eap.h revision 87fd279308af3f806848c8f2ab65ef18c6ac4c30
1/* 2 * hostapd / EAP Full Authenticator state machine (RFC 4137) 3 * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 * 9 * Alternatively, this software may be distributed under the terms of BSD 10 * license. 11 * 12 * See README and COPYING for more details. 13 */ 14 15#ifndef EAP_H 16#define EAP_H 17 18#include "common/defs.h" 19#include "eap_common/eap_defs.h" 20#include "eap_server/eap_methods.h" 21#include "wpabuf.h" 22 23struct eap_sm; 24 25#define EAP_MAX_METHODS 8 26 27#define EAP_TTLS_AUTH_PAP 1 28#define EAP_TTLS_AUTH_CHAP 2 29#define EAP_TTLS_AUTH_MSCHAP 4 30#define EAP_TTLS_AUTH_MSCHAPV2 8 31 32struct eap_user { 33 struct { 34 int vendor; 35 u32 method; 36 } methods[EAP_MAX_METHODS]; 37 u8 *password; 38 size_t password_len; 39 int password_hash; /* whether password is hashed with 40 * nt_password_hash() */ 41 int phase2; 42 int force_version; 43 int ttls_auth; /* bitfield of 44 * EAP_TTLS_AUTH_{PAP,CHAP,MSCHAP,MSCHAPV2} */ 45}; 46 47struct eap_eapol_interface { 48 /* Lower layer to full authenticator variables */ 49 Boolean eapResp; /* shared with EAPOL Backend Authentication */ 50 struct wpabuf *eapRespData; 51 Boolean portEnabled; 52 int retransWhile; 53 Boolean eapRestart; /* shared with EAPOL Authenticator PAE */ 54 int eapSRTT; 55 int eapRTTVAR; 56 57 /* Full authenticator to lower layer variables */ 58 Boolean eapReq; /* shared with EAPOL Backend Authentication */ 59 Boolean eapNoReq; /* shared with EAPOL Backend Authentication */ 60 Boolean eapSuccess; 61 Boolean eapFail; 62 Boolean eapTimeout; 63 struct wpabuf *eapReqData; 64 u8 *eapKeyData; 65 size_t eapKeyDataLen; 66 Boolean eapKeyAvailable; /* called keyAvailable in IEEE 802.1X-2004 */ 67 68 /* AAA interface to full authenticator variables */ 69 Boolean aaaEapReq; 70 Boolean aaaEapNoReq; 71 Boolean aaaSuccess; 72 Boolean aaaFail; 73 struct wpabuf *aaaEapReqData; 74 u8 *aaaEapKeyData; 75 size_t aaaEapKeyDataLen; 76 Boolean aaaEapKeyAvailable; 77 int aaaMethodTimeout; 78 79 /* Full authenticator to AAA interface variables */ 80 Boolean aaaEapResp; 81 struct wpabuf *aaaEapRespData; 82 /* aaaIdentity -> eap_get_identity() */ 83 Boolean aaaTimeout; 84}; 85 86struct eapol_callbacks { 87 int (*get_eap_user)(void *ctx, const u8 *identity, size_t identity_len, 88 int phase2, struct eap_user *user); 89 const char * (*get_eap_req_id_text)(void *ctx, size_t *len); 90}; 91 92struct eap_config { 93 void *ssl_ctx; 94 void *msg_ctx; 95 void *eap_sim_db_priv; 96 Boolean backend_auth; 97 int eap_server; 98 u16 pwd_group; 99 u8 *pac_opaque_encr_key; 100 u8 *eap_fast_a_id; 101 size_t eap_fast_a_id_len; 102 char *eap_fast_a_id_info; 103 int eap_fast_prov; 104 int pac_key_lifetime; 105 int pac_key_refresh_time; 106 int eap_sim_aka_result_ind; 107 int tnc; 108 struct wps_context *wps; 109 const struct wpabuf *assoc_wps_ie; 110 const struct wpabuf *assoc_p2p_ie; 111 const u8 *peer_addr; 112 int fragment_size; 113 114 int pbc_in_m1; 115}; 116 117 118struct eap_sm * eap_server_sm_init(void *eapol_ctx, 119 struct eapol_callbacks *eapol_cb, 120 struct eap_config *eap_conf); 121void eap_server_sm_deinit(struct eap_sm *sm); 122int eap_server_sm_step(struct eap_sm *sm); 123void eap_sm_notify_cached(struct eap_sm *sm); 124void eap_sm_pending_cb(struct eap_sm *sm); 125int eap_sm_method_pending(struct eap_sm *sm); 126const u8 * eap_get_identity(struct eap_sm *sm, size_t *len); 127struct eap_eapol_interface * eap_get_interface(struct eap_sm *sm); 128void eap_server_clear_identity(struct eap_sm *sm); 129 130#endif /* EAP_H */ 131