18d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* 28d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP peer state machines internal structures (RFC 4137) 36c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt * Copyright (c) 2004-2014, Jouni Malinen <j@w1.fi> 48d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 5c5ec7f57ead87efa365800228aa0b09a12d9e6c4Dmitry Shmidt * This software may be distributed under the terms of the BSD license. 6c5ec7f57ead87efa365800228aa0b09a12d9e6c4Dmitry Shmidt * See README for more details. 78d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 88d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 98d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#ifndef EAP_I_H 108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define EAP_I_H 118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#include "wpabuf.h" 136c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt#include "utils/list.h" 148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#include "eap_peer/eap.h" 158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#include "eap_common/eap_common.h" 168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* RFC 4137 - EAP Peer state machine */ 188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidttypedef enum { 208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt DECISION_FAIL, DECISION_COND_SUCC, DECISION_UNCOND_SUCC 218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt} EapDecision; 228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidttypedef enum { 248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt METHOD_NONE, METHOD_INIT, METHOD_CONT, METHOD_MAY_CONT, METHOD_DONE 258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt} EapMethodState; 268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/** 288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * struct eap_method_ret - EAP return values from struct eap_method::process() 298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * These structure contains OUT variables for the interface between peer state 318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * machine and methods (RFC 4137, Sect. 4.2). eapRespData will be returned as 328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * the return value of struct eap_method::process() so it is not included in 338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * this structure. 348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct eap_method_ret { 368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * ignore - Whether method decided to drop the current packed (OUT) 388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean ignore; 408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * methodState - Method-specific state (IN/OUT) 438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt EapMethodState methodState; 458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * decision - Authentication decision (OUT) 488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt EapDecision decision; 508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * allowNotifications - Whether method allows notifications (OUT) 538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean allowNotifications; 558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/** 598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * struct eap_method - EAP method interface 608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This structure defines the EAP method interface. Each method will need to 618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * register its own EAP type, EAP name, and set of function pointers for method 628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * specific operations. This interface is based on section 4.4 of RFC 4137. 638d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 648d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct eap_method { 658d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 668d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * vendor - EAP Vendor-ID (EAP_VENDOR_*) (0 = IETF) 678d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 688d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int vendor; 698d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 708d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 718d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * method - EAP type number (EAP_TYPE_*) 728d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt EapType method; 748d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 758d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 768d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * name - Name of the method (e.g., "TLS") 778d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 788d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const char *name; 798d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 808d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 818d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * init - Initialize an EAP method 828d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 838d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Returns: Pointer to allocated private data, or %NULL on failure 848d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 858d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This function is used to initialize the EAP method explicitly 868d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * instead of using METHOD_INIT state as specific in RFC 4137. The 878d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * method is expected to initialize it method-specific state and return 888d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * a pointer that will be used as the priv argument to other calls. 898d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 908d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt void * (*init)(struct eap_sm *sm); 918d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 928d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 938d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * deinit - Deinitialize an EAP method 948d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 958d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @priv: Pointer to private EAP method data from eap_method::init() 968d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 978d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Deinitialize the EAP method and free any allocated private data. 988d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 998d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt void (*deinit)(struct eap_sm *sm, void *priv); 1008d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1018d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 1028d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * process - Process an EAP request 1038d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 1048d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @priv: Pointer to private EAP method data from eap_method::init() 1058d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @ret: Return values from EAP request validation and processing 1068d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @reqData: EAP request to be processed (eapReqData) 1078d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Returns: Pointer to allocated EAP response packet (eapRespData) 1088d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1098d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This function is a combination of m.check(), m.process(), and 1108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * m.buildResp() procedures defined in section 4.4 of RFC 4137 In other 1118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * words, this function validates the incoming request, processes it, 1128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * and build a response packet. m.check() and m.process() return values 1138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * are returned through struct eap_method_ret *ret variable. Caller is 1148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * responsible for freeing the returned EAP response packet. 1158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 1168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct wpabuf * (*process)(struct eap_sm *sm, void *priv, 1178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct eap_method_ret *ret, 1188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const struct wpabuf *reqData); 1198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 1218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * isKeyAvailable - Find out whether EAP method has keying material 1228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 1238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @priv: Pointer to private EAP method data from eap_method::init() 1248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Returns: %TRUE if key material (eapKeyData) is available 1258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 1268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean (*isKeyAvailable)(struct eap_sm *sm, void *priv); 1278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 1298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * getKey - Get EAP method specific keying material (eapKeyData) 1308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 1318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @priv: Pointer to private EAP method data from eap_method::init() 1328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @len: Pointer to variable to store key length (eapKeyDataLen) 1338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Returns: Keying material (eapKeyData) or %NULL if not available 1348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This function can be used to get the keying material from the EAP 1368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * method. The key may already be stored in the method-specific private 1378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * data or this function may derive the key. 1388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 1398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 * (*getKey)(struct eap_sm *sm, void *priv, size_t *len); 1408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 1428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * get_status - Get EAP method status 1438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 1448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @priv: Pointer to private EAP method data from eap_method::init() 1458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @buf: Buffer for status information 1468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @buflen: Maximum buffer length 1478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @verbose: Whether to include verbose status information 1488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Returns: Number of bytes written to buf 1498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Query EAP method for status information. This function fills in a 1518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * text area with current status information from the EAP method. If 1528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * the buffer (buf) is not large enough, status information will be 1538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * truncated to fit the buffer. 1548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 1558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int (*get_status)(struct eap_sm *sm, void *priv, char *buf, 1568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t buflen, int verbose); 1578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 1598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * has_reauth_data - Whether method is ready for fast reauthentication 1608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 1618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @priv: Pointer to private EAP method data from eap_method::init() 1628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Returns: %TRUE or %FALSE based on whether fast reauthentication is 1638d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * possible 1648d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1658d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This function is an optional handler that only EAP methods 1668d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * supporting fast re-authentication need to implement. 1678d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 1688d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean (*has_reauth_data)(struct eap_sm *sm, void *priv); 1698d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1708d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 1718d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * deinit_for_reauth - Release data that is not needed for fast re-auth 1728d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 1738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @priv: Pointer to private EAP method data from eap_method::init() 1748d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1758d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This function is an optional handler that only EAP methods 1768d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * supporting fast re-authentication need to implement. This is called 1778d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * when authentication has been completed and EAP state machine is 1788d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * requesting that enough state information is maintained for fast 1798d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * re-authentication 1808d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 1818d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt void (*deinit_for_reauth)(struct eap_sm *sm, void *priv); 1828d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1838d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 1848d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * init_for_reauth - Prepare for start of fast re-authentication 1858d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 1868d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @priv: Pointer to private EAP method data from eap_method::init() 1878d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1888d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This function is an optional handler that only EAP methods 1898d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * supporting fast re-authentication need to implement. This is called 1908d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * when EAP authentication is started and EAP state machine is 1918d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * requesting fast re-authentication to be used. 1928d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 1938d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt void * (*init_for_reauth)(struct eap_sm *sm, void *priv); 1948d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1958d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 1968d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * get_identity - Get method specific identity for re-authentication 1978d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 1988d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @priv: Pointer to private EAP method data from eap_method::init() 1998d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @len: Length of the returned identity 2008d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Returns: Pointer to the method specific identity or %NULL if default 2018d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * identity is to be used 2028d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2038d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This function is an optional handler that only EAP methods 2048d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * that use method specific identity need to implement. 2058d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 2068d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const u8 * (*get_identity)(struct eap_sm *sm, void *priv, size_t *len); 2078d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2088d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 2098d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * free - Free EAP method data 2108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @method: Pointer to the method data registered with 2118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * eap_peer_method_register(). 2128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This function will be called when the EAP method is being 2148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * unregistered. If the EAP method allocated resources during 2158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * registration (e.g., allocated struct eap_method), they should be 2168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * freed in this function. No other method functions will be called 2178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * after this call. If this function is not defined (i.e., function 2188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * pointer is %NULL), a default handler is used to release the method 2198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * data with free(method). This is suitable for most cases. 2208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 2218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt void (*free)(struct eap_method *method); 2228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define EAP_PEER_METHOD_INTERFACE_VERSION 1 2248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 2258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * version - Version of the EAP peer method interface 2268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * The EAP peer method implementation should set this variable to 2288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP_PEER_METHOD_INTERFACE_VERSION. This is used to verify that the 2298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP method is using supported API version when using dynamically 2308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * loadable EAP methods. 2318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 2328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int version; 2338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 2358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * next - Pointer to the next EAP method 2368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This variable is used internally in the EAP method registration code 2388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * to create a linked list of registered EAP methods. 2398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 2408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct eap_method *next; 2418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#ifdef CONFIG_DYNAMIC_EAP_METHODS 2438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 2448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * dl_handle - Handle for the dynamic library 2458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This variable is used internally in the EAP method registration code 2478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * to store a handle for the dynamic library. If the method is linked 2488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * in statically, this is %NULL. 2498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 2508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt void *dl_handle; 2518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#endif /* CONFIG_DYNAMIC_EAP_METHODS */ 2528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 2548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * get_emsk - Get EAP method specific keying extended material (EMSK) 2558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 2568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @priv: Pointer to private EAP method data from eap_method::init() 2578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @len: Pointer to a variable to store EMSK length 2588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Returns: EMSK or %NULL if not available 2598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This function can be used to get the extended keying material from 2618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * the EAP method. The key may already be stored in the method-specific 2628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * private data or this function may derive the key. 2638d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 2648d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 * (*get_emsk)(struct eap_sm *sm, void *priv, size_t *len); 265f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt 266f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt /** 267f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt * getSessionId - Get EAP method specific Session-Id 268f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 269f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt * @priv: Pointer to private EAP method data from eap_method::init() 270f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt * @len: Pointer to a variable to store Session-Id length 271f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt * Returns: Session-Id or %NULL if not available 272f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt * 273f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt * This function can be used to get the Session-Id from the EAP method. 274f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt * The Session-Id may already be stored in the method-specific private 275f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt * data or this function may derive the Session-Id. 276f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt */ 277f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt u8 * (*getSessionId)(struct eap_sm *sm, void *priv, size_t *len); 2788d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 2798d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2808d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2816c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidtstruct eap_erp_key { 2826c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt struct dl_list list; 2836c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt size_t rRK_len; 2846c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt size_t rIK_len; 2856c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt u8 rRK[ERP_MAX_KEY_LEN]; 2866c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt u8 rIK[ERP_MAX_KEY_LEN]; 2876c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt u32 next_seq; 2886c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt char keyname_nai[]; 2896c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt}; 2906c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt 2918d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/** 2928d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * struct eap_sm - EAP state machine data 2938d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 2948d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct eap_sm { 2958d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt enum { 2968d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt EAP_INITIALIZE, EAP_DISABLED, EAP_IDLE, EAP_RECEIVED, 2978d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt EAP_GET_METHOD, EAP_METHOD, EAP_SEND_RESPONSE, EAP_DISCARD, 2988d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt EAP_IDENTITY, EAP_NOTIFICATION, EAP_RETRANSMIT, EAP_SUCCESS, 2998d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt EAP_FAILURE 3008d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt } EAP_state; 3018d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* Long-term local variables */ 3028d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt EapType selectedMethod; 3038d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt EapMethodState methodState; 3048d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int lastId; 3058d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct wpabuf *lastRespData; 3068d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt EapDecision decision; 3078d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* Short-term local variables */ 3088d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean rxReq; 3098d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean rxSuccess; 3108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean rxFailure; 3118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int reqId; 3128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt EapType reqMethod; 3138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int reqVendor; 3148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u32 reqVendorMethod; 3158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean ignore; 3168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* Constants */ 3178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int ClientTimeout; 3188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* Miscellaneous variables */ 3208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean allowNotifications; /* peer state machine <-> methods */ 3218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct wpabuf *eapRespData; /* peer to lower layer */ 3228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean eapKeyAvailable; /* peer to lower layer */ 3238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *eapKeyData; /* peer to lower layer */ 3248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t eapKeyDataLen; /* peer to lower layer */ 325f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt u8 *eapSessionId; /* peer to lower layer */ 326f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt size_t eapSessionIdLen; /* peer to lower layer */ 3278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const struct eap_method *m; /* selected EAP method */ 3288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* not defined in RFC 4137 */ 3298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean changed; 3308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt void *eapol_ctx; 3311d755d025b206e22b06aeb322e25a79f98ca7777Dmitry Shmidt const struct eapol_callbacks *eapol_cb; 3328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt void *eap_method_priv; 3338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int init_phase2; 3348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int fast_reauth; 3356c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt Boolean reauthInit; /* send EAP-Identity/Re-auth */ 3366c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt u32 erp_seq; 3378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean rxResp /* LEAP only */; 3398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean leap_done; 3408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean peap_done; 3418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 req_md5[16]; /* MD5() of the current EAP packet */ 3428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 last_md5[16]; /* MD5() of the previously received EAP packet; used 3438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * in duplicate request detection. */ 3448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt void *msg_ctx; 3468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt void *scard_ctx; 3478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt void *ssl_ctx; 34804949598a23f501be6eec21697465fd46a28840aDmitry Shmidt void *ssl_ctx2; 3498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt unsigned int workaround; 3518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* Optional challenges generated in Phase 1 (EAP-FAST) */ 3538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *peer_challenge, *auth_challenge; 3548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int num_rounds; 3568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int force_disabled; 3578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct wps_context *wps; 3598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int prev_failure; 3617f0b69e88015ca077ef7a417fde0a76c10df23a5Dmitry Shmidt struct eap_peer_config *last_config; 36261d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt 36361d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt struct ext_password_data *ext_pw; 36461d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt struct wpabuf *ext_pw_buf; 365051af73b8f8014eff33330aead0f36944b3403e6Dmitry Shmidt 366051af73b8f8014eff33330aead0f36944b3403e6Dmitry Shmidt int external_sim; 367344abd362cfe2d03ed956666527352826b67bde5Dmitry Shmidt 368344abd362cfe2d03ed956666527352826b67bde5Dmitry Shmidt unsigned int expected_failure:1; 3696c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt 3706c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt struct dl_list erp_keys; /* struct eap_erp_key */ 3718d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 3728d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtconst u8 * eap_get_config_identity(struct eap_sm *sm, size_t *len); 3748d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtconst u8 * eap_get_config_password(struct eap_sm *sm, size_t *len); 3758d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtconst u8 * eap_get_config_password2(struct eap_sm *sm, size_t *len, int *hash); 3768d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtconst u8 * eap_get_config_new_password(struct eap_sm *sm, size_t *len); 3778d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtconst u8 * eap_get_config_otp(struct eap_sm *sm, size_t *len); 3788d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtvoid eap_clear_config_otp(struct eap_sm *sm); 3798d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtconst char * eap_get_config_phase1(struct eap_sm *sm); 3808d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtconst char * eap_get_config_phase2(struct eap_sm *sm); 3818d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtint eap_get_config_fragment_size(struct eap_sm *sm); 3828d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct eap_peer_config * eap_get_config(struct eap_sm *sm); 3838d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtvoid eap_set_config_blob(struct eap_sm *sm, struct wpa_config_blob *blob); 3848d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtconst struct wpa_config_blob * 3858d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidteap_get_config_blob(struct eap_sm *sm, const char *name); 3868d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtvoid eap_notify_pending(struct eap_sm *sm); 3878d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtint eap_allowed_method(struct eap_sm *sm, int vendor, u32 method); 3888d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3898d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#endif /* EAP_I_H */ 390