eapol_auth_sm_i.h revision f21452aea786ac056eb01f1cbba4f553bd502747
18d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* 28d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * IEEE 802.1X-2004 Authenticator - EAPOL state machine (internal definitions) 38d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi> 48d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 5c5ec7f57ead87efa365800228aa0b09a12d9e6c4Dmitry Shmidt * This software may be distributed under the terms of the BSD license. 6c5ec7f57ead87efa365800228aa0b09a12d9e6c4Dmitry Shmidt * See README for more details. 78d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 88d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 98d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#ifndef EAPOL_AUTH_SM_I_H 108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define EAPOL_AUTH_SM_I_H 118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#include "common/defs.h" 138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#include "radius/radius.h" 148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* IEEE Std 802.1X-2004, Ch. 8.2 */ 168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidttypedef enum { ForceUnauthorized = 1, ForceAuthorized = 3, Auto = 2 } 188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt PortTypes; 198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidttypedef enum { Unauthorized = 2, Authorized = 1 } PortState; 208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidttypedef enum { Both = 0, In = 1 } ControlledDirection; 218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidttypedef unsigned int Counter; 228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/** 258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * struct eapol_authenticator - Global EAPOL authenticator data 268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct eapol_authenticator { 288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct eapol_auth_config conf; 298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct eapol_auth_cb cb; 308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *default_wep_key; 328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 default_wep_key_idx; 338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/** 378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * struct eapol_state_machine - Per-Supplicant Authenticator state machines 388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct eapol_state_machine { 408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* timers */ 418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int aWhile; 428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int quietWhile; 438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int reAuthWhen; 448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* global variables */ 468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean authAbort; 478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean authFail; 488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt PortState authPortStatus; 498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean authStart; 508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean authTimeout; 518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean authSuccess; 528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean eapolEap; 538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean initialize; 548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean keyDone; 558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean keyRun; 568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean keyTxEnabled; 578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt PortTypes portControl; 588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean portValid; 598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean reAuthenticate; 608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* Port Timers state machine */ 628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* 'Boolean tick' implicitly handled as registered timeout */ 638d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 648d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* Authenticator PAE state machine */ 658d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt enum { AUTH_PAE_INITIALIZE, AUTH_PAE_DISCONNECTED, AUTH_PAE_CONNECTING, 668d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt AUTH_PAE_AUTHENTICATING, AUTH_PAE_AUTHENTICATED, 678d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt AUTH_PAE_ABORTING, AUTH_PAE_HELD, AUTH_PAE_FORCE_AUTH, 688d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt AUTH_PAE_FORCE_UNAUTH, AUTH_PAE_RESTART } auth_pae_state; 698d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* variables */ 708d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean eapolLogoff; 718d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean eapolStart; 728d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt PortTypes portMode; 738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt unsigned int reAuthCount; 748d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* constants */ 758d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt unsigned int quietPeriod; /* default 60; 0..65535 */ 768d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define AUTH_PAE_DEFAULT_quietPeriod 60 778d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt unsigned int reAuthMax; /* default 2 */ 788d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define AUTH_PAE_DEFAULT_reAuthMax 2 798d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* counters */ 808d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter authEntersConnecting; 818d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter authEapLogoffsWhileConnecting; 828d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter authEntersAuthenticating; 838d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter authAuthSuccessesWhileAuthenticating; 848d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter authAuthTimeoutsWhileAuthenticating; 858d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter authAuthFailWhileAuthenticating; 868d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter authAuthEapStartsWhileAuthenticating; 878d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter authAuthEapLogoffWhileAuthenticating; 888d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter authAuthReauthsWhileAuthenticated; 898d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter authAuthEapStartsWhileAuthenticated; 908d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter authAuthEapLogoffWhileAuthenticated; 918d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 928d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* Backend Authentication state machine */ 938d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt enum { BE_AUTH_REQUEST, BE_AUTH_RESPONSE, BE_AUTH_SUCCESS, 948d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt BE_AUTH_FAIL, BE_AUTH_TIMEOUT, BE_AUTH_IDLE, BE_AUTH_INITIALIZE, 958d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt BE_AUTH_IGNORE 968d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt } be_auth_state; 978d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* constants */ 988d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt unsigned int serverTimeout; /* default 30; 1..X */ 998d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define BE_AUTH_DEFAULT_serverTimeout 30 1008d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* counters */ 1018d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter backendResponses; 1028d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter backendAccessChallenges; 1038d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter backendOtherRequestsToSupplicant; 1048d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter backendAuthSuccesses; 1058d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter backendAuthFails; 1068d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1078d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* Reauthentication Timer state machine */ 1088d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt enum { REAUTH_TIMER_INITIALIZE, REAUTH_TIMER_REAUTHENTICATE 1098d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt } reauth_timer_state; 1108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* constants */ 1118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt unsigned int reAuthPeriod; /* default 3600 s */ 1128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean reAuthEnabled; 1138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* Authenticator Key Transmit state machine */ 1158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt enum { AUTH_KEY_TX_NO_KEY_TRANSMIT, AUTH_KEY_TX_KEY_TRANSMIT 1168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt } auth_key_tx_state; 1178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* Key Receive state machine */ 1198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt enum { KEY_RX_NO_KEY_RECEIVE, KEY_RX_KEY_RECEIVE } key_rx_state; 1208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* variables */ 1218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean rxKey; 1228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* Controlled Directions state machine */ 1248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt enum { CTRL_DIR_FORCE_BOTH, CTRL_DIR_IN_OR_BOTH } ctrl_dir_state; 1258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* variables */ 1268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ControlledDirection adminControlledDirections; 1278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ControlledDirection operControlledDirections; 1288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean operEdge; 1298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* Authenticator Statistics Table */ 1318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter dot1xAuthEapolFramesRx; 1328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter dot1xAuthEapolFramesTx; 1338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter dot1xAuthEapolStartFramesRx; 1348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter dot1xAuthEapolLogoffFramesRx; 1358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter dot1xAuthEapolRespIdFramesRx; 1368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter dot1xAuthEapolRespFramesRx; 1378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter dot1xAuthEapolReqIdFramesTx; 1388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter dot1xAuthEapolReqFramesTx; 1398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter dot1xAuthInvalidEapolFramesRx; 1408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter dot1xAuthEapLengthErrorFramesRx; 1418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Counter dot1xAuthLastEapolFrameVersion; 1428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* Other variables - not defined in IEEE 802.1X */ 1448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 addr[ETH_ALEN]; /* Supplicant address */ 1458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int flags; /* EAPOL_SM_* */ 1468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* EAPOL/AAA <-> EAP full authenticator interface */ 1488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct eap_eapol_interface *eap_if; 1498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int radius_identifier; 1518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* TODO: check when the last messages can be released */ 1528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct radius_msg *last_recv_radius; 1538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 last_eap_id; /* last used EAP Identifier */ 1548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *identity; 1558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t identity_len; 1568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 eap_type_authsrv; /* EAP type of the last EAP packet from 1578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Authentication server */ 1588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 eap_type_supp; /* EAP type of the last EAP packet from Supplicant */ 1598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct radius_class_data radius_class; 16004949598a23f501be6eec21697465fd46a28840aDmitry Shmidt struct wpabuf *radius_cui; /* Chargeable-User-Identity */ 1618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* Keys for encrypting and signing EAPOL-Key frames */ 1638d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *eapol_key_sign; 1648d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t eapol_key_sign_len; 1658d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *eapol_key_crypt; 1668d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t eapol_key_crypt_len; 1678d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1688d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct eap_sm *eap; 1698d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1708d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean initializing; /* in process of initializing state machines */ 1718d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean changed; 1728d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct eapol_authenticator *eapol; 1748d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1758d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt void *sta; /* station context pointer to use in callbacks */ 176f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt 177f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt int remediation; 1788d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 1798d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1808d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#endif /* EAPOL_AUTH_SM_I_H */ 181