eapol_auth_sm_i.h revision 8d520ff1dc2da35cdca849e982051b86468016d8 
18d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/*
28d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * IEEE 802.1X-2004 Authenticator - EAPOL state machine (internal definitions)
38d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi>
48d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt *
58d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This program is free software; you can redistribute it and/or modify
68d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * it under the terms of the GNU General Public License version 2 as
78d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * published by the Free Software Foundation.
88d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt *
98d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Alternatively, this software may be distributed under the terms of BSD
108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * license.
118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt *
128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * See README and COPYING for more details.
138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */
148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt
158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#ifndef EAPOL_AUTH_SM_I_H
168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define EAPOL_AUTH_SM_I_H
178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt
188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#include "common/defs.h"
198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#include "radius/radius.h"
208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt
218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* IEEE Std 802.1X-2004, Ch. 8.2 */
228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt
238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidttypedef enum { ForceUnauthorized = 1, ForceAuthorized = 3, Auto = 2 }
248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	PortTypes;
258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidttypedef enum { Unauthorized = 2, Authorized = 1 } PortState;
268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidttypedef enum { Both = 0, In = 1 } ControlledDirection;
278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidttypedef unsigned int Counter;
288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt
298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt
308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/**
318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * struct eapol_authenticator - Global EAPOL authenticator data
328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */
338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct eapol_authenticator {
348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	struct eapol_auth_config conf;
358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	struct eapol_auth_cb cb;
368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt
378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	u8 *default_wep_key;
388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	u8 default_wep_key_idx;
398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt};
408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt
418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt
428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/**
438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * struct eapol_state_machine - Per-Supplicant Authenticator state machines
448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */
458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct eapol_state_machine {
468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	/* timers */
478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	int aWhile;
488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	int quietWhile;
498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	int reAuthWhen;
508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt
518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	/* global variables */
528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Boolean authAbort;
538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Boolean authFail;
548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	PortState authPortStatus;
558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Boolean authStart;
568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Boolean authTimeout;
578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Boolean authSuccess;
588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Boolean eapolEap;
598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Boolean initialize;
608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Boolean keyDone;
618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Boolean keyRun;
628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Boolean keyTxEnabled;
638d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	PortTypes portControl;
648d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Boolean portValid;
658d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Boolean reAuthenticate;
668d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt
678d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	/* Port Timers state machine */
688d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	/* 'Boolean tick' implicitly handled as registered timeout */
698d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt
708d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	/* Authenticator PAE state machine */
718d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	enum { AUTH_PAE_INITIALIZE, AUTH_PAE_DISCONNECTED, AUTH_PAE_CONNECTING,
728d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	       AUTH_PAE_AUTHENTICATING, AUTH_PAE_AUTHENTICATED,
738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	       AUTH_PAE_ABORTING, AUTH_PAE_HELD, AUTH_PAE_FORCE_AUTH,
748d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	       AUTH_PAE_FORCE_UNAUTH, AUTH_PAE_RESTART } auth_pae_state;
758d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	/* variables */
768d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Boolean eapolLogoff;
778d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Boolean eapolStart;
788d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	PortTypes portMode;
798d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	unsigned int reAuthCount;
808d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	/* constants */
818d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	unsigned int quietPeriod; /* default 60; 0..65535 */
828d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define AUTH_PAE_DEFAULT_quietPeriod 60
838d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	unsigned int reAuthMax; /* default 2 */
848d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define AUTH_PAE_DEFAULT_reAuthMax 2
858d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	/* counters */
868d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Counter authEntersConnecting;
878d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Counter authEapLogoffsWhileConnecting;
888d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Counter authEntersAuthenticating;
898d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Counter authAuthSuccessesWhileAuthenticating;
908d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Counter authAuthTimeoutsWhileAuthenticating;
918d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Counter authAuthFailWhileAuthenticating;
928d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Counter authAuthEapStartsWhileAuthenticating;
938d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Counter authAuthEapLogoffWhileAuthenticating;
948d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Counter authAuthReauthsWhileAuthenticated;
958d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Counter authAuthEapStartsWhileAuthenticated;
968d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Counter authAuthEapLogoffWhileAuthenticated;
978d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt
988d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	/* Backend Authentication state machine */
998d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	enum { BE_AUTH_REQUEST, BE_AUTH_RESPONSE, BE_AUTH_SUCCESS,
1008d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	       BE_AUTH_FAIL, BE_AUTH_TIMEOUT, BE_AUTH_IDLE, BE_AUTH_INITIALIZE,
1018d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	       BE_AUTH_IGNORE
1028d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	} be_auth_state;
1038d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	/* constants */
1048d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	unsigned int serverTimeout; /* default 30; 1..X */
1058d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define BE_AUTH_DEFAULT_serverTimeout 30
1068d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	/* counters */
1078d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Counter backendResponses;
1088d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Counter backendAccessChallenges;
1098d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Counter backendOtherRequestsToSupplicant;
1108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Counter backendAuthSuccesses;
1118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Counter backendAuthFails;
1128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt
1138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	/* Reauthentication Timer state machine */
1148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	enum { REAUTH_TIMER_INITIALIZE, REAUTH_TIMER_REAUTHENTICATE
1158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	} reauth_timer_state;
1168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	/* constants */
1178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	unsigned int reAuthPeriod; /* default 3600 s */
1188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Boolean reAuthEnabled;
1198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt
1208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	/* Authenticator Key Transmit state machine */
1218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	enum { AUTH_KEY_TX_NO_KEY_TRANSMIT, AUTH_KEY_TX_KEY_TRANSMIT
1228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	} auth_key_tx_state;
1238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt
1248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	/* Key Receive state machine */
1258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	enum { KEY_RX_NO_KEY_RECEIVE, KEY_RX_KEY_RECEIVE } key_rx_state;
1268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	/* variables */
1278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Boolean rxKey;
1288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt
1298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	/* Controlled Directions state machine */
1308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	enum { CTRL_DIR_FORCE_BOTH, CTRL_DIR_IN_OR_BOTH } ctrl_dir_state;
1318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	/* variables */
1328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	ControlledDirection adminControlledDirections;
1338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	ControlledDirection operControlledDirections;
1348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Boolean operEdge;
1358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt
1368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	/* Authenticator Statistics Table */
1378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Counter dot1xAuthEapolFramesRx;
1388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Counter dot1xAuthEapolFramesTx;
1398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Counter dot1xAuthEapolStartFramesRx;
1408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Counter dot1xAuthEapolLogoffFramesRx;
1418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Counter dot1xAuthEapolRespIdFramesRx;
1428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Counter dot1xAuthEapolRespFramesRx;
1438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Counter dot1xAuthEapolReqIdFramesTx;
1448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Counter dot1xAuthEapolReqFramesTx;
1458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Counter dot1xAuthInvalidEapolFramesRx;
1468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Counter dot1xAuthEapLengthErrorFramesRx;
1478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Counter dot1xAuthLastEapolFrameVersion;
1488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt
1498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	/* Other variables - not defined in IEEE 802.1X */
1508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	u8 addr[ETH_ALEN]; /* Supplicant address */
1518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	int flags; /* EAPOL_SM_* */
1528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt
1538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	/* EAPOL/AAA <-> EAP full authenticator interface */
1548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	struct eap_eapol_interface *eap_if;
1558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt
1568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	int radius_identifier;
1578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	/* TODO: check when the last messages can be released */
1588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	struct radius_msg *last_recv_radius;
1598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	u8 last_eap_id; /* last used EAP Identifier */
1608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	u8 *identity;
1618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	size_t identity_len;
1628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	u8 eap_type_authsrv; /* EAP type of the last EAP packet from
1638d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt			      * Authentication server */
1648d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	u8 eap_type_supp; /* EAP type of the last EAP packet from Supplicant */
1658d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	struct radius_class_data radius_class;
1668d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt
1678d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	/* Keys for encrypting and signing EAPOL-Key frames */
1688d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	u8 *eapol_key_sign;
1698d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	size_t eapol_key_sign_len;
1708d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	u8 *eapol_key_crypt;
1718d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	size_t eapol_key_crypt_len;
1728d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt
1738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	struct eap_sm *eap;
1748d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt
1758d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Boolean initializing; /* in process of initializing state machines */
1768d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	Boolean changed;
1778d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt
1788d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	struct eapol_authenticator *eapol;
1798d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt
1808d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt	void *sta; /* station context pointer to use in callbacks */
1818d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt};
1828d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt
1838d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#endif /* EAPOL_AUTH_SM_I_H */
184