Gitiles
Code Review Sign In
192.168.1.100 / R306 / 824eb0c6ade808c4501e62fbcf0025f4e694cd11 / . / ap / app / hostapd-2.6 / src / eap_server / eap_i.h
blob: c90443d19cb935bea80037c12bcae591f5206df5 [file] [log] [blame]
yuezonghe824eb0c2024-06-27 02:32:26 -0700[diff] [blame^]1/*
2 * hostapd / EAP Authenticator state machine internal structures (RFC 4137)
3 * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9#ifndef EAP_I_H
10#define EAP_I_H
11
12#include "wpabuf.h"
13#include "eap_server/eap.h"
14#include "eap_common/eap_common.h"
15
16/* RFC 4137 - EAP Standalone Authenticator */
17
18/**
19 * struct eap_method - EAP method interface
20 * This structure defines the EAP method interface. Each method will need to
21 * register its own EAP type, EAP name, and set of function pointers for method
22 * specific operations. This interface is based on section 5.4 of RFC 4137.
23 */
24struct eap_method {
25 int vendor;
26 EapType method;
27 const char *name;
28
29 void * (*init)(struct eap_sm *sm);
30 void * (*initPickUp)(struct eap_sm *sm);
31 void (*reset)(struct eap_sm *sm, void *priv);
32
33 struct wpabuf * (*buildReq)(struct eap_sm *sm, void *priv, u8 id);
34 int (*getTimeout)(struct eap_sm *sm, void *priv);
35 Boolean (*check)(struct eap_sm *sm, void *priv,
36 struct wpabuf *respData);
37 void (*process)(struct eap_sm *sm, void *priv,
38 struct wpabuf *respData);
39 Boolean (*isDone)(struct eap_sm *sm, void *priv);
40 u8 * (*getKey)(struct eap_sm *sm, void *priv, size_t *len);
41 /* isSuccess is not specified in draft-ietf-eap-statemachine-05.txt,
42 * but it is useful in implementing Policy.getDecision() */
43 Boolean (*isSuccess)(struct eap_sm *sm, void *priv);
44
45 /**
46 * free - Free EAP method data
47 * @method: Pointer to the method data registered with
48 * eap_server_method_register().
49 *
50 * This function will be called when the EAP method is being
51 * unregistered. If the EAP method allocated resources during
52 * registration (e.g., allocated struct eap_method), they should be
53 * freed in this function. No other method functions will be called
54 * after this call. If this function is not defined (i.e., function
55 * pointer is %NULL), a default handler is used to release the method
56 * data with free(method). This is suitable for most cases.
57 */
58 void (*free)(struct eap_method *method);
59
60#define EAP_SERVER_METHOD_INTERFACE_VERSION 1
61 /**
62 * version - Version of the EAP server method interface
63 *
64 * The EAP server method implementation should set this variable to
65 * EAP_SERVER_METHOD_INTERFACE_VERSION. This is used to verify that the
66 * EAP method is using supported API version when using dynamically
67 * loadable EAP methods.
68 */
69 int version;
70
71 /**
72 * next - Pointer to the next EAP method
73 *
74 * This variable is used internally in the EAP method registration code
75 * to create a linked list of registered EAP methods.
76 */
77 struct eap_method *next;
78
79 /**
80 * get_emsk - Get EAP method specific keying extended material (EMSK)
81 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
82 * @priv: Pointer to private EAP method data from eap_method::init()
83 * @len: Pointer to a variable to store EMSK length
84 * Returns: EMSK or %NULL if not available
85 *
86 * This function can be used to get the extended keying material from
87 * the EAP method. The key may already be stored in the method-specific
88 * private data or this function may derive the key.
89 */
90 u8 * (*get_emsk)(struct eap_sm *sm, void *priv, size_t *len);
91
92 /**
93 * getSessionId - Get EAP method specific Session-Id
94 * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
95 * @priv: Pointer to private EAP method data from eap_method::init()
96 * @len: Pointer to a variable to store Session-Id length
97 * Returns: Session-Id or %NULL if not available
98 *
99 * This function can be used to get the Session-Id from the EAP method.
100 * The Session-Id may already be stored in the method-specific private
101 * data or this function may derive the Session-Id.
102 */
103 u8 * (*getSessionId)(struct eap_sm *sm, void *priv, size_t *len);
104};
105
106/**
107 * struct eap_sm - EAP server state machine data
108 */
109struct eap_sm {
110 enum {
111 EAP_DISABLED, EAP_INITIALIZE, EAP_IDLE, EAP_RECEIVED,
112 EAP_INTEGRITY_CHECK, EAP_METHOD_RESPONSE, EAP_METHOD_REQUEST,
113 EAP_PROPOSE_METHOD, EAP_SELECT_ACTION, EAP_SEND_REQUEST,
114 EAP_DISCARD, EAP_NAK, EAP_RETRANSMIT, EAP_SUCCESS, EAP_FAILURE,
115 EAP_TIMEOUT_FAILURE, EAP_PICK_UP_METHOD,
116 EAP_INITIALIZE_PASSTHROUGH, EAP_IDLE2, EAP_RETRANSMIT2,
117 EAP_RECEIVED2, EAP_DISCARD2, EAP_SEND_REQUEST2,
118 EAP_AAA_REQUEST, EAP_AAA_RESPONSE, EAP_AAA_IDLE,
119 EAP_TIMEOUT_FAILURE2, EAP_FAILURE2, EAP_SUCCESS2,
120 EAP_INITIATE_REAUTH_START, EAP_INITIATE_RECEIVED
121 } EAP_state;
122
123 /* Constants */
124 int MaxRetrans;
125
126 struct eap_eapol_interface eap_if;
127
128 /* Full authenticator state machine local variables */
129
130 /* Long-term (maintained between packets) */
131 EapType currentMethod;
132 int currentId;
133 enum {
134 METHOD_PROPOSED, METHOD_CONTINUE, METHOD_END
135 } methodState;
136 int retransCount;
137 struct wpabuf *lastReqData;
138 int methodTimeout;
139
140 /* Short-term (not maintained between packets) */
141 Boolean rxResp;
142 Boolean rxInitiate;
143 int respId;
144 EapType respMethod;
145 int respVendor;
146 u32 respVendorMethod;
147 Boolean ignore;
148 enum {
149 DECISION_SUCCESS, DECISION_FAILURE, DECISION_CONTINUE,
150 DECISION_PASSTHROUGH, DECISION_INITIATE_REAUTH_START
151 } decision;
152
153 /* Miscellaneous variables */
154 const struct eap_method *m; /* selected EAP method */
155 /* not defined in RFC 4137 */
156 Boolean changed;
157 void *eapol_ctx, *msg_ctx;
158 const struct eapol_callbacks *eapol_cb;
159 void *eap_method_priv;
160 u8 *identity;
161 size_t identity_len;
162 /* Whether Phase 2 method should validate identity match */
163 int require_identity_match;
164 int lastId; /* Identifier used in the last EAP-Packet */
165 struct eap_user *user;
166 int user_eap_method_index;
167 int init_phase2;
168 void *ssl_ctx;
169 struct eap_sim_db_data *eap_sim_db_priv;
170 Boolean backend_auth;
171 Boolean update_user;
172 int eap_server;
173
174 int num_rounds;
175 enum {
176 METHOD_PENDING_NONE, METHOD_PENDING_WAIT, METHOD_PENDING_CONT
177 } method_pending;
178
179 u8 *auth_challenge;
180 u8 *peer_challenge;
181
182 u8 *pac_opaque_encr_key;
183 u8 *eap_fast_a_id;
184 size_t eap_fast_a_id_len;
185 char *eap_fast_a_id_info;
186 enum {
187 NO_PROV, ANON_PROV, AUTH_PROV, BOTH_PROV
188 } eap_fast_prov;
189 int pac_key_lifetime;
190 int pac_key_refresh_time;
191 int eap_sim_aka_result_ind;
192 int tnc;
193 u16 pwd_group;
194 struct wps_context *wps;
195 struct wpabuf *assoc_wps_ie;
196 struct wpabuf *assoc_p2p_ie;
197
198 Boolean start_reauth;
199
200 u8 peer_addr[ETH_ALEN];
201
202 /* Fragmentation size for EAP method init() handler */
203 int fragment_size;
204
205 int pbc_in_m1;
206
207 const u8 *server_id;
208 size_t server_id_len;
209
210 Boolean initiate_reauth_start_sent;
211 Boolean try_initiate_reauth;
212 int erp;
213 unsigned int tls_session_lifetime;
214
215#ifdef CONFIG_TESTING_OPTIONS
216 u32 tls_test_flags;
217#endif /* CONFIG_TESTING_OPTIONS */
218};
219
220int eap_user_get(struct eap_sm *sm, const u8 *identity, size_t identity_len,
221 int phase2);
222void eap_log_msg(struct eap_sm *sm, const char *fmt, ...)
223PRINTF_FORMAT(2, 3);
224void eap_sm_process_nak(struct eap_sm *sm, const u8 *nak_list, size_t len);
225
226#endif /* EAP_I_H */