, size_t *len);
278 };
279 
280 
281 struct eap_erp_key {
282  struct dl_list list;
283  size_t rRK_len;
284  size_t rIK_len;
285  u8 rRK[ERP_MAX_KEY_LEN];
286  u8 rIK[ERP_MAX_KEY_LEN];
287  u32 next_seq;
288  char keyname_nai[];
289 };
290 
294 struct eap_sm {
295  enum {
296  EAP_INITIALIZE, EAP_DISABLED, EAP_IDLE, EAP_RECEIVED,
297  EAP_GET_METHOD, EAP_METHOD, EAP_SEND_RESPONSE, EAP_DISCARD,
298  EAP_IDENTITY, EAP_NOTIFICATION, EAP_RETRANSMIT, EAP_SUCCESS,
299  EAP_FAILURE
300  } EAP_state;
301  /* Long-term local variables */
302  EapType selectedMethod;
303  EapMethodState methodState;
304  int lastId;
305  struct wpabuf *lastRespData;
306  EapDecision decision;
307  /* Short-term local variables */
308  Boolean rxReq;
309  Boolean rxSuccess;
310  Boolean rxFailure;
311  int reqId;
312  EapType reqMethod;
313  int reqVendor;
314  u32 reqVendorMethod;
315  Boolean ignore;
316  /* Constants */
317  int ClientTimeout;
318 
319  /* Miscellaneous variables */
320  Boolean allowNotifications; /* peer state machine <-> methods */
321  struct wpabuf *eapRespData; /* peer to lower layer */
322  Boolean eapKeyAvailable; /* peer to lower layer */
323  u8 *eapKeyData; /* peer to lower layer */
324  size_t eapKeyDataLen; /* peer to lower layer */
325  u8 *eapSessionId; /* peer to lower layer */
326  size_t eapSessionIdLen; /* peer to lower layer */
327  const struct eap_method *m; /* selected EAP method */
328  /* not defined in RFC 4137 */
329  Boolean changed;
330  void *eapol_ctx;
331  const struct eapol_callbacks *eapol_cb;
332  void *eap_method_priv;
333  int init_phase2;
334  int fast_reauth;
335  Boolean reauthInit; /* send EAP-Identity/Re-auth */
336  u32 erp_seq;
337 
338  Boolean rxResp /* LEAP only */;
339  Boolean leap_done;
340  Boolean peap_done;
341  u8 req_sha1[20]; /* SHA1() of the current EAP packet */
342  u8 last_sha1[20]; /* SHA1() of the previously received EAP packet; used
343  * in duplicate request detection. */
344 
345  void *msg_ctx;
346  void *scard_ctx;
347  void *ssl_ctx;
348  void *ssl_ctx2;
349 
350  unsigned int workaround;
351 
352  /* Optional challenges generated in Phase 1 (EAP-FAST) */
353  u8 *peer_challenge, *auth_challenge;
354 
355  int num_rounds;
356  int force_disabled;
357 
358  struct wps_context *wps;
359 
360  int prev_failure;
361  struct eap_peer_config *last_config;
362 
363  struct ext_password_data *ext_pw;
364  struct wpabuf *ext_pw_buf;
365 
366  int external_sim;
367 
368  unsigned int expected_failure:1;
369  unsigned int ext_cert_check:1;
370  unsigned int waiting_ext_cert_check:1;
371 
372  struct dl_list erp_keys; /* struct eap_erp_key */
373 };
374 
375 const u8 * eap_get_config_identity(struct eap_sm *sm, size_t *len);
376 const u8 * eap_get_config_password(struct eap_sm *sm, size_t *len);
377 const u8 * eap_get_config_password2(struct eap_sm *sm, size_t *len, int *hash);
378 const u8 * eap_get_config_new_password(struct eap_sm *sm, size_t *len);
379 const u8 * eap_get_config_otp(struct eap_sm *sm, size_t *len);
380 void eap_clear_config_otp(struct eap_sm *sm);
381 const char * eap_get_config_phase1(struct eap_sm *sm);
382 const char * eap_get_config_phase2(struct eap_sm *sm);
383 int eap_get_config_fragment_size(struct eap_sm *sm);
384 struct eap_peer_config * eap_get_config(struct eap_sm *sm);
385 void eap_set_config_blob(struct eap_sm *sm, struct wpa_config_blob *blob);
386 const struct wpa_config_blob *
387 eap_get_config_blob(struct eap_sm *sm, const char *name);
388 void eap_notify_pending(struct eap_sm *sm);
389 int eap_allowed_method(struct eap_sm *sm, int vendor, u32 method);
390 
391 #endif /* EAP_I_H */
eap_method_ret
struct eap_method_ret - EAP return values from struct eap_method::process()
Definition: eap_i.h:35
eap_method::vendor
int vendor
vendor - EAP Vendor-ID (EAP_VENDOR_*) (0 = IETF)
Definition: eap_i.h:68
eap_method_ret::methodState
EapMethodState methodState
methodState - Method-specific state (IN/OUT)
Definition: eap_i.h:44
wpabuf
Definition: wpabuf.h:20
eap_method::next
struct eap_method * next
next - Pointer to the next EAP method
Definition: eap_i.h:240
eap_method_ret::decision
EapDecision decision
decision - Authentication decision (OUT)
Definition: eap_i.h:49
eap_method::method
EapType method
method - EAP type number (EAP_TYPE_*)
Definition: eap_i.h:73
dl_list
struct dl_list - Doubly-linked list
Definition: list.h:15
wpa_config_blob
struct wpa_config_blob - Named configuration blob
Definition: eap_config.h:766
ext_password_data
Definition: ext_password.c:26
eapol_callbacks
Definition: eap.h:95
eap_method::name
const char * name
name - Name of the method (e.g., "TLS")
Definition: eap_i.h:78
eap_erp_key
Definition: eap_i.h:281
eapol_ctx
struct eapol_ctx - Global (for all networks) EAPOL state machine context
Definition: eapol_supp_sm.h:82
eap_method::version
int version
version - Version of the EAP peer method interface
Definition: eap_i.h:232
eap_method_ret::allowNotifications
Boolean allowNotifications
allowNotifications - Whether method allows notifications (OUT)
Definition: eap_i.h:54
eap_sm
struct eap_sm - EAP state machine data
Definition: eap_i.h:294
eap_method_ret::ignore
Boolean ignore
ignore - Whether method decided to drop the current packed (OUT)
Definition: eap_i.h:39
eap_peer_config
struct eap_peer_config - EAP peer configuration/credentials
Definition: eap_config.h:15
wpa_config_blob::name
char * name
name - Blob name
Definition: eap_config.h:770
wps_context
struct wps_context - Long term WPS context data
Definition: wps.h:594
eap_method
struct eap_method - EAP method interface This structure defines the EAP method interface.
Definition: eap_i.h:64
Generated by   doxygen 1.8.12