18d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* 28d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP peer state machines internal structures (RFC 4137) 38d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi> 48d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 5c5ec7f57ead87efa365800228aa0b09a12d9e6c4Dmitry Shmidt * This software may be distributed under the terms of the BSD license. 6c5ec7f57ead87efa365800228aa0b09a12d9e6c4Dmitry Shmidt * See README for more details. 78d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 88d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 98d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#ifndef EAP_I_H 108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define EAP_I_H 118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#include "wpabuf.h" 138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#include "eap_peer/eap.h" 148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#include "eap_common/eap_common.h" 158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* RFC 4137 - EAP Peer state machine */ 178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidttypedef enum { 198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt DECISION_FAIL, DECISION_COND_SUCC, DECISION_UNCOND_SUCC 208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt} EapDecision; 218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidttypedef enum { 238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt METHOD_NONE, METHOD_INIT, METHOD_CONT, METHOD_MAY_CONT, METHOD_DONE 248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt} EapMethodState; 258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/** 278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * struct eap_method_ret - EAP return values from struct eap_method::process() 288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * These structure contains OUT variables for the interface between peer state 308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * machine and methods (RFC 4137, Sect. 4.2). eapRespData will be returned as 318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * the return value of struct eap_method::process() so it is not included in 328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * this structure. 338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct eap_method_ret { 358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * ignore - Whether method decided to drop the current packed (OUT) 378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean ignore; 398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * methodState - Method-specific state (IN/OUT) 428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt EapMethodState methodState; 448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * decision - Authentication decision (OUT) 478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt EapDecision decision; 498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * allowNotifications - Whether method allows notifications (OUT) 528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean allowNotifications; 548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/** 588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * struct eap_method - EAP method interface 598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This structure defines the EAP method interface. Each method will need to 608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * register its own EAP type, EAP name, and set of function pointers for method 618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * specific operations. This interface is based on section 4.4 of RFC 4137. 628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 638d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct eap_method { 648d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 658d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * vendor - EAP Vendor-ID (EAP_VENDOR_*) (0 = IETF) 668d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 678d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int vendor; 688d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 698d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 708d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * method - EAP type number (EAP_TYPE_*) 718d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 728d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt EapType method; 738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 748d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 758d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * name - Name of the method (e.g., "TLS") 768d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 778d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const char *name; 788d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 798d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 808d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * init - Initialize an EAP method 818d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 828d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Returns: Pointer to allocated private data, or %NULL on failure 838d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 848d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This function is used to initialize the EAP method explicitly 858d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * instead of using METHOD_INIT state as specific in RFC 4137. The 868d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * method is expected to initialize it method-specific state and return 878d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * a pointer that will be used as the priv argument to other calls. 888d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 898d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt void * (*init)(struct eap_sm *sm); 908d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 918d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 928d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * deinit - Deinitialize an EAP method 938d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 948d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @priv: Pointer to private EAP method data from eap_method::init() 958d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 968d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Deinitialize the EAP method and free any allocated private data. 978d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 988d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt void (*deinit)(struct eap_sm *sm, void *priv); 998d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1008d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 1018d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * process - Process an EAP request 1028d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 1038d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @priv: Pointer to private EAP method data from eap_method::init() 1048d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @ret: Return values from EAP request validation and processing 1058d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @reqData: EAP request to be processed (eapReqData) 1068d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Returns: Pointer to allocated EAP response packet (eapRespData) 1078d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1088d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This function is a combination of m.check(), m.process(), and 1098d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * m.buildResp() procedures defined in section 4.4 of RFC 4137 In other 1108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * words, this function validates the incoming request, processes it, 1118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * and build a response packet. m.check() and m.process() return values 1128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * are returned through struct eap_method_ret *ret variable. Caller is 1138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * responsible for freeing the returned EAP response packet. 1148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 1158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct wpabuf * (*process)(struct eap_sm *sm, void *priv, 1168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct eap_method_ret *ret, 1178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const struct wpabuf *reqData); 1188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 1208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * isKeyAvailable - Find out whether EAP method has keying material 1218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 1228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @priv: Pointer to private EAP method data from eap_method::init() 1238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Returns: %TRUE if key material (eapKeyData) is available 1248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 1258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean (*isKeyAvailable)(struct eap_sm *sm, void *priv); 1268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 1288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * getKey - Get EAP method specific keying material (eapKeyData) 1298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 1308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @priv: Pointer to private EAP method data from eap_method::init() 1318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @len: Pointer to variable to store key length (eapKeyDataLen) 1328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Returns: Keying material (eapKeyData) or %NULL if not available 1338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This function can be used to get the keying material from the EAP 1358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * method. The key may already be stored in the method-specific private 1368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * data or this function may derive the key. 1378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 1388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 * (*getKey)(struct eap_sm *sm, void *priv, size_t *len); 1398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 1418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * get_status - Get EAP method status 1428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 1438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @priv: Pointer to private EAP method data from eap_method::init() 1448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @buf: Buffer for status information 1458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @buflen: Maximum buffer length 1468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @verbose: Whether to include verbose status information 1478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Returns: Number of bytes written to buf 1488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Query EAP method for status information. This function fills in a 1508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * text area with current status information from the EAP method. If 1518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * the buffer (buf) is not large enough, status information will be 1528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * truncated to fit the buffer. 1538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 1548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int (*get_status)(struct eap_sm *sm, void *priv, char *buf, 1558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t buflen, int verbose); 1568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 1588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * has_reauth_data - Whether method is ready for fast reauthentication 1598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 1608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @priv: Pointer to private EAP method data from eap_method::init() 1618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Returns: %TRUE or %FALSE based on whether fast reauthentication is 1628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * possible 1638d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1648d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This function is an optional handler that only EAP methods 1658d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * supporting fast re-authentication need to implement. 1668d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 1678d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean (*has_reauth_data)(struct eap_sm *sm, void *priv); 1688d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1698d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 1708d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * deinit_for_reauth - Release data that is not needed for fast re-auth 1718d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 1728d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @priv: Pointer to private EAP method data from eap_method::init() 1738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1748d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This function is an optional handler that only EAP methods 1758d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * supporting fast re-authentication need to implement. This is called 1768d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * when authentication has been completed and EAP state machine is 1778d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * requesting that enough state information is maintained for fast 1788d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * re-authentication 1798d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 1808d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt void (*deinit_for_reauth)(struct eap_sm *sm, void *priv); 1818d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1828d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 1838d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * init_for_reauth - Prepare for start of fast re-authentication 1848d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 1858d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @priv: Pointer to private EAP method data from eap_method::init() 1868d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1878d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This function is an optional handler that only EAP methods 1888d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * supporting fast re-authentication need to implement. This is called 1898d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * when EAP authentication is started and EAP state machine is 1908d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * requesting fast re-authentication to be used. 1918d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 1928d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt void * (*init_for_reauth)(struct eap_sm *sm, void *priv); 1938d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1948d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 1958d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * get_identity - Get method specific identity for re-authentication 1968d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 1978d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @priv: Pointer to private EAP method data from eap_method::init() 1988d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @len: Length of the returned identity 1998d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Returns: Pointer to the method specific identity or %NULL if default 2008d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * identity is to be used 2018d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2028d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This function is an optional handler that only EAP methods 2038d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * that use method specific identity need to implement. 2048d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 2058d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const u8 * (*get_identity)(struct eap_sm *sm, void *priv, size_t *len); 2068d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2078d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 2088d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * free - Free EAP method data 2098d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @method: Pointer to the method data registered with 2108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * eap_peer_method_register(). 2118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This function will be called when the EAP method is being 2138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * unregistered. If the EAP method allocated resources during 2148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * registration (e.g., allocated struct eap_method), they should be 2158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * freed in this function. No other method functions will be called 2168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * after this call. If this function is not defined (i.e., function 2178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * pointer is %NULL), a default handler is used to release the method 2188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * data with free(method). This is suitable for most cases. 2198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 2208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt void (*free)(struct eap_method *method); 2218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define EAP_PEER_METHOD_INTERFACE_VERSION 1 2238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 2248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * version - Version of the EAP peer method interface 2258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * The EAP peer method implementation should set this variable to 2278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP_PEER_METHOD_INTERFACE_VERSION. This is used to verify that the 2288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP method is using supported API version when using dynamically 2298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * loadable EAP methods. 2308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 2318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int version; 2328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 2348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * next - Pointer to the next EAP method 2358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This variable is used internally in the EAP method registration code 2378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * to create a linked list of registered EAP methods. 2388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 2398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct eap_method *next; 2408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#ifdef CONFIG_DYNAMIC_EAP_METHODS 2428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 2438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * dl_handle - Handle for the dynamic library 2448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This variable is used internally in the EAP method registration code 2468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * to store a handle for the dynamic library. If the method is linked 2478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * in statically, this is %NULL. 2488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 2498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt void *dl_handle; 2508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#endif /* CONFIG_DYNAMIC_EAP_METHODS */ 2518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 2538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * get_emsk - Get EAP method specific keying extended material (EMSK) 2548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 2558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @priv: Pointer to private EAP method data from eap_method::init() 2568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @len: Pointer to a variable to store EMSK length 2578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Returns: EMSK or %NULL if not available 2588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This function can be used to get the extended keying material from 2608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * the EAP method. The key may already be stored in the method-specific 2618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * private data or this function may derive the key. 2628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 2638d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 * (*get_emsk)(struct eap_sm *sm, void *priv, size_t *len); 264f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt 265f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt /** 266f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt * getSessionId - Get EAP method specific Session-Id 267f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 268f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt * @priv: Pointer to private EAP method data from eap_method::init() 269f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt * @len: Pointer to a variable to store Session-Id length 270f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt * Returns: Session-Id or %NULL if not available 271f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt * 272f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt * This function can be used to get the Session-Id from the EAP method. 273f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt * The Session-Id may already be stored in the method-specific private 274f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt * data or this function may derive the Session-Id. 275f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt */ 276f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt u8 * (*getSessionId)(struct eap_sm *sm, void *priv, size_t *len); 2778d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 2788d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2798d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2808d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/** 2818d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * struct eap_sm - EAP state machine data 2828d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 2838d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct eap_sm { 2848d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt enum { 2858d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt EAP_INITIALIZE, EAP_DISABLED, EAP_IDLE, EAP_RECEIVED, 2868d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt EAP_GET_METHOD, EAP_METHOD, EAP_SEND_RESPONSE, EAP_DISCARD, 2878d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt EAP_IDENTITY, EAP_NOTIFICATION, EAP_RETRANSMIT, EAP_SUCCESS, 2888d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt EAP_FAILURE 2898d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt } EAP_state; 2908d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* Long-term local variables */ 2918d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt EapType selectedMethod; 2928d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt EapMethodState methodState; 2938d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int lastId; 2948d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct wpabuf *lastRespData; 2958d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt EapDecision decision; 2968d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* Short-term local variables */ 2978d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean rxReq; 2988d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean rxSuccess; 2998d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean rxFailure; 3008d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int reqId; 3018d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt EapType reqMethod; 3028d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int reqVendor; 3038d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u32 reqVendorMethod; 3048d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean ignore; 3058d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* Constants */ 3068d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int ClientTimeout; 3078d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3088d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* Miscellaneous variables */ 3098d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean allowNotifications; /* peer state machine <-> methods */ 3108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct wpabuf *eapRespData; /* peer to lower layer */ 3118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean eapKeyAvailable; /* peer to lower layer */ 3128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *eapKeyData; /* peer to lower layer */ 3138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t eapKeyDataLen; /* peer to lower layer */ 314f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt u8 *eapSessionId; /* peer to lower layer */ 315f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt size_t eapSessionIdLen; /* peer to lower layer */ 3168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const struct eap_method *m; /* selected EAP method */ 3178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* not defined in RFC 4137 */ 3188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean changed; 3198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt void *eapol_ctx; 3208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct eapol_callbacks *eapol_cb; 3218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt void *eap_method_priv; 3228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int init_phase2; 3238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int fast_reauth; 3248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean rxResp /* LEAP only */; 3268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean leap_done; 3278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean peap_done; 3288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 req_md5[16]; /* MD5() of the current EAP packet */ 3298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 last_md5[16]; /* MD5() of the previously received EAP packet; used 3308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * in duplicate request detection. */ 3318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt void *msg_ctx; 3338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt void *scard_ctx; 3348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt void *ssl_ctx; 33504949598a23f501be6eec21697465fd46a28840aDmitry Shmidt void *ssl_ctx2; 3368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt unsigned int workaround; 3388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* Optional challenges generated in Phase 1 (EAP-FAST) */ 3408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *peer_challenge, *auth_challenge; 3418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int num_rounds; 3438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int force_disabled; 3448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct wps_context *wps; 3468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int prev_failure; 3487f0b69e88015ca077ef7a417fde0a76c10df23a5Dmitry Shmidt struct eap_peer_config *last_config; 34961d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt 35061d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt struct ext_password_data *ext_pw; 35161d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt struct wpabuf *ext_pw_buf; 352051af73b8f8014eff33330aead0f36944b3403e6Dmitry Shmidt 353051af73b8f8014eff33330aead0f36944b3403e6Dmitry Shmidt int external_sim; 354344abd362cfe2d03ed956666527352826b67bde5Dmitry Shmidt 355344abd362cfe2d03ed956666527352826b67bde5Dmitry Shmidt unsigned int expected_failure:1; 3568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 3578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtconst u8 * eap_get_config_identity(struct eap_sm *sm, size_t *len); 3598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtconst u8 * eap_get_config_password(struct eap_sm *sm, size_t *len); 3608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtconst u8 * eap_get_config_password2(struct eap_sm *sm, size_t *len, int *hash); 3618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtconst u8 * eap_get_config_new_password(struct eap_sm *sm, size_t *len); 3628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtconst u8 * eap_get_config_otp(struct eap_sm *sm, size_t *len); 3638d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtvoid eap_clear_config_otp(struct eap_sm *sm); 3648d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtconst char * eap_get_config_phase1(struct eap_sm *sm); 3658d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtconst char * eap_get_config_phase2(struct eap_sm *sm); 3668d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtint eap_get_config_fragment_size(struct eap_sm *sm); 3678d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct eap_peer_config * eap_get_config(struct eap_sm *sm); 3688d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtvoid eap_set_config_blob(struct eap_sm *sm, struct wpa_config_blob *blob); 3698d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtconst struct wpa_config_blob * 3708d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidteap_get_config_blob(struct eap_sm *sm, const char *name); 3718d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtvoid eap_notify_pending(struct eap_sm *sm); 3728d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtint eap_allowed_method(struct eap_sm *sm, int vendor, u32 method); 3738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3748d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#endif /* EAP_I_H */ 375