eapol_supp_sm.h revision 4ce9c87407c036fc83eb5a6044ddf976c86f53fc
1/* 2 * EAPOL supplicant state machines 3 * Copyright (c) 2004-2012, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9#ifndef EAPOL_SUPP_SM_H 10#define EAPOL_SUPP_SM_H 11 12#include "common/defs.h" 13 14typedef enum { Unauthorized, Authorized } PortStatus; 15typedef enum { Auto, ForceUnauthorized, ForceAuthorized } PortControl; 16 17/** 18 * struct eapol_config - Per network configuration for EAPOL state machines 19 */ 20struct eapol_config { 21 /** 22 * accept_802_1x_keys - Accept IEEE 802.1X (non-WPA) EAPOL-Key frames 23 * 24 * This variable should be set to 1 when using EAPOL state machines 25 * with non-WPA security policy to generate dynamic WEP keys. When 26 * using WPA, this should be set to 0 so that WPA state machine can 27 * process the EAPOL-Key frames. 28 */ 29 int accept_802_1x_keys; 30 31#define EAPOL_REQUIRE_KEY_UNICAST BIT(0) 32#define EAPOL_REQUIRE_KEY_BROADCAST BIT(1) 33 /** 34 * required_keys - Which EAPOL-Key packets are required 35 * 36 * This variable determines which EAPOL-Key packets are required before 37 * marking connection authenticated. This is a bit field of 38 * EAPOL_REQUIRE_KEY_UNICAST and EAPOL_REQUIRE_KEY_BROADCAST flags. 39 */ 40 int required_keys; 41 42 /** 43 * fast_reauth - Whether fast EAP reauthentication is enabled 44 */ 45 int fast_reauth; 46 47 /** 48 * workaround - Whether EAP workarounds are enabled 49 */ 50 unsigned int workaround; 51 52 /** 53 * eap_disabled - Whether EAP is disabled 54 */ 55 int eap_disabled; 56 57 /** 58 * external_sim - Use external processing for SIM/USIM operations 59 */ 60 int external_sim; 61}; 62 63struct eapol_sm; 64struct wpa_config_blob; 65 66/** 67 * struct eapol_ctx - Global (for all networks) EAPOL state machine context 68 */ 69struct eapol_ctx { 70 /** 71 * ctx - Pointer to arbitrary upper level context 72 */ 73 void *ctx; 74 75 /** 76 * preauth - IEEE 802.11i/RSN pre-authentication 77 * 78 * This EAPOL state machine is used for IEEE 802.11i/RSN 79 * pre-authentication 80 */ 81 int preauth; 82 83 /** 84 * cb - Function to be called when EAPOL negotiation has been completed 85 * @eapol: Pointer to EAPOL state machine data 86 * @success: Whether the authentication was completed successfully 87 * @ctx: Pointer to context data (cb_ctx) 88 * 89 * This optional callback function will be called when the EAPOL 90 * authentication has been completed. This allows the owner of the 91 * EAPOL state machine to process the key and terminate the EAPOL state 92 * machine. Currently, this is used only in RSN pre-authentication. 93 */ 94 void (*cb)(struct eapol_sm *eapol, int success, void *ctx); 95 96 /** 97 * cb_ctx - Callback context for cb() 98 */ 99 void *cb_ctx; 100 101 /** 102 * msg_ctx - Callback context for wpa_msg() calls 103 */ 104 void *msg_ctx; 105 106 /** 107 * scard_ctx - Callback context for PC/SC scard_*() function calls 108 * 109 * This context can be updated with eapol_sm_register_scard_ctx(). 110 */ 111 void *scard_ctx; 112 113 /** 114 * eapol_send_ctx - Callback context for eapol_send() calls 115 */ 116 void *eapol_send_ctx; 117 118 /** 119 * eapol_done_cb - Function to be called at successful completion 120 * @ctx: Callback context (ctx) 121 * 122 * This function is called at the successful completion of EAPOL 123 * authentication. If dynamic WEP keys are used, this is called only 124 * after all the expected keys have been received. 125 */ 126 void (*eapol_done_cb)(void *ctx); 127 128 /** 129 * eapol_send - Send EAPOL packets 130 * @ctx: Callback context (eapol_send_ctx) 131 * @type: EAPOL type (IEEE802_1X_TYPE_*) 132 * @buf: Pointer to EAPOL payload 133 * @len: Length of the EAPOL payload 134 * Returns: 0 on success, -1 on failure 135 */ 136 int (*eapol_send)(void *ctx, int type, const u8 *buf, size_t len); 137 138 /** 139 * set_wep_key - Configure WEP keys 140 * @ctx: Callback context (ctx) 141 * @unicast: Non-zero = unicast, 0 = multicast/broadcast key 142 * @keyidx: Key index (0..3) 143 * @key: WEP key 144 * @keylen: Length of the WEP key 145 * Returns: 0 on success, -1 on failure 146 */ 147 int (*set_wep_key)(void *ctx, int unicast, int keyidx, 148 const u8 *key, size_t keylen); 149 150 /** 151 * set_config_blob - Set or add a named configuration blob 152 * @ctx: Callback context (ctx) 153 * @blob: New value for the blob 154 * 155 * Adds a new configuration blob or replaces the current value of an 156 * existing blob. 157 */ 158 void (*set_config_blob)(void *ctx, struct wpa_config_blob *blob); 159 160 /** 161 * get_config_blob - Get a named configuration blob 162 * @ctx: Callback context (ctx) 163 * @name: Name of the blob 164 * Returns: Pointer to blob data or %NULL if not found 165 */ 166 const struct wpa_config_blob * (*get_config_blob)(void *ctx, 167 const char *name); 168 169 /** 170 * aborted_cached - Notify that cached PMK attempt was aborted 171 * @ctx: Callback context (ctx) 172 */ 173 void (*aborted_cached)(void *ctx); 174 175 /** 176 * opensc_engine_path - Path to the OpenSSL engine for opensc 177 * 178 * This is an OpenSSL specific configuration option for loading OpenSC 179 * engine (engine_opensc.so); if %NULL, this engine is not loaded. 180 */ 181 const char *opensc_engine_path; 182 183 /** 184 * pkcs11_engine_path - Path to the OpenSSL engine for PKCS#11 185 * 186 * This is an OpenSSL specific configuration option for loading PKCS#11 187 * engine (engine_pkcs11.so); if %NULL, this engine is not loaded. 188 */ 189 const char *pkcs11_engine_path; 190 191 /** 192 * pkcs11_module_path - Path to the OpenSSL OpenSC/PKCS#11 module 193 * 194 * This is an OpenSSL specific configuration option for configuring 195 * path to OpenSC/PKCS#11 engine (opensc-pkcs11.so); if %NULL, this 196 * module is not loaded. 197 */ 198 const char *pkcs11_module_path; 199 200 /** 201 * wps - WPS context data 202 * 203 * This is only used by EAP-WSC and can be left %NULL if not available. 204 */ 205 struct wps_context *wps; 206 207 /** 208 * eap_param_needed - Notify that EAP parameter is needed 209 * @ctx: Callback context (ctx) 210 * @field: Field indicator (e.g., WPA_CTRL_REQ_EAP_IDENTITY) 211 * @txt: User readable text describing the required parameter 212 */ 213 void (*eap_param_needed)(void *ctx, enum wpa_ctrl_req_type field, 214 const char *txt); 215 216 /** 217 * port_cb - Set port authorized/unauthorized callback (optional) 218 * @ctx: Callback context (ctx) 219 * @authorized: Whether the supplicant port is now in authorized state 220 */ 221 void (*port_cb)(void *ctx, int authorized); 222 223 /** 224 * cert_cb - Notification of a peer certificate 225 * @ctx: Callback context (ctx) 226 * @depth: Depth in certificate chain (0 = server) 227 * @subject: Subject of the peer certificate 228 * @cert_hash: SHA-256 hash of the certificate 229 * @cert: Peer certificate 230 */ 231 void (*cert_cb)(void *ctx, int depth, const char *subject, 232 const char *cert_hash, const struct wpabuf *cert); 233 234 /** 235 * cert_in_cb - Include server certificates in callback 236 */ 237 int cert_in_cb; 238 239 /** 240 * status_cb - Notification of a change in EAP status 241 * @ctx: Callback context (ctx) 242 * @status: Step in the process of EAP authentication 243 * @parameter: Step-specific parameter, e.g., EAP method name 244 */ 245 void (*status_cb)(void *ctx, const char *status, 246 const char *parameter); 247 248 /** 249 * set_anon_id - Set or add anonymous identity 250 * @ctx: eapol_ctx from eap_peer_sm_init() call 251 * @id: Anonymous identity (e.g., EAP-SIM pseudonym) 252 * @len: Length of anonymous identity in octets 253 */ 254 void (*set_anon_id)(void *ctx, const u8 *id, size_t len); 255}; 256 257 258struct eap_peer_config; 259struct ext_password_data; 260 261#ifdef IEEE8021X_EAPOL 262struct eapol_sm *eapol_sm_init(struct eapol_ctx *ctx); 263void eapol_sm_deinit(struct eapol_sm *sm); 264void eapol_sm_step(struct eapol_sm *sm); 265int eapol_sm_get_status(struct eapol_sm *sm, char *buf, size_t buflen, 266 int verbose); 267int eapol_sm_get_mib(struct eapol_sm *sm, char *buf, size_t buflen); 268void eapol_sm_configure(struct eapol_sm *sm, int heldPeriod, int authPeriod, 269 int startPeriod, int maxStart); 270int eapol_sm_rx_eapol(struct eapol_sm *sm, const u8 *src, const u8 *buf, 271 size_t len); 272void eapol_sm_notify_tx_eapol_key(struct eapol_sm *sm); 273void eapol_sm_notify_portEnabled(struct eapol_sm *sm, Boolean enabled); 274void eapol_sm_notify_portValid(struct eapol_sm *sm, Boolean valid); 275void eapol_sm_notify_eap_success(struct eapol_sm *sm, Boolean success); 276void eapol_sm_notify_eap_fail(struct eapol_sm *sm, Boolean fail); 277void eapol_sm_notify_config(struct eapol_sm *sm, 278 struct eap_peer_config *config, 279 const struct eapol_config *conf); 280int eapol_sm_get_key(struct eapol_sm *sm, u8 *key, size_t len); 281void eapol_sm_notify_logoff(struct eapol_sm *sm, Boolean logoff); 282void eapol_sm_notify_cached(struct eapol_sm *sm); 283void eapol_sm_notify_pmkid_attempt(struct eapol_sm *sm, int attempt); 284void eapol_sm_register_scard_ctx(struct eapol_sm *sm, void *ctx); 285void eapol_sm_notify_portControl(struct eapol_sm *sm, PortControl portControl); 286void eapol_sm_notify_ctrl_attached(struct eapol_sm *sm); 287void eapol_sm_notify_ctrl_response(struct eapol_sm *sm); 288void eapol_sm_request_reauth(struct eapol_sm *sm); 289void eapol_sm_notify_lower_layer_success(struct eapol_sm *sm, int in_eapol_sm); 290void eapol_sm_invalidate_cached_session(struct eapol_sm *sm); 291const char * eapol_sm_get_method_name(struct eapol_sm *sm); 292void eapol_sm_set_ext_pw_ctx(struct eapol_sm *sm, 293 struct ext_password_data *ext); 294int eapol_sm_failed(struct eapol_sm *sm); 295int eapol_sm_get_eap_proxy_imsi(struct eapol_sm *sm, char *imsi, size_t *len); 296#else /* IEEE8021X_EAPOL */ 297static inline struct eapol_sm *eapol_sm_init(struct eapol_ctx *ctx) 298{ 299 free(ctx); 300 return (struct eapol_sm *) 1; 301} 302static inline void eapol_sm_deinit(struct eapol_sm *sm) 303{ 304} 305static inline void eapol_sm_step(struct eapol_sm *sm) 306{ 307} 308static inline int eapol_sm_get_status(struct eapol_sm *sm, char *buf, 309 size_t buflen, int verbose) 310{ 311 return 0; 312} 313static inline int eapol_sm_get_mib(struct eapol_sm *sm, char *buf, 314 size_t buflen) 315{ 316 return 0; 317} 318static inline void eapol_sm_configure(struct eapol_sm *sm, int heldPeriod, 319 int authPeriod, int startPeriod, 320 int maxStart) 321{ 322} 323static inline int eapol_sm_rx_eapol(struct eapol_sm *sm, const u8 *src, 324 const u8 *buf, size_t len) 325{ 326 return 0; 327} 328static inline void eapol_sm_notify_tx_eapol_key(struct eapol_sm *sm) 329{ 330} 331static inline void eapol_sm_notify_portEnabled(struct eapol_sm *sm, 332 Boolean enabled) 333{ 334} 335static inline void eapol_sm_notify_portValid(struct eapol_sm *sm, 336 Boolean valid) 337{ 338} 339static inline void eapol_sm_notify_eap_success(struct eapol_sm *sm, 340 Boolean success) 341{ 342} 343static inline void eapol_sm_notify_eap_fail(struct eapol_sm *sm, Boolean fail) 344{ 345} 346static inline void eapol_sm_notify_config(struct eapol_sm *sm, 347 struct eap_peer_config *config, 348 struct eapol_config *conf) 349{ 350} 351static inline int eapol_sm_get_key(struct eapol_sm *sm, u8 *key, size_t len) 352{ 353 return -1; 354} 355static inline void eapol_sm_notify_logoff(struct eapol_sm *sm, Boolean logoff) 356{ 357} 358static inline void eapol_sm_notify_cached(struct eapol_sm *sm) 359{ 360} 361#define eapol_sm_notify_pmkid_attempt(sm, attempt) do { } while (0) 362#define eapol_sm_register_scard_ctx(sm, ctx) do { } while (0) 363static inline void eapol_sm_notify_portControl(struct eapol_sm *sm, 364 PortControl portControl) 365{ 366} 367static inline void eapol_sm_notify_ctrl_attached(struct eapol_sm *sm) 368{ 369} 370static inline void eapol_sm_notify_ctrl_response(struct eapol_sm *sm) 371{ 372} 373static inline void eapol_sm_request_reauth(struct eapol_sm *sm) 374{ 375} 376static inline void eapol_sm_notify_lower_layer_success(struct eapol_sm *sm, 377 int in_eapol_sm) 378{ 379} 380static inline void eapol_sm_invalidate_cached_session(struct eapol_sm *sm) 381{ 382} 383static inline const char * eapol_sm_get_method_name(struct eapol_sm *sm) 384{ 385 return NULL; 386} 387static inline void eapol_sm_set_ext_pw_ctx(struct eapol_sm *sm, 388 struct ext_password_data *ext) 389{ 390} 391static inline int eapol_sm_failed(struct eapol_sm *sm) 392{ 393 return 0; 394} 395#endif /* IEEE8021X_EAPOL */ 396 397#endif /* EAPOL_SUPP_SM_H */ 398