[T106][ZXW-22]7520V3SCV2.01.01.02P42U09_VEC_V0.8_AP_VEC origin source commit
Change-Id: Ic6e05d89ecd62fc34f82b23dcf306c93764aec4b
diff --git a/ap/app/hostapd-2.10/src/eap_server/eap.h b/ap/app/hostapd-2.10/src/eap_server/eap.h
new file mode 100755
index 0000000..61032cc
--- /dev/null
+++ b/ap/app/hostapd-2.10/src/eap_server/eap.h
@@ -0,0 +1,295 @@
+/*
+ * hostapd / EAP Full Authenticator state machine (RFC 4137)
+ * Copyright (c) 2004-2014, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef EAP_H
+#define EAP_H
+
+#include "common/defs.h"
+#include "utils/list.h"
+#include "eap_common/eap_defs.h"
+#include "eap_server/eap_methods.h"
+#include "wpabuf.h"
+
+struct eap_sm;
+
+#define EAP_TTLS_AUTH_PAP 1
+#define EAP_TTLS_AUTH_CHAP 2
+#define EAP_TTLS_AUTH_MSCHAP 4
+#define EAP_TTLS_AUTH_MSCHAPV2 8
+
+struct eap_user {
+ struct {
+ int vendor;
+ u32 method;
+ } methods[EAP_MAX_METHODS];
+ u8 *password;
+ size_t password_len;
+ int password_hash; /* whether password is hashed with
+ * nt_password_hash() */
+ u8 *salt;
+ size_t salt_len;
+ int phase2;
+ int force_version;
+ unsigned int remediation:1;
+ unsigned int macacl:1;
+ int ttls_auth; /* bitfield of
+ * EAP_TTLS_AUTH_{PAP,CHAP,MSCHAP,MSCHAPV2} */
+ struct hostapd_radius_attr *accept_attr;
+ u32 t_c_timestamp;
+};
+
+struct eap_eapol_interface {
+ /* Lower layer to full authenticator variables */
+ bool eapResp; /* shared with EAPOL Backend Authentication */
+ struct wpabuf *eapRespData;
+ bool portEnabled;
+ int retransWhile;
+ bool eapRestart; /* shared with EAPOL Authenticator PAE */
+ int eapSRTT;
+ int eapRTTVAR;
+
+ /* Full authenticator to lower layer variables */
+ bool eapReq; /* shared with EAPOL Backend Authentication */
+ bool eapNoReq; /* shared with EAPOL Backend Authentication */
+ bool eapSuccess;
+ bool eapFail;
+ bool eapTimeout;
+ struct wpabuf *eapReqData;
+ u8 *eapKeyData;
+ size_t eapKeyDataLen;
+ u8 *eapSessionId;
+ size_t eapSessionIdLen;
+ bool eapKeyAvailable; /* called keyAvailable in IEEE 802.1X-2004 */
+
+ /* AAA interface to full authenticator variables */
+ bool aaaEapReq;
+ bool aaaEapNoReq;
+ bool aaaSuccess;
+ bool aaaFail;
+ struct wpabuf *aaaEapReqData;
+ u8 *aaaEapKeyData;
+ size_t aaaEapKeyDataLen;
+ bool aaaEapKeyAvailable;
+ int aaaMethodTimeout;
+
+ /* Full authenticator to AAA interface variables */
+ bool aaaEapResp;
+ struct wpabuf *aaaEapRespData;
+ /* aaaIdentity -> eap_get_identity() */
+ bool aaaTimeout;
+};
+
+struct eap_server_erp_key {
+ struct dl_list list;
+ size_t rRK_len;
+ size_t rIK_len;
+ u8 rRK[ERP_MAX_KEY_LEN];
+ u8 rIK[ERP_MAX_KEY_LEN];
+ u32 recv_seq;
+ u8 cryptosuite;
+ char keyname_nai[];
+};
+
+struct eapol_callbacks {
+ int (*get_eap_user)(void *ctx, const u8 *identity, size_t identity_len,
+ int phase2, struct eap_user *user);
+ const char * (*get_eap_req_id_text)(void *ctx, size_t *len);
+ void (*log_msg)(void *ctx, const char *msg);
+ int (*get_erp_send_reauth_start)(void *ctx);
+ const char * (*get_erp_domain)(void *ctx);
+ struct eap_server_erp_key * (*erp_get_key)(void *ctx,
+ const char *keyname);
+ int (*erp_add_key)(void *ctx, struct eap_server_erp_key *erp);
+};
+
+struct eap_config {
+ /**
+ * ssl_ctx - TLS context
+ *
+ * This is passed to the EAP server implementation as a callback
+ * context for TLS operations.
+ */
+ void *ssl_ctx;
+ void *msg_ctx;
+
+ /**
+ * eap_sim_db_priv - EAP-SIM/AKA database context
+ *
+ * This is passed to the EAP-SIM/AKA server implementation as a
+ * callback context.
+ */
+ void *eap_sim_db_priv;
+ bool backend_auth;
+ int eap_server;
+
+ /**
+ * pwd_group - The D-H group assigned for EAP-pwd
+ *
+ * If EAP-pwd is not used it can be set to zero.
+ */
+ u16 pwd_group;
+
+ /**
+ * pac_opaque_encr_key - PAC-Opaque encryption key for EAP-FAST
+ *
+ * This parameter is used to set a key for EAP-FAST to encrypt the
+ * PAC-Opaque data. It can be set to %NULL if EAP-FAST is not used. If
+ * set, must point to a 16-octet key.
+ */
+ u8 *pac_opaque_encr_key;
+
+ /**
+ * eap_fast_a_id - EAP-FAST authority identity (A-ID)
+ *
+ * If EAP-FAST is not used, this can be set to %NULL. In theory, this
+ * is a variable length field, but due to some existing implementations
+ * requiring A-ID to be 16 octets in length, it is recommended to use
+ * that length for the field to provide interoperability with deployed
+ * peer implementations.
+ */
+ u8 *eap_fast_a_id;
+
+ /**
+ * eap_fast_a_id_len - Length of eap_fast_a_id buffer in octets
+ */
+ size_t eap_fast_a_id_len;
+ /**
+ * eap_fast_a_id_info - EAP-FAST authority identifier information
+ *
+ * This A-ID-Info contains a user-friendly name for the A-ID. For
+ * example, this could be the enterprise and server names in
+ * human-readable format. This field is encoded as UTF-8. If EAP-FAST
+ * is not used, this can be set to %NULL.
+ */
+ char *eap_fast_a_id_info;
+
+ /**
+ * eap_fast_prov - EAP-FAST provisioning modes
+ *
+ * 0 = provisioning disabled, 1 = only anonymous provisioning allowed,
+ * 2 = only authenticated provisioning allowed, 3 = both provisioning
+ * modes allowed.
+ */
+ enum {
+ NO_PROV, ANON_PROV, AUTH_PROV, BOTH_PROV
+ } eap_fast_prov;
+
+ /**
+ * pac_key_lifetime - EAP-FAST PAC-Key lifetime in seconds
+ *
+ * This is the hard limit on how long a provisioned PAC-Key can be
+ * used.
+ */
+ int pac_key_lifetime;
+
+ /**
+ * pac_key_refresh_time - EAP-FAST PAC-Key refresh time in seconds
+ *
+ * This is a soft limit on the PAC-Key. The server will automatically
+ * generate a new PAC-Key when this number of seconds (or fewer) of the
+ * lifetime remains.
+ */
+ int pac_key_refresh_time;
+ int eap_teap_auth;
+ int eap_teap_pac_no_inner;
+ int eap_teap_separate_result;
+ enum eap_teap_id {
+ EAP_TEAP_ID_ALLOW_ANY = 0,
+ EAP_TEAP_ID_REQUIRE_USER = 1,
+ EAP_TEAP_ID_REQUIRE_MACHINE = 2,
+ EAP_TEAP_ID_REQUEST_USER_ACCEPT_MACHINE = 3,
+ EAP_TEAP_ID_REQUEST_MACHINE_ACCEPT_USER = 4,
+ EAP_TEAP_ID_REQUIRE_USER_AND_MACHINE = 5,
+ } eap_teap_id;
+
+ /**
+ * eap_sim_aka_result_ind - EAP-SIM/AKA protected success indication
+ *
+ * This controls whether the protected success/failure indication
+ * (AT_RESULT_IND) is used with EAP-SIM and EAP-AKA.
+ */
+ int eap_sim_aka_result_ind;
+ int eap_sim_id;
+
+ /**
+ * tnc - Trusted Network Connect (TNC)
+ *
+ * This controls whether TNC is enabled and will be required before the
+ * peer is allowed to connect. Note: This is only used with EAP-TTLS
+ * and EAP-FAST. If any other EAP method is enabled, the peer will be
+ * allowed to connect without TNC.
+ */
+ int tnc;
+
+ /**
+ * wps - Wi-Fi Protected Setup context
+ *
+ * If WPS is used with an external RADIUS server (which is quite
+ * unlikely configuration), this is used to provide a pointer to WPS
+ * context data. Normally, this can be set to %NULL.
+ */
+ struct wps_context *wps;
+ int fragment_size;
+
+ int pbc_in_m1;
+
+ /**
+ * server_id - Server identity
+ */
+ u8 *server_id;
+ size_t server_id_len;
+
+ /**
+ * erp - Whether EAP Re-authentication Protocol (ERP) is enabled
+ *
+ * This controls whether the authentication server derives ERP key
+ * hierarchy (rRK and rIK) from full EAP authentication and allows
+ * these keys to be used to perform ERP to derive rMSK instead of full
+ * EAP authentication to derive MSK.
+ */
+ int erp;
+ unsigned int tls_session_lifetime;
+ unsigned int tls_flags;
+
+ unsigned int max_auth_rounds;
+ unsigned int max_auth_rounds_short;
+};
+
+struct eap_session_data {
+ const struct wpabuf *assoc_wps_ie;
+ const struct wpabuf *assoc_p2p_ie;
+ const u8 *peer_addr;
+#ifdef CONFIG_TESTING_OPTIONS
+ u32 tls_test_flags;
+#endif /* CONFIG_TESTING_OPTIONS */
+};
+
+
+struct eap_sm * eap_server_sm_init(void *eapol_ctx,
+ const struct eapol_callbacks *eapol_cb,
+ const struct eap_config *conf,
+ const struct eap_session_data *sess);
+void eap_server_sm_deinit(struct eap_sm *sm);
+int eap_server_sm_step(struct eap_sm *sm);
+void eap_sm_notify_cached(struct eap_sm *sm);
+void eap_sm_pending_cb(struct eap_sm *sm);
+int eap_sm_method_pending(struct eap_sm *sm);
+const u8 * eap_get_identity(struct eap_sm *sm, size_t *len);
+const char * eap_get_serial_num(struct eap_sm *sm);
+const char * eap_get_method(struct eap_sm *sm);
+const char * eap_get_imsi(struct eap_sm *sm);
+struct eap_eapol_interface * eap_get_interface(struct eap_sm *sm);
+void eap_server_clear_identity(struct eap_sm *sm);
+void eap_server_mschap_rx_callback(struct eap_sm *sm, const char *source,
+ const u8 *username, size_t username_len,
+ const u8 *challenge, const u8 *response);
+void eap_erp_update_identity(struct eap_sm *sm, const u8 *eap, size_t len);
+void eap_user_free(struct eap_user *user);
+void eap_server_config_free(struct eap_config *cfg);
+
+#endif /* EAP_H */
diff --git a/ap/app/hostapd-2.10/src/eap_server/eap_i.h b/ap/app/hostapd-2.10/src/eap_server/eap_i.h
new file mode 100755
index 0000000..28bb564
--- /dev/null
+++ b/ap/app/hostapd-2.10/src/eap_server/eap_i.h
@@ -0,0 +1,203 @@
+/*
+ * hostapd / EAP Authenticator state machine internal structures (RFC 4137)
+ * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef EAP_I_H
+#define EAP_I_H
+
+#include "wpabuf.h"
+#include "eap_server/eap.h"
+#include "eap_common/eap_common.h"
+
+/* RFC 4137 - EAP Standalone Authenticator */
+
+/**
+ * struct eap_method - EAP method interface
+ * This structure defines the EAP method interface. Each method will need to
+ * register its own EAP type, EAP name, and set of function pointers for method
+ * specific operations. This interface is based on section 5.4 of RFC 4137.
+ */
+struct eap_method {
+ int vendor;
+ enum eap_type method;
+ const char *name;
+
+ void * (*init)(struct eap_sm *sm);
+ void * (*initPickUp)(struct eap_sm *sm);
+ void (*reset)(struct eap_sm *sm, void *priv);
+
+ struct wpabuf * (*buildReq)(struct eap_sm *sm, void *priv, u8 id);
+ int (*getTimeout)(struct eap_sm *sm, void *priv);
+ bool (*check)(struct eap_sm *sm, void *priv, struct wpabuf *respData);
+ void (*process)(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData);
+ bool (*isDone)(struct eap_sm *sm, void *priv);
+ u8 * (*getKey)(struct eap_sm *sm, void *priv, size_t *len);
+ /* isSuccess is not specified in draft-ietf-eap-statemachine-05.txt,
+ * but it is useful in implementing Policy.getDecision() */
+ bool (*isSuccess)(struct eap_sm *sm, void *priv);
+
+ /**
+ * free - Free EAP method data
+ * @method: Pointer to the method data registered with
+ * eap_server_method_register().
+ *
+ * This function will be called when the EAP method is being
+ * unregistered. If the EAP method allocated resources during
+ * registration (e.g., allocated struct eap_method), they should be
+ * freed in this function. No other method functions will be called
+ * after this call. If this function is not defined (i.e., function
+ * pointer is %NULL), a default handler is used to release the method
+ * data with free(method). This is suitable for most cases.
+ */
+ void (*free)(struct eap_method *method);
+
+#define EAP_SERVER_METHOD_INTERFACE_VERSION 1
+ /**
+ * version - Version of the EAP server method interface
+ *
+ * The EAP server method implementation should set this variable to
+ * EAP_SERVER_METHOD_INTERFACE_VERSION. This is used to verify that the
+ * EAP method is using supported API version when using dynamically
+ * loadable EAP methods.
+ */
+ int version;
+
+ /**
+ * next - Pointer to the next EAP method
+ *
+ * This variable is used internally in the EAP method registration code
+ * to create a linked list of registered EAP methods.
+ */
+ struct eap_method *next;
+
+ /**
+ * get_emsk - Get EAP method specific keying extended material (EMSK)
+ * @sm: Pointer to EAP state machine allocated with eap_sm_init()
+ * @priv: Pointer to private EAP method data from eap_method::init()
+ * @len: Pointer to a variable to store EMSK length
+ * Returns: EMSK or %NULL if not available
+ *
+ * This function can be used to get the extended keying material from
+ * the EAP method. The key may already be stored in the method-specific
+ * private data or this function may derive the key.
+ */
+ u8 * (*get_emsk)(struct eap_sm *sm, void *priv, size_t *len);
+
+ /**
+ * getSessionId - Get EAP method specific Session-Id
+ * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
+ * @priv: Pointer to private EAP method data from eap_method::init()
+ * @len: Pointer to a variable to store Session-Id length
+ * Returns: Session-Id or %NULL if not available
+ *
+ * This function can be used to get the Session-Id from the EAP method.
+ * The Session-Id may already be stored in the method-specific private
+ * data or this function may derive the Session-Id.
+ */
+ u8 * (*getSessionId)(struct eap_sm *sm, void *priv, size_t *len);
+};
+
+/**
+ * struct eap_sm - EAP server state machine data
+ */
+struct eap_sm {
+ enum {
+ EAP_DISABLED, EAP_INITIALIZE, EAP_IDLE, EAP_RECEIVED,
+ EAP_INTEGRITY_CHECK, EAP_METHOD_RESPONSE, EAP_METHOD_REQUEST,
+ EAP_PROPOSE_METHOD, EAP_SELECT_ACTION, EAP_SEND_REQUEST,
+ EAP_DISCARD, EAP_NAK, EAP_RETRANSMIT, EAP_SUCCESS, EAP_FAILURE,
+ EAP_TIMEOUT_FAILURE, EAP_PICK_UP_METHOD,
+ EAP_INITIALIZE_PASSTHROUGH, EAP_IDLE2, EAP_RETRANSMIT2,
+ EAP_RECEIVED2, EAP_DISCARD2, EAP_SEND_REQUEST2,
+ EAP_AAA_REQUEST, EAP_AAA_RESPONSE, EAP_AAA_IDLE,
+ EAP_TIMEOUT_FAILURE2, EAP_FAILURE2, EAP_SUCCESS2,
+ EAP_INITIATE_REAUTH_START, EAP_INITIATE_RECEIVED
+ } EAP_state;
+
+ /* Constants */
+ int MaxRetrans;
+
+ struct eap_eapol_interface eap_if;
+
+ /* Full authenticator state machine local variables */
+
+ /* Long-term (maintained between packets) */
+ enum eap_type currentMethod;
+ int currentId;
+ enum {
+ METHOD_PROPOSED, METHOD_CONTINUE, METHOD_END
+ } methodState;
+ int retransCount;
+ struct wpabuf *lastReqData;
+ int methodTimeout;
+
+ /* Short-term (not maintained between packets) */
+ bool rxResp;
+ bool rxInitiate;
+ int respId;
+ enum eap_type respMethod;
+ int respVendor;
+ u32 respVendorMethod;
+ bool ignore;
+ enum {
+ DECISION_SUCCESS, DECISION_FAILURE, DECISION_CONTINUE,
+ DECISION_PASSTHROUGH, DECISION_INITIATE_REAUTH_START
+ } decision;
+
+ /* Miscellaneous variables */
+ const struct eap_method *m; /* selected EAP method */
+ /* not defined in RFC 4137 */
+ bool changed;
+ void *eapol_ctx;
+ const struct eapol_callbacks *eapol_cb;
+ void *eap_method_priv;
+ u8 *identity;
+ size_t identity_len;
+ char *serial_num;
+ char imsi[20];
+ /* Whether Phase 2 method should validate identity match */
+ int require_identity_match;
+ int lastId; /* Identifier used in the last EAP-Packet */
+ struct eap_user *user;
+ int user_eap_method_index;
+ int init_phase2;
+ const struct eap_config *cfg;
+ struct eap_config cfg_buf;
+ bool update_user;
+
+ unsigned int num_rounds;
+ unsigned int num_rounds_short;
+ enum {
+ METHOD_PENDING_NONE, METHOD_PENDING_WAIT, METHOD_PENDING_CONT
+ } method_pending;
+
+ u8 *auth_challenge;
+ u8 *peer_challenge;
+
+ struct wpabuf *assoc_wps_ie;
+ struct wpabuf *assoc_p2p_ie;
+
+ bool start_reauth;
+
+ u8 peer_addr[ETH_ALEN];
+
+ bool initiate_reauth_start_sent;
+ bool try_initiate_reauth;
+
+#ifdef CONFIG_TESTING_OPTIONS
+ u32 tls_test_flags;
+#endif /* CONFIG_TESTING_OPTIONS */
+};
+
+int eap_user_get(struct eap_sm *sm, const u8 *identity, size_t identity_len,
+ int phase2);
+void eap_log_msg(struct eap_sm *sm, const char *fmt, ...)
+PRINTF_FORMAT(2, 3);
+void eap_sm_process_nak(struct eap_sm *sm, const u8 *nak_list, size_t len);
+
+#endif /* EAP_I_H */
diff --git a/ap/app/hostapd-2.10/src/eap_server/eap_methods.h b/ap/app/hostapd-2.10/src/eap_server/eap_methods.h
new file mode 100755
index 0000000..ad60700
--- /dev/null
+++ b/ap/app/hostapd-2.10/src/eap_server/eap_methods.h
@@ -0,0 +1,52 @@
+/*
+ * EAP server method registration
+ * Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef EAP_SERVER_METHODS_H
+#define EAP_SERVER_METHODS_H
+
+#include "eap_common/eap_defs.h"
+
+const struct eap_method * eap_server_get_eap_method(int vendor,
+ enum eap_type method);
+struct eap_method * eap_server_method_alloc(int version, int vendor,
+ enum eap_type method,
+ const char *name);
+int eap_server_method_register(struct eap_method *method);
+
+enum eap_type eap_server_get_type(const char *name, int *vendor);
+void eap_server_unregister_methods(void);
+const char * eap_server_get_name(int vendor, enum eap_type type);
+
+/* EAP server method registration calls for statically linked in methods */
+int eap_server_identity_register(void);
+int eap_server_md5_register(void);
+int eap_server_tls_register(void);
+int eap_server_unauth_tls_register(void);
+int eap_server_wfa_unauth_tls_register(void);
+int eap_server_mschapv2_register(void);
+int eap_server_peap_register(void);
+int eap_server_tlv_register(void);
+int eap_server_gtc_register(void);
+int eap_server_ttls_register(void);
+int eap_server_sim_register(void);
+int eap_server_aka_register(void);
+int eap_server_aka_prime_register(void);
+int eap_server_pax_register(void);
+int eap_server_psk_register(void);
+int eap_server_sake_register(void);
+int eap_server_gpsk_register(void);
+int eap_server_vendor_test_register(void);
+int eap_server_fast_register(void);
+int eap_server_teap_register(void);
+int eap_server_wsc_register(void);
+int eap_server_ikev2_register(void);
+int eap_server_tnc_register(void);
+int eap_server_pwd_register(void);
+int eap_server_eke_register(void);
+
+#endif /* EAP_SERVER_METHODS_H */
diff --git a/ap/app/hostapd-2.10/src/eap_server/eap_sim_db.h b/ap/app/hostapd-2.10/src/eap_server/eap_sim_db.h
new file mode 100755
index 0000000..ca900b9
--- /dev/null
+++ b/ap/app/hostapd-2.10/src/eap_server/eap_sim_db.h
@@ -0,0 +1,95 @@
+/*
+ * hostapd / EAP-SIM database/authenticator gateway
+ * Copyright (c) 2005-2008, 2012, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef EAP_SIM_DB_H
+#define EAP_SIM_DB_H
+
+#include "eap_common/eap_sim_common.h"
+
+/* Identity prefixes */
+#define EAP_SIM_PERMANENT_PREFIX '1'
+#define EAP_SIM_PSEUDONYM_PREFIX '3'
+#define EAP_SIM_REAUTH_ID_PREFIX '5'
+#define EAP_AKA_PERMANENT_PREFIX '0'
+#define EAP_AKA_PSEUDONYM_PREFIX '2'
+#define EAP_AKA_REAUTH_ID_PREFIX '4'
+#define EAP_AKA_PRIME_PERMANENT_PREFIX '6'
+#define EAP_AKA_PRIME_PSEUDONYM_PREFIX '7'
+#define EAP_AKA_PRIME_REAUTH_ID_PREFIX '8'
+
+enum eap_sim_db_method {
+ EAP_SIM_DB_SIM,
+ EAP_SIM_DB_AKA,
+ EAP_SIM_DB_AKA_PRIME
+};
+
+struct eap_sim_db_data;
+
+struct eap_sim_db_data *
+eap_sim_db_init(const char *config, unsigned int db_timeout,
+ void (*get_complete_cb)(void *ctx, void *session_ctx),
+ void *ctx);
+
+void eap_sim_db_deinit(void *priv);
+
+int eap_sim_db_get_gsm_triplets(struct eap_sim_db_data *data,
+ const char *username, int max_chal,
+ u8 *_rand, u8 *kc, u8 *sres,
+ void *cb_session_ctx);
+
+#define EAP_SIM_DB_FAILURE -1
+#define EAP_SIM_DB_PENDING -2
+
+char * eap_sim_db_get_next_pseudonym(struct eap_sim_db_data *data,
+ enum eap_sim_db_method method);
+
+char * eap_sim_db_get_next_reauth_id(struct eap_sim_db_data *data,
+ enum eap_sim_db_method method);
+
+int eap_sim_db_add_pseudonym(struct eap_sim_db_data *data,
+ const char *permanent, char *pseudonym);
+
+int eap_sim_db_add_reauth(struct eap_sim_db_data *data, const char *permanent,
+ char *reauth_id, u16 counter, const u8 *mk);
+int eap_sim_db_add_reauth_prime(struct eap_sim_db_data *data,
+ const char *permanent,
+ char *reauth_id, u16 counter, const u8 *k_encr,
+ const u8 *k_aut, const u8 *k_re);
+
+const char * eap_sim_db_get_permanent(struct eap_sim_db_data *data,
+ const char *pseudonym);
+
+struct eap_sim_reauth {
+ struct eap_sim_reauth *next;
+ char *permanent; /* Permanent username */
+ char *reauth_id; /* Fast re-authentication username */
+ u16 counter;
+ u8 mk[EAP_SIM_MK_LEN];
+ u8 k_encr[EAP_SIM_K_ENCR_LEN];
+ u8 k_aut[EAP_AKA_PRIME_K_AUT_LEN];
+ u8 k_re[EAP_AKA_PRIME_K_RE_LEN];
+};
+
+struct eap_sim_reauth *
+eap_sim_db_get_reauth_entry(struct eap_sim_db_data *data,
+ const char *reauth_id);
+
+void eap_sim_db_remove_reauth(struct eap_sim_db_data *data,
+ struct eap_sim_reauth *reauth);
+
+int eap_sim_db_get_aka_auth(struct eap_sim_db_data *data, const char *username,
+ u8 *_rand, u8 *autn, u8 *ik, u8 *ck,
+ u8 *res, size_t *res_len, void *cb_session_ctx);
+
+int eap_sim_db_resynchronize(struct eap_sim_db_data *data,
+ const char *username, const u8 *auts,
+ const u8 *_rand);
+
+char * sim_get_username(const u8 *identity, size_t identity_len);
+
+#endif /* EAP_SIM_DB_H */
diff --git a/ap/app/hostapd-2.10/src/eap_server/eap_tls_common.h b/ap/app/hostapd-2.10/src/eap_server/eap_tls_common.h
new file mode 100755
index 0000000..b0723a1
--- /dev/null
+++ b/ap/app/hostapd-2.10/src/eap_server/eap_tls_common.h
@@ -0,0 +1,101 @@
+/*
+ * EAP-TLS/PEAP/TTLS/FAST server common functions
+ * Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef EAP_TLS_COMMON_H
+#define EAP_TLS_COMMON_H
+
+/**
+ * struct eap_ssl_data - TLS data for EAP methods
+ */
+struct eap_ssl_data {
+ /**
+ * conn - TLS connection context data from tls_connection_init()
+ */
+ struct tls_connection *conn;
+
+ /**
+ * tls_out - TLS message to be sent out in fragments
+ */
+ struct wpabuf *tls_out;
+
+ /**
+ * tls_out_pos - The current position in the outgoing TLS message
+ */
+ size_t tls_out_pos;
+
+ /**
+ * tls_out_limit - Maximum fragment size for outgoing TLS messages
+ */
+ size_t tls_out_limit;
+
+ /**
+ * tls_in - Received TLS message buffer for re-assembly
+ */
+ struct wpabuf *tls_in;
+
+ /**
+ * phase2 - Whether this TLS connection is used in EAP phase 2 (tunnel)
+ */
+ int phase2;
+
+ /**
+ * eap - EAP state machine allocated with eap_server_sm_init()
+ */
+ struct eap_sm *eap;
+
+ enum { MSG, FRAG_ACK, WAIT_FRAG_ACK } state;
+ struct wpabuf tmpbuf;
+
+ /**
+ * tls_v13 - Whether TLS v1.3 or newer is used
+ */
+ int tls_v13;
+};
+
+
+/* EAP TLS Flags */
+#define EAP_TLS_FLAGS_LENGTH_INCLUDED 0x80
+#define EAP_TLS_FLAGS_MORE_FRAGMENTS 0x40
+#define EAP_TLS_FLAGS_START 0x20
+#define EAP_TEAP_FLAGS_OUTER_TLV_LEN 0x10
+#define EAP_TLS_VERSION_MASK 0x07
+
+ /* could be up to 128 bytes, but only the first 64 bytes are used */
+#define EAP_TLS_KEY_LEN 64
+
+/* stub type used as a flag for UNAUTH-TLS */
+#define EAP_UNAUTH_TLS_TYPE 255
+#define EAP_WFA_UNAUTH_TLS_TYPE 254
+
+
+struct wpabuf * eap_tls_msg_alloc(enum eap_type type, size_t payload_len,
+ u8 code, u8 identifier);
+int eap_server_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
+ int verify_peer, int eap_type);
+void eap_server_tls_ssl_deinit(struct eap_sm *sm, struct eap_ssl_data *data);
+u8 * eap_server_tls_derive_key(struct eap_sm *sm, struct eap_ssl_data *data,
+ const char *label, const u8 *context,
+ size_t context_len, size_t len);
+u8 * eap_server_tls_derive_session_id(struct eap_sm *sm,
+ struct eap_ssl_data *data, u8 eap_type,
+ size_t *len);
+struct wpabuf * eap_server_tls_build_msg(struct eap_ssl_data *data,
+ int eap_type, int version, u8 id);
+struct wpabuf * eap_server_tls_build_ack(u8 id, int eap_type, int version);
+int eap_server_tls_phase1(struct eap_sm *sm, struct eap_ssl_data *data);
+struct wpabuf * eap_server_tls_encrypt(struct eap_sm *sm,
+ struct eap_ssl_data *data,
+ const struct wpabuf *plain);
+int eap_server_tls_process(struct eap_sm *sm, struct eap_ssl_data *data,
+ struct wpabuf *respData, void *priv, int eap_type,
+ int (*proc_version)(struct eap_sm *sm, void *priv,
+ int peer_version),
+ void (*proc_msg)(struct eap_sm *sm, void *priv,
+ const struct wpabuf *respData));
+
+#endif /* EAP_TLS_COMMON_H */
diff --git a/ap/app/hostapd-2.10/src/eap_server/ikev2.h b/ap/app/hostapd-2.10/src/eap_server/ikev2.h
new file mode 100755
index 0000000..051a938
--- /dev/null
+++ b/ap/app/hostapd-2.10/src/eap_server/ikev2.h
@@ -0,0 +1,61 @@
+/*
+ * IKEv2 initiator (RFC 4306) for EAP-IKEV2
+ * Copyright (c) 2007, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef IKEV2_H
+#define IKEV2_H
+
+#include "eap_common/ikev2_common.h"
+
+struct ikev2_proposal_data {
+ u8 proposal_num;
+ int integ;
+ int prf;
+ int encr;
+ int dh;
+};
+
+
+struct ikev2_initiator_data {
+ enum { SA_INIT, SA_AUTH, CHILD_SA, IKEV2_DONE } state;
+ u8 i_spi[IKEV2_SPI_LEN];
+ u8 r_spi[IKEV2_SPI_LEN];
+ u8 i_nonce[IKEV2_NONCE_MAX_LEN];
+ size_t i_nonce_len;
+ u8 r_nonce[IKEV2_NONCE_MAX_LEN];
+ size_t r_nonce_len;
+ struct wpabuf *r_dh_public;
+ struct wpabuf *i_dh_private;
+ struct ikev2_proposal_data proposal;
+ const struct dh_group *dh;
+ struct ikev2_keys keys;
+ u8 *IDi;
+ size_t IDi_len;
+ u8 *IDr;
+ size_t IDr_len;
+ u8 IDr_type;
+ struct wpabuf *r_sign_msg;
+ struct wpabuf *i_sign_msg;
+ u8 *shared_secret;
+ size_t shared_secret_len;
+ enum { PEER_AUTH_CERT, PEER_AUTH_SECRET } peer_auth;
+ u8 *key_pad;
+ size_t key_pad_len;
+
+ const u8 * (*get_shared_secret)(void *ctx, const u8 *IDr,
+ size_t IDr_len, size_t *secret_len);
+ void *cb_ctx;
+ int unknown_user;
+};
+
+
+void ikev2_initiator_deinit(struct ikev2_initiator_data *data);
+int ikev2_initiator_process(struct ikev2_initiator_data *data,
+ const struct wpabuf *buf);
+struct wpabuf * ikev2_initiator_build(struct ikev2_initiator_data *data);
+
+#endif /* IKEV2_H */
diff --git a/ap/app/hostapd-2.10/src/eap_server/tncs.h b/ap/app/hostapd-2.10/src/eap_server/tncs.h
new file mode 100755
index 0000000..ac7251b
--- /dev/null
+++ b/ap/app/hostapd-2.10/src/eap_server/tncs.h
@@ -0,0 +1,43 @@
+/*
+ * EAP-TNC - TNCS (IF-IMV, IF-TNCCS, and IF-TNCCS-SOH)
+ * Copyright (c) 2007-2008, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef TNCS_H
+#define TNCS_H
+
+struct tncs_data;
+
+struct tncs_data * tncs_init(void);
+void tncs_deinit(struct tncs_data *tncs);
+void tncs_init_connection(struct tncs_data *tncs);
+size_t tncs_total_send_len(struct tncs_data *tncs);
+u8 * tncs_copy_send_buf(struct tncs_data *tncs, u8 *pos);
+char * tncs_if_tnccs_start(struct tncs_data *tncs);
+char * tncs_if_tnccs_end(void);
+
+enum tncs_process_res {
+ TNCCS_PROCESS_ERROR = -1,
+ TNCCS_PROCESS_OK_NO_RECOMMENDATION = 0,
+ TNCCS_RECOMMENDATION_ERROR,
+ TNCCS_RECOMMENDATION_ALLOW,
+ TNCCS_RECOMMENDATION_NONE,
+ TNCCS_RECOMMENDATION_ISOLATE,
+ TNCCS_RECOMMENDATION_NO_ACCESS,
+ TNCCS_RECOMMENDATION_NO_RECOMMENDATION
+};
+
+enum tncs_process_res tncs_process_if_tnccs(struct tncs_data *tncs,
+ const u8 *msg, size_t len);
+
+int tncs_global_init(void);
+void tncs_global_deinit(void);
+
+struct wpabuf * tncs_build_soh_request(void);
+struct wpabuf * tncs_process_soh(const u8 *soh_tlv, size_t soh_tlv_len,
+ int *failure);
+
+#endif /* TNCS_H */