eapol_auth_sm_i.h revision f21452aea786ac056eb01f1cbba4f553bd502747
1823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.com/* 2823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.com * IEEE 802.1X-2004 Authenticator - EAPOL state machine (internal definitions) 300fc68adf2e39aeb9fed35293f2576bbe729ec4bJesusFreke@JesusFreke.com * Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi> 4823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.com * 5823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.com * This software may be distributed under the terms of the BSD license. 6823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.com * See README for more details. 7823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.com */ 8823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.com 9823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.com#ifndef EAPOL_AUTH_SM_I_H 10823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.com#define EAPOL_AUTH_SM_I_H 11823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.com 12823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.com#include "common/defs.h" 13823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.com#include "radius/radius.h" 14823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.com 15823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.com/* IEEE Std 802.1X-2004, Ch. 8.2 */ 16823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.com 17823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.comtypedef enum { ForceUnauthorized = 1, ForceAuthorized = 3, Auto = 2 } 18823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.com PortTypes; 19823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.comtypedef enum { Unauthorized = 2, Authorized = 1 } PortState; 20823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.comtypedef enum { Both = 0, In = 1 } ControlledDirection; 21823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.comtypedef unsigned int Counter; 22823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.com 23823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.com 24823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.com/** 25823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.com * struct eapol_authenticator - Global EAPOL authenticator data 26823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.com */ 27823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.comstruct eapol_authenticator { 28823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.com struct eapol_auth_config conf; 29823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.com struct eapol_auth_cb cb; 30823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.com 31823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.com u8 *default_wep_key; 326b3647e984d4a2b54bee5f5588c36f70a933613bJesusFreke@JesusFreke.com u8 default_wep_key_idx; 33823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.com}; 34823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.com 35823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.com 36823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.com/** 37823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.com * struct eapol_state_machine - Per-Supplicant Authenticator state machines 38823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.com */ 39823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.comstruct eapol_state_machine { 40823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.com /* timers */ 41823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.com int aWhile; 42823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.com int quietWhile; 43a3a9f0fe82393f52c46e90aea598754014f00223JesusFreke@JesusFreke.com int reAuthWhen; 44823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.com 45823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.com /* global variables */ 46823aa76923a1a1edb18c3ad899a8d32f4ef252f6JesusFreke@JesusFreke.com Boolean authAbort; 47 Boolean authFail; 48 PortState authPortStatus; 49 Boolean authStart; 50 Boolean authTimeout; 51 Boolean authSuccess; 52 Boolean eapolEap; 53 Boolean initialize; 54 Boolean keyDone; 55 Boolean keyRun; 56 Boolean keyTxEnabled; 57 PortTypes portControl; 58 Boolean portValid; 59 Boolean reAuthenticate; 60 61 /* Port Timers state machine */ 62 /* 'Boolean tick' implicitly handled as registered timeout */ 63 64 /* Authenticator PAE state machine */ 65 enum { AUTH_PAE_INITIALIZE, AUTH_PAE_DISCONNECTED, AUTH_PAE_CONNECTING, 66 AUTH_PAE_AUTHENTICATING, AUTH_PAE_AUTHENTICATED, 67 AUTH_PAE_ABORTING, AUTH_PAE_HELD, AUTH_PAE_FORCE_AUTH, 68 AUTH_PAE_FORCE_UNAUTH, AUTH_PAE_RESTART } auth_pae_state; 69 /* variables */ 70 Boolean eapolLogoff; 71 Boolean eapolStart; 72 PortTypes portMode; 73 unsigned int reAuthCount; 74 /* constants */ 75 unsigned int quietPeriod; /* default 60; 0..65535 */ 76#define AUTH_PAE_DEFAULT_quietPeriod 60 77 unsigned int reAuthMax; /* default 2 */ 78#define AUTH_PAE_DEFAULT_reAuthMax 2 79 /* counters */ 80 Counter authEntersConnecting; 81 Counter authEapLogoffsWhileConnecting; 82 Counter authEntersAuthenticating; 83 Counter authAuthSuccessesWhileAuthenticating; 84 Counter authAuthTimeoutsWhileAuthenticating; 85 Counter authAuthFailWhileAuthenticating; 86 Counter authAuthEapStartsWhileAuthenticating; 87 Counter authAuthEapLogoffWhileAuthenticating; 88 Counter authAuthReauthsWhileAuthenticated; 89 Counter authAuthEapStartsWhileAuthenticated; 90 Counter authAuthEapLogoffWhileAuthenticated; 91 92 /* Backend Authentication state machine */ 93 enum { BE_AUTH_REQUEST, BE_AUTH_RESPONSE, BE_AUTH_SUCCESS, 94 BE_AUTH_FAIL, BE_AUTH_TIMEOUT, BE_AUTH_IDLE, BE_AUTH_INITIALIZE, 95 BE_AUTH_IGNORE 96 } be_auth_state; 97 /* constants */ 98 unsigned int serverTimeout; /* default 30; 1..X */ 99#define BE_AUTH_DEFAULT_serverTimeout 30 100 /* counters */ 101 Counter backendResponses; 102 Counter backendAccessChallenges; 103 Counter backendOtherRequestsToSupplicant; 104 Counter backendAuthSuccesses; 105 Counter backendAuthFails; 106 107 /* Reauthentication Timer state machine */ 108 enum { REAUTH_TIMER_INITIALIZE, REAUTH_TIMER_REAUTHENTICATE 109 } reauth_timer_state; 110 /* constants */ 111 unsigned int reAuthPeriod; /* default 3600 s */ 112 Boolean reAuthEnabled; 113 114 /* Authenticator Key Transmit state machine */ 115 enum { AUTH_KEY_TX_NO_KEY_TRANSMIT, AUTH_KEY_TX_KEY_TRANSMIT 116 } auth_key_tx_state; 117 118 /* Key Receive state machine */ 119 enum { KEY_RX_NO_KEY_RECEIVE, KEY_RX_KEY_RECEIVE } key_rx_state; 120 /* variables */ 121 Boolean rxKey; 122 123 /* Controlled Directions state machine */ 124 enum { CTRL_DIR_FORCE_BOTH, CTRL_DIR_IN_OR_BOTH } ctrl_dir_state; 125 /* variables */ 126 ControlledDirection adminControlledDirections; 127 ControlledDirection operControlledDirections; 128 Boolean operEdge; 129 130 /* Authenticator Statistics Table */ 131 Counter dot1xAuthEapolFramesRx; 132 Counter dot1xAuthEapolFramesTx; 133 Counter dot1xAuthEapolStartFramesRx; 134 Counter dot1xAuthEapolLogoffFramesRx; 135 Counter dot1xAuthEapolRespIdFramesRx; 136 Counter dot1xAuthEapolRespFramesRx; 137 Counter dot1xAuthEapolReqIdFramesTx; 138 Counter dot1xAuthEapolReqFramesTx; 139 Counter dot1xAuthInvalidEapolFramesRx; 140 Counter dot1xAuthEapLengthErrorFramesRx; 141 Counter dot1xAuthLastEapolFrameVersion; 142 143 /* Other variables - not defined in IEEE 802.1X */ 144 u8 addr[ETH_ALEN]; /* Supplicant address */ 145 int flags; /* EAPOL_SM_* */ 146 147 /* EAPOL/AAA <-> EAP full authenticator interface */ 148 struct eap_eapol_interface *eap_if; 149 150 int radius_identifier; 151 /* TODO: check when the last messages can be released */ 152 struct radius_msg *last_recv_radius; 153 u8 last_eap_id; /* last used EAP Identifier */ 154 u8 *identity; 155 size_t identity_len; 156 u8 eap_type_authsrv; /* EAP type of the last EAP packet from 157 * Authentication server */ 158 u8 eap_type_supp; /* EAP type of the last EAP packet from Supplicant */ 159 struct radius_class_data radius_class; 160 struct wpabuf *radius_cui; /* Chargeable-User-Identity */ 161 162 /* Keys for encrypting and signing EAPOL-Key frames */ 163 u8 *eapol_key_sign; 164 size_t eapol_key_sign_len; 165 u8 *eapol_key_crypt; 166 size_t eapol_key_crypt_len; 167 168 struct eap_sm *eap; 169 170 Boolean initializing; /* in process of initializing state machines */ 171 Boolean changed; 172 173 struct eapol_authenticator *eapol; 174 175 void *sta; /* station context pointer to use in callbacks */ 176 177 int remediation; 178}; 179 180#endif /* EAPOL_AUTH_SM_I_H */ 181