2 * hostapd / EAP Full Authenticator state machine (RFC 4137)
3 * Copyright (c) 2004-2014, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
12 #include "common/defs.h"
13 #include "utils/list.h"
14 #include "eap_common/eap_defs.h"
15 #include "eap_server/eap_methods.h"
20 #define EAP_TTLS_AUTH_PAP 1
21 #define EAP_TTLS_AUTH_CHAP 2
22 #define EAP_TTLS_AUTH_MSCHAP 4
23 #define EAP_TTLS_AUTH_MSCHAPV2 8
29 } methods[EAP_MAX_METHODS];
32 int password_hash; /* whether password is hashed with
33 * nt_password_hash() */
38 unsigned int remediation:1;
39 unsigned int macacl:1;
40 int ttls_auth; /* bitfield of
41 * EAP_TTLS_AUTH_{PAP,CHAP,MSCHAP,MSCHAPV2} */
42 struct hostapd_radius_attr *accept_attr;
46 struct eap_eapol_interface {
47 /* Lower layer to full authenticator variables */
48 Boolean eapResp; /* shared with EAPOL Backend Authentication */
49 struct wpabuf *eapRespData;
52 Boolean eapRestart; /* shared with EAPOL Authenticator PAE */
56 /* Full authenticator to lower layer variables */
57 Boolean eapReq; /* shared with EAPOL Backend Authentication */
58 Boolean eapNoReq; /* shared with EAPOL Backend Authentication */
62 struct wpabuf *eapReqData;
66 size_t eapSessionIdLen;
67 Boolean eapKeyAvailable; /* called keyAvailable in IEEE 802.1X-2004 */
69 /* AAA interface to full authenticator variables */
74 struct wpabuf *aaaEapReqData;
76 size_t aaaEapKeyDataLen;
77 Boolean aaaEapKeyAvailable;
80 /* Full authenticator to AAA interface variables */
82 struct wpabuf *aaaEapRespData;
83 /* aaaIdentity -> eap_get_identity() */
87 struct eap_server_erp_key {
91 u8 rRK[ERP_MAX_KEY_LEN];
92 u8 rIK[ERP_MAX_KEY_LEN];
98 struct eapol_callbacks {
99 int (*get_eap_user)(void *ctx, const u8 *identity, size_t identity_len,
100 int phase2, struct eap_user *user);
101 const char * (*get_eap_req_id_text)(void *ctx, size_t *len);
102 void (*log_msg)(void *ctx, const char *msg);
103 int (*get_erp_send_reauth_start)(void *ctx);
104 const char * (*get_erp_domain)(void *ctx);
105 struct eap_server_erp_key * (*erp_get_key)(void *ctx,
106 const char *keyname);
107 int (*erp_add_key)(void *ctx, struct eap_server_erp_key *erp);
113 void *eap_sim_db_priv;
114 Boolean backend_auth;
117 u8 *pac_opaque_encr_key;
119 size_t eap_fast_a_id_len;
120 char *eap_fast_a_id_info;
122 int pac_key_lifetime;
123 int pac_key_refresh_time;
125 int eap_teap_pac_no_inner;
126 int eap_sim_aka_result_ind;
129 struct wps_context *wps;
130 const struct wpabuf *assoc_wps_ie;
131 const struct wpabuf *assoc_p2p_ie;
138 size_t server_id_len;
140 unsigned int tls_session_lifetime;
141 unsigned int tls_flags;
143 #ifdef CONFIG_TESTING_OPTIONS
145 #endif /* CONFIG_TESTING_OPTIONS */
149 struct eap_sm * eap_server_sm_init(void *eapol_ctx,
150 const struct eapol_callbacks *eapol_cb,
151 struct eap_config *eap_conf);
152 void eap_server_sm_deinit(struct eap_sm *sm);
153 int eap_server_sm_step(struct eap_sm *sm);
154 void eap_sm_notify_cached(struct eap_sm *sm);
155 void eap_sm_pending_cb(struct eap_sm *sm);
156 int eap_sm_method_pending(struct eap_sm *sm);
157 const u8 * eap_get_identity(struct eap_sm *sm, size_t *len);
158 const char * eap_get_serial_num(struct eap_sm *sm);
159 const char * eap_get_method(struct eap_sm *sm);
160 const char * eap_get_imsi(struct eap_sm *sm);
161 struct eap_eapol_interface * eap_get_interface(struct eap_sm *sm);
162 void eap_server_clear_identity(struct eap_sm *sm);
163 void eap_server_mschap_rx_callback(struct eap_sm *sm, const char *source,
164 const u8 *username, size_t username_len,
165 const u8 *challenge, const u8 *response);
166 void eap_erp_update_identity(struct eap_sm *sm, const u8 *eap, size_t len);
167 void eap_user_free(struct eap_user *user);