eapol_auth_sm_i.h revision 8d520ff1dc2da35cdca849e982051b86468016d8
18d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* 28d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * IEEE 802.1X-2004 Authenticator - EAPOL state machine (internal definitions) 38d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi> 48d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 58d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This program is free software; you can redistribute it and/or modify 68d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * it under the terms of the GNU General Public License version 2 as 78d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * published by the Free Software Foundation. 88d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 98d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Alternatively, this software may be distributed under the terms of BSD 108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * license. 118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * See README and COPYING for more details. 138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#ifndef EAPOL_AUTH_SM_I_H 168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define EAPOL_AUTH_SM_I_H 178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#include "common/defs.h" 198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#include "radius/radius.h" 208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* IEEE Std 802.1X-2004, Ch. 8.2 */ 228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidttypedef enum { ForceUnauthorized = 1, ForceAuthorized = 3, Auto = 2 } 248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt PortTypes; 258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidttypedef enum { Unauthorized = 2, Authorized = 1 } PortState; 268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidttypedef enum { Both = 0, In = 1 } ControlledDirection; 278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidttypedef unsigned int Counter; 288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/** 318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * struct eapol_authenticator - Global EAPOL authenticator data 328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct eapol_authenticator { 348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct eapol_auth_config conf; 358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct eapol_auth_cb cb; 368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *default_wep_key; 388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 default_wep_key_idx; 398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/** 438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * struct eapol_state_machine - Per-Supplicant Authenticator state machines 448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct eapol_state_machine { 468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* timers */ 478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int aWhile; 488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int quietWhile; 498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int reAuthWhen; 508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* global variables */ 528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean authAbort; 538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean authFail; 548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt PortState authPortStatus; 558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean authStart; 568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean authTimeout; 578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean authSuccess; 588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean eapolEap; 598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean initialize; 608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean keyDone; 618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean keyRun; 628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean keyTxEnabled; 638d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt PortTypes portControl; 648d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean portValid; 658d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean reAuthenticate; 668d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 678d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* Port Timers state machine */ 688d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* 'Boolean tick' implicitly handled as registered timeout */ 698d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 708d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* Authenticator PAE state machine */ 718d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt enum { AUTH_PAE_INITIALIZE, AUTH_PAE_DISCONNECTED, AUTH_PAE_CONNECTING, 728d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt AUTH_PAE_AUTHENTICATING, AUTH_PAE_AUTHENTICATED, 738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt AUTH_PAE_ABORTING, AUTH_PAE_HELD, AUTH_PAE_FORCE_AUTH, 748d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt AUTH_PAE_FORCE_UNAUTH, AUTH_PAE_RESTART } auth_pae_state; 758d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* variables */ 768d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean eapolLogoff; 778d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean eapolStart; 788d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt PortTypes portMode; 798d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt unsigned int reAuthCount; 808d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* constants */ 818d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt unsigned int quietPeriod; /* default 60; 0..65535 */ 828d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define AUTH_PAE_DEFAULT_quietPeriod 60 838d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt unsigned int reAuthMax; /* default 2 */ 848d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define AUTH_PAE_DEFAULT_reAuthMax 2 858d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* counters */ 868d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter authEntersConnecting; 878d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter authEapLogoffsWhileConnecting; 888d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter authEntersAuthenticating; 898d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter authAuthSuccessesWhileAuthenticating; 908d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter authAuthTimeoutsWhileAuthenticating; 918d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter authAuthFailWhileAuthenticating; 928d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter authAuthEapStartsWhileAuthenticating; 938d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter authAuthEapLogoffWhileAuthenticating; 948d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter authAuthReauthsWhileAuthenticated; 958d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter authAuthEapStartsWhileAuthenticated; 968d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter authAuthEapLogoffWhileAuthenticated; 978d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 988d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* Backend Authentication state machine */ 998d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt enum { BE_AUTH_REQUEST, BE_AUTH_RESPONSE, BE_AUTH_SUCCESS, 1008d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt BE_AUTH_FAIL, BE_AUTH_TIMEOUT, BE_AUTH_IDLE, BE_AUTH_INITIALIZE, 1018d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt BE_AUTH_IGNORE 1028d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt } be_auth_state; 1038d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* constants */ 1048d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt unsigned int serverTimeout; /* default 30; 1..X */ 1058d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define BE_AUTH_DEFAULT_serverTimeout 30 1068d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* counters */ 1078d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter backendResponses; 1088d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter backendAccessChallenges; 1098d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter backendOtherRequestsToSupplicant; 1108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter backendAuthSuccesses; 1118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter backendAuthFails; 1128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* Reauthentication Timer state machine */ 1148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt enum { REAUTH_TIMER_INITIALIZE, REAUTH_TIMER_REAUTHENTICATE 1158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt } reauth_timer_state; 1168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* constants */ 1178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt unsigned int reAuthPeriod; /* default 3600 s */ 1188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean reAuthEnabled; 1198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* Authenticator Key Transmit state machine */ 1218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt enum { AUTH_KEY_TX_NO_KEY_TRANSMIT, AUTH_KEY_TX_KEY_TRANSMIT 1228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt } auth_key_tx_state; 1238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* Key Receive state machine */ 1258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt enum { KEY_RX_NO_KEY_RECEIVE, KEY_RX_KEY_RECEIVE } key_rx_state; 1268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* variables */ 1278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean rxKey; 1288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* Controlled Directions state machine */ 1308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt enum { CTRL_DIR_FORCE_BOTH, CTRL_DIR_IN_OR_BOTH } ctrl_dir_state; 1318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* variables */ 1328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ControlledDirection adminControlledDirections; 1338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ControlledDirection operControlledDirections; 1348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean operEdge; 1358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* Authenticator Statistics Table */ 1378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter dot1xAuthEapolFramesRx; 1388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter dot1xAuthEapolFramesTx; 1398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter dot1xAuthEapolStartFramesRx; 1408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter dot1xAuthEapolLogoffFramesRx; 1418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter dot1xAuthEapolRespIdFramesRx; 1428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter dot1xAuthEapolRespFramesRx; 1438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter dot1xAuthEapolReqIdFramesTx; 1448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter dot1xAuthEapolReqFramesTx; 1458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter dot1xAuthInvalidEapolFramesRx; 1468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter dot1xAuthEapLengthErrorFramesRx; 1478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter dot1xAuthLastEapolFrameVersion; 1488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* Other variables - not defined in IEEE 802.1X */ 1508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 addr[ETH_ALEN]; /* Supplicant address */ 1518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int flags; /* EAPOL_SM_* */ 1528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* EAPOL/AAA <-> EAP full authenticator interface */ 1548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct eap_eapol_interface *eap_if; 1558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int radius_identifier; 1578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* TODO: check when the last messages can be released */ 1588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct radius_msg *last_recv_radius; 1598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 last_eap_id; /* last used EAP Identifier */ 1608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *identity; 1618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t identity_len; 1628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 eap_type_authsrv; /* EAP type of the last EAP packet from 1638d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Authentication server */ 1648d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 eap_type_supp; /* EAP type of the last EAP packet from Supplicant */ 1658d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct radius_class_data radius_class; 1668d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1678d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* Keys for encrypting and signing EAPOL-Key frames */ 1688d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *eapol_key_sign; 1698d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t eapol_key_sign_len; 1708d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *eapol_key_crypt; 1718d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t eapol_key_crypt_len; 1728d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct eap_sm *eap; 1748d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1758d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean initializing; /* in process of initializing state machines */ 1768d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean changed; 1778d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1788d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct eapol_authenticator *eapol; 1798d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1808d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt void *sta; /* station context pointer to use in callbacks */ 1818d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 1828d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1838d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#endif /* EAPOL_AUTH_SM_I_H */ 184