2 * hostapd / EAP Full Authenticator state machine (RFC 4137)
3 * Copyright (c) 2004-2014, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
12 #include "common/defs.h"
13 #include "utils/list.h"
14 #include "eap_common/eap_defs.h"
15 #include "eap_server/eap_methods.h"
20 #define EAP_TTLS_AUTH_PAP 1
21 #define EAP_TTLS_AUTH_CHAP 2
22 #define EAP_TTLS_AUTH_MSCHAP 4
23 #define EAP_TTLS_AUTH_MSCHAPV2 8
29 } methods[EAP_MAX_METHODS];
32 int password_hash; /* whether password is hashed with
33 * nt_password_hash() */
38 unsigned int remediation:1;
39 unsigned int macacl:1;
40 int ttls_auth; /* bitfield of
41 * EAP_TTLS_AUTH_{PAP,CHAP,MSCHAP,MSCHAPV2} */
42 struct hostapd_radius_attr *accept_attr;
46 struct eap_eapol_interface {
47 /* Lower layer to full authenticator variables */
48 Boolean eapResp; /* shared with EAPOL Backend Authentication */
49 struct wpabuf *eapRespData;
52 Boolean eapRestart; /* shared with EAPOL Authenticator PAE */
56 /* Full authenticator to lower layer variables */
57 Boolean eapReq; /* shared with EAPOL Backend Authentication */
58 Boolean eapNoReq; /* shared with EAPOL Backend Authentication */
62 struct wpabuf *eapReqData;
66 size_t eapSessionIdLen;
67 Boolean eapKeyAvailable; /* called keyAvailable in IEEE 802.1X-2004 */
69 /* AAA interface to full authenticator variables */
74 struct wpabuf *aaaEapReqData;
76 size_t aaaEapKeyDataLen;
77 Boolean aaaEapKeyAvailable;
80 /* Full authenticator to AAA interface variables */
82 struct wpabuf *aaaEapRespData;
83 /* aaaIdentity -> eap_get_identity() */
87 struct eap_server_erp_key {
91 u8 rRK[ERP_MAX_KEY_LEN];
92 u8 rIK[ERP_MAX_KEY_LEN];
98 struct eapol_callbacks {
99 int (*get_eap_user)(void *ctx, const u8 *identity, size_t identity_len,
100 int phase2, struct eap_user *user);
101 const char * (*get_eap_req_id_text)(void *ctx, size_t *len);
102 void (*log_msg)(void *ctx, const char *msg);
103 int (*get_erp_send_reauth_start)(void *ctx);
104 const char * (*get_erp_domain)(void *ctx);
105 struct eap_server_erp_key * (*erp_get_key)(void *ctx,
106 const char *keyname);
107 int (*erp_add_key)(void *ctx, struct eap_server_erp_key *erp);
113 void *eap_sim_db_priv;
114 Boolean backend_auth;
117 u8 *pac_opaque_encr_key;
119 size_t eap_fast_a_id_len;
120 char *eap_fast_a_id_info;
122 int pac_key_lifetime;
123 int pac_key_refresh_time;
124 int eap_sim_aka_result_ind;
126 struct wps_context *wps;
127 const struct wpabuf *assoc_wps_ie;
128 const struct wpabuf *assoc_p2p_ie;
135 size_t server_id_len;
137 unsigned int tls_session_lifetime;
138 unsigned int tls_flags;
140 #ifdef CONFIG_TESTING_OPTIONS
142 #endif /* CONFIG_TESTING_OPTIONS */
146 struct eap_sm * eap_server_sm_init(void *eapol_ctx,
147 const struct eapol_callbacks *eapol_cb,
148 struct eap_config *eap_conf);
149 void eap_server_sm_deinit(struct eap_sm *sm);
150 int eap_server_sm_step(struct eap_sm *sm);
151 void eap_sm_notify_cached(struct eap_sm *sm);
152 void eap_sm_pending_cb(struct eap_sm *sm);
153 int eap_sm_method_pending(struct eap_sm *sm);
154 const u8 * eap_get_identity(struct eap_sm *sm, size_t *len);
155 const char * eap_get_serial_num(struct eap_sm *sm);
156 const char * eap_get_method(struct eap_sm *sm);
157 const char * eap_get_imsi(struct eap_sm *sm);
158 struct eap_eapol_interface * eap_get_interface(struct eap_sm *sm);
159 void eap_server_clear_identity(struct eap_sm *sm);
160 void eap_server_mschap_rx_callback(struct eap_sm *sm, const char *source,
161 const u8 *username, size_t username_len,
162 const u8 *challenge, const u8 *response);
163 void eap_erp_update_identity(struct eap_sm *sm, const u8 *eap, size_t len);
164 void eap_user_free(struct eap_user *user);