eapol_supp_sm.h revision 8d520ff1dc2da35cdca849e982051b86468016d8 
1/*
2 * EAPOL supplicant state machines
3 * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * Alternatively, this software may be distributed under the terms of BSD
10 * license.
11 *
12 * See README and COPYING for more details.
13 */
14
15#ifndef EAPOL_SUPP_SM_H
16#define EAPOL_SUPP_SM_H
17
18#include "common/defs.h"
19
20typedef enum { Unauthorized, Authorized } PortStatus;
21typedef enum { Auto, ForceUnauthorized, ForceAuthorized } PortControl;
22
23/**
24 * struct eapol_config - Per network configuration for EAPOL state machines
25 */
26struct eapol_config {
27	/**
28	 * accept_802_1x_keys - Accept IEEE 802.1X (non-WPA) EAPOL-Key frames
29	 *
30	 * This variable should be set to 1 when using EAPOL state machines
31	 * with non-WPA security policy to generate dynamic WEP keys. When
32	 * using WPA, this should be set to 0 so that WPA state machine can
33	 * process the EAPOL-Key frames.
34	 */
35	int accept_802_1x_keys;
36
37#define EAPOL_REQUIRE_KEY_UNICAST BIT(0)
38#define EAPOL_REQUIRE_KEY_BROADCAST BIT(1)
39	/**
40	 * required_keys - Which EAPOL-Key packets are required
41	 *
42	 * This variable determines which EAPOL-Key packets are required before
43	 * marking connection authenticated. This is a bit field of
44	 * EAPOL_REQUIRE_KEY_UNICAST and EAPOL_REQUIRE_KEY_BROADCAST flags.
45	 */
46	int required_keys;
47
48	/**
49	 * fast_reauth - Whether fast EAP reauthentication is enabled
50	 */
51	int fast_reauth;
52
53	/**
54	 * workaround - Whether EAP workarounds are enabled
55	 */
56	unsigned int workaround;
57
58	/**
59	 * eap_disabled - Whether EAP is disabled
60	 */
61	int eap_disabled;
62};
63
64struct eapol_sm;
65struct wpa_config_blob;
66
67/**
68 * struct eapol_ctx - Global (for all networks) EAPOL state machine context
69 */
70struct eapol_ctx {
71	/**
72	 * ctx - Pointer to arbitrary upper level context
73	 */
74	void *ctx;
75
76	/**
77	 * preauth - IEEE 802.11i/RSN pre-authentication
78	 *
79	 * This EAPOL state machine is used for IEEE 802.11i/RSN
80	 * pre-authentication
81	 */
82	int preauth;
83
84	/**
85	 * cb - Function to be called when EAPOL negotiation has been completed
86	 * @eapol: Pointer to EAPOL state machine data
87	 * @success: Whether the authentication was completed successfully
88	 * @ctx: Pointer to context data (cb_ctx)
89	 *
90	 * This optional callback function will be called when the EAPOL
91	 * authentication has been completed. This allows the owner of the
92	 * EAPOL state machine to process the key and terminate the EAPOL state
93	 * machine. Currently, this is used only in RSN pre-authentication.
94	 */
95	void (*cb)(struct eapol_sm *eapol, int success, void *ctx);
96
97	/**
98	 * cb_ctx - Callback context for cb()
99	 */
100	void *cb_ctx;
101
102	/**
103	 * msg_ctx - Callback context for wpa_msg() calls
104	 */
105	void *msg_ctx;
106
107	/**
108	 * scard_ctx - Callback context for PC/SC scard_*() function calls
109	 *
110	 * This context can be updated with eapol_sm_register_scard_ctx().
111	 */
112	void *scard_ctx;
113
114	/**
115	 * eapol_send_ctx - Callback context for eapol_send() calls
116	 */
117	void *eapol_send_ctx;
118
119	/**
120	 * eapol_done_cb - Function to be called at successful completion
121	 * @ctx: Callback context (ctx)
122	 *
123	 * This function is called at the successful completion of EAPOL
124	 * authentication. If dynamic WEP keys are used, this is called only
125	 * after all the expected keys have been received.
126	 */
127	void (*eapol_done_cb)(void *ctx);
128
129	/**
130	 * eapol_send - Send EAPOL packets
131	 * @ctx: Callback context (eapol_send_ctx)
132	 * @type: EAPOL type (IEEE802_1X_TYPE_*)
133	 * @buf: Pointer to EAPOL payload
134	 * @len: Length of the EAPOL payload
135	 * Returns: 0 on success, -1 on failure
136	 */
137	int (*eapol_send)(void *ctx, int type, const u8 *buf, size_t len);
138
139	/**
140	 * set_wep_key - Configure WEP keys
141	 * @ctx: Callback context (ctx)
142	 * @unicast: Non-zero = unicast, 0 = multicast/broadcast key
143	 * @keyidx: Key index (0..3)
144	 * @key: WEP key
145	 * @keylen: Length of the WEP key
146	 * Returns: 0 on success, -1 on failure
147	 */
148	int (*set_wep_key)(void *ctx, int unicast, int keyidx,
149			   const u8 *key, size_t keylen);
150
151	/**
152	 * set_config_blob - Set or add a named configuration blob
153	 * @ctx: Callback context (ctx)
154	 * @blob: New value for the blob
155	 *
156	 * Adds a new configuration blob or replaces the current value of an
157	 * existing blob.
158	 */
159	void (*set_config_blob)(void *ctx, struct wpa_config_blob *blob);
160
161	/**
162	 * get_config_blob - Get a named configuration blob
163	 * @ctx: Callback context (ctx)
164	 * @name: Name of the blob
165	 * Returns: Pointer to blob data or %NULL if not found
166	 */
167	const struct wpa_config_blob * (*get_config_blob)(void *ctx,
168							  const char *name);
169
170	/**
171	 * aborted_cached - Notify that cached PMK attempt was aborted
172	 * @ctx: Callback context (ctx)
173	 */
174	void (*aborted_cached)(void *ctx);
175
176	/**
177	 * opensc_engine_path - Path to the OpenSSL engine for opensc
178	 *
179	 * This is an OpenSSL specific configuration option for loading OpenSC
180	 * engine (engine_opensc.so); if %NULL, this engine is not loaded.
181	 */
182	const char *opensc_engine_path;
183
184	/**
185	 * pkcs11_engine_path - Path to the OpenSSL engine for PKCS#11
186	 *
187	 * This is an OpenSSL specific configuration option for loading PKCS#11
188	 * engine (engine_pkcs11.so); if %NULL, this engine is not loaded.
189	 */
190	const char *pkcs11_engine_path;
191
192	/**
193	 * pkcs11_module_path - Path to the OpenSSL OpenSC/PKCS#11 module
194	 *
195	 * This is an OpenSSL specific configuration option for configuring
196	 * path to OpenSC/PKCS#11 engine (opensc-pkcs11.so); if %NULL, this
197	 * module is not loaded.
198	 */
199	const char *pkcs11_module_path;
200
201	/**
202	 * wps - WPS context data
203	 *
204	 * This is only used by EAP-WSC and can be left %NULL if not available.
205	 */
206	struct wps_context *wps;
207
208	/**
209	 * eap_param_needed - Notify that EAP parameter is needed
210	 * @ctx: Callback context (ctx)
211	 * @field: Field name (e.g., "IDENTITY")
212	 * @txt: User readable text describing the required parameter
213	 */
214	void (*eap_param_needed)(void *ctx, const char *field,
215				 const char *txt);
216
217	/**
218	 * port_cb - Set port authorized/unauthorized callback (optional)
219	 * @ctx: Callback context (ctx)
220	 * @authorized: Whether the supplicant port is now in authorized state
221	 */
222	void (*port_cb)(void *ctx, int authorized);
223};
224
225
226struct eap_peer_config;
227
228#ifdef IEEE8021X_EAPOL
229struct eapol_sm *eapol_sm_init(struct eapol_ctx *ctx);
230void eapol_sm_deinit(struct eapol_sm *sm);
231void eapol_sm_step(struct eapol_sm *sm);
232int eapol_sm_get_status(struct eapol_sm *sm, char *buf, size_t buflen,
233			int verbose);
234int eapol_sm_get_mib(struct eapol_sm *sm, char *buf, size_t buflen);
235void eapol_sm_configure(struct eapol_sm *sm, int heldPeriod, int authPeriod,
236			int startPeriod, int maxStart);
237int eapol_sm_rx_eapol(struct eapol_sm *sm, const u8 *src, const u8 *buf,
238		      size_t len);
239void eapol_sm_notify_tx_eapol_key(struct eapol_sm *sm);
240void eapol_sm_notify_portEnabled(struct eapol_sm *sm, Boolean enabled);
241void eapol_sm_notify_portValid(struct eapol_sm *sm, Boolean valid);
242void eapol_sm_notify_eap_success(struct eapol_sm *sm, Boolean success);
243void eapol_sm_notify_eap_fail(struct eapol_sm *sm, Boolean fail);
244void eapol_sm_notify_config(struct eapol_sm *sm,
245			    struct eap_peer_config *config,
246			    const struct eapol_config *conf);
247int eapol_sm_get_key(struct eapol_sm *sm, u8 *key, size_t len);
248void eapol_sm_notify_logoff(struct eapol_sm *sm, Boolean logoff);
249void eapol_sm_notify_cached(struct eapol_sm *sm);
250void eapol_sm_notify_pmkid_attempt(struct eapol_sm *sm, int attempt);
251void eapol_sm_register_scard_ctx(struct eapol_sm *sm, void *ctx);
252void eapol_sm_notify_portControl(struct eapol_sm *sm, PortControl portControl);
253void eapol_sm_notify_ctrl_attached(struct eapol_sm *sm);
254void eapol_sm_notify_ctrl_response(struct eapol_sm *sm);
255void eapol_sm_request_reauth(struct eapol_sm *sm);
256void eapol_sm_notify_lower_layer_success(struct eapol_sm *sm, int in_eapol_sm);
257void eapol_sm_invalidate_cached_session(struct eapol_sm *sm);
258const char * eapol_sm_get_method_name(struct eapol_sm *sm);
259#else /* IEEE8021X_EAPOL */
260static inline struct eapol_sm *eapol_sm_init(struct eapol_ctx *ctx)
261{
262	free(ctx);
263	return (struct eapol_sm *) 1;
264}
265static inline void eapol_sm_deinit(struct eapol_sm *sm)
266{
267}
268static inline void eapol_sm_step(struct eapol_sm *sm)
269{
270}
271static inline int eapol_sm_get_status(struct eapol_sm *sm, char *buf,
272				      size_t buflen, int verbose)
273{
274	return 0;
275}
276static inline int eapol_sm_get_mib(struct eapol_sm *sm, char *buf,
277				   size_t buflen)
278{
279	return 0;
280}
281static inline void eapol_sm_configure(struct eapol_sm *sm, int heldPeriod,
282				      int authPeriod, int startPeriod,
283				      int maxStart)
284{
285}
286static inline int eapol_sm_rx_eapol(struct eapol_sm *sm, const u8 *src,
287				    const u8 *buf, size_t len)
288{
289	return 0;
290}
291static inline void eapol_sm_notify_tx_eapol_key(struct eapol_sm *sm)
292{
293}
294static inline void eapol_sm_notify_portEnabled(struct eapol_sm *sm,
295					       Boolean enabled)
296{
297}
298static inline void eapol_sm_notify_portValid(struct eapol_sm *sm,
299					     Boolean valid)
300{
301}
302static inline void eapol_sm_notify_eap_success(struct eapol_sm *sm,
303					       Boolean success)
304{
305}
306static inline void eapol_sm_notify_eap_fail(struct eapol_sm *sm, Boolean fail)
307{
308}
309static inline void eapol_sm_notify_config(struct eapol_sm *sm,
310					  struct eap_peer_config *config,
311					  struct eapol_config *conf)
312{
313}
314static inline int eapol_sm_get_key(struct eapol_sm *sm, u8 *key, size_t len)
315{
316	return -1;
317}
318static inline void eapol_sm_notify_logoff(struct eapol_sm *sm, Boolean logoff)
319{
320}
321static inline void eapol_sm_notify_cached(struct eapol_sm *sm)
322{
323}
324#define eapol_sm_notify_pmkid_attempt(sm, attempt) do { } while (0)
325#define eapol_sm_register_scard_ctx(sm, ctx) do { } while (0)
326static inline void eapol_sm_notify_portControl(struct eapol_sm *sm,
327					       PortControl portControl)
328{
329}
330static inline void eapol_sm_notify_ctrl_attached(struct eapol_sm *sm)
331{
332}
333static inline void eapol_sm_notify_ctrl_response(struct eapol_sm *sm)
334{
335}
336static inline void eapol_sm_request_reauth(struct eapol_sm *sm)
337{
338}
339static inline void eapol_sm_notify_lower_layer_success(struct eapol_sm *sm,
340						       int in_eapol_sm)
341{
342}
343static inline void eapol_sm_invalidate_cached_session(struct eapol_sm *sm)
344{
345}
346static inline const char * eapol_sm_get_method_name(struct eapol_sm *sm)
347{
348	return NULL;
349}
350#endif /* IEEE8021X_EAPOL */
351
352#endif /* EAPOL_SUPP_SM_H */
353