2 * hostapd / EAP Authenticator state machine internal structures (RFC 4137)
3 * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
13 #include "eap_server/eap.h"
14 #include "eap_common/eap_common.h"
16 /* RFC 4137 - EAP Standalone Authenticator */
19 * struct eap_method - EAP method interface
20 * This structure defines the EAP method interface. Each method will need to
21 * register its own EAP type, EAP name, and set of function pointers for method
22 * specific operations. This interface is based on section 5.4 of RFC 4137.
29 void * (*init)(struct eap_sm *sm);
30 void * (*initPickUp)(struct eap_sm *sm);
31 void (*reset)(struct eap_sm *sm, void *priv);
33 struct wpabuf * (*buildReq)(struct eap_sm *sm, void *priv, u8 id);
34 int (*getTimeout)(struct eap_sm *sm, void *priv);
35 Boolean (*check)(struct eap_sm *sm, void *priv,
36 struct wpabuf *respData);
37 void (*process)(struct eap_sm *sm, void *priv,
38 struct wpabuf *respData);
39 Boolean (*isDone)(struct eap_sm *sm, void *priv);
40 u8 * (*getKey)(struct eap_sm *sm, void *priv, size_t *len);
41 /* isSuccess is not specified in draft-ietf-eap-statemachine-05.txt,
42 * but it is useful in implementing Policy.getDecision() */
43 Boolean (*isSuccess)(struct eap_sm *sm, void *priv);
46 * free - Free EAP method data
47 * @method: Pointer to the method data registered with
48 * eap_server_method_register().
50 * This function will be called when the EAP method is being
51 * unregistered. If the EAP method allocated resources during
52 * registration (e.g., allocated struct eap_method), they should be
53 * freed in this function. No other method functions will be called
54 * after this call. If this function is not defined (i.e., function
55 * pointer is %NULL), a default handler is used to release the method
56 * data with free(method). This is suitable for most cases.
58 void (*free)(struct eap_method *method);
60 #define EAP_SERVER_METHOD_INTERFACE_VERSION 1
62 * version - Version of the EAP server method interface
64 * The EAP server method implementation should set this variable to
65 * EAP_SERVER_METHOD_INTERFACE_VERSION. This is used to verify that the
66 * EAP method is using supported API version when using dynamically
67 * loadable EAP methods.
72 * next - Pointer to the next EAP method
74 * This variable is used internally in the EAP method registration code
75 * to create a linked list of registered EAP methods.
77 struct eap_method *next;
80 * get_emsk - Get EAP method specific keying extended material (EMSK)
81 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
82 * @priv: Pointer to private EAP method data from eap_method::init()
83 * @len: Pointer to a variable to store EMSK length
84 * Returns: EMSK or %NULL if not available
86 * This function can be used to get the extended keying material from
87 * the EAP method. The key may already be stored in the method-specific
88 * private data or this function may derive the key.
90 u8 * (*get_emsk)(struct eap_sm *sm, void *priv, size_t *len);
94 * struct eap_sm - EAP server state machine data
98 EAP_DISABLED, EAP_INITIALIZE, EAP_IDLE, EAP_RECEIVED,
99 EAP_INTEGRITY_CHECK, EAP_METHOD_RESPONSE, EAP_METHOD_REQUEST,
100 EAP_PROPOSE_METHOD, EAP_SELECT_ACTION, EAP_SEND_REQUEST,
101 EAP_DISCARD, EAP_NAK, EAP_RETRANSMIT, EAP_SUCCESS, EAP_FAILURE,
102 EAP_TIMEOUT_FAILURE, EAP_PICK_UP_METHOD,
103 EAP_INITIALIZE_PASSTHROUGH, EAP_IDLE2, EAP_RETRANSMIT2,
104 EAP_RECEIVED2, EAP_DISCARD2, EAP_SEND_REQUEST2,
105 EAP_AAA_REQUEST, EAP_AAA_RESPONSE, EAP_AAA_IDLE,
106 EAP_TIMEOUT_FAILURE2, EAP_FAILURE2, EAP_SUCCESS2
112 struct eap_eapol_interface eap_if;
114 /* Full authenticator state machine local variables */
116 /* Long-term (maintained between packets) */
117 EapType currentMethod;
120 METHOD_PROPOSED, METHOD_CONTINUE, METHOD_END
123 struct wpabuf *lastReqData;
126 /* Short-term (not maintained between packets) */
131 u32 respVendorMethod;
134 DECISION_SUCCESS, DECISION_FAILURE, DECISION_CONTINUE,
138 /* Miscellaneous variables */
139 const struct eap_method *m; /* selected EAP method */
140 /* not defined in RFC 4137 */
142 void *eapol_ctx, *msg_ctx;
143 struct eapol_callbacks *eapol_cb;
144 void *eap_method_priv;
147 /* Whether Phase 2 method should validate identity match */
148 int require_identity_match;
149 int lastId; /* Identifier used in the last EAP-Packet */
150 struct eap_user *user;
151 int user_eap_method_index;
154 struct eap_sim_db_data *eap_sim_db_priv;
155 Boolean backend_auth;
161 METHOD_PENDING_NONE, METHOD_PENDING_WAIT, METHOD_PENDING_CONT
167 u8 *pac_opaque_encr_key;
169 size_t eap_fast_a_id_len;
170 char *eap_fast_a_id_info;
172 NO_PROV, ANON_PROV, AUTH_PROV, BOTH_PROV
174 int pac_key_lifetime;
175 int pac_key_refresh_time;
176 int eap_sim_aka_result_ind;
179 struct wps_context *wps;
180 struct wpabuf *assoc_wps_ie;
181 struct wpabuf *assoc_p2p_ie;
183 Boolean start_reauth;
185 u8 peer_addr[ETH_ALEN];
187 /* Fragmentation size for EAP method init() handler */
193 int eap_user_get(struct eap_sm *sm, const u8 *identity, size_t identity_len,
195 void eap_sm_process_nak(struct eap_sm *sm, const u8 *nak_list, size_t len);