18d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* 28d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * hostapd / EAP Full Authenticator state machine (RFC 4137) 36c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt * Copyright (c) 2004-2014, Jouni Malinen <j@w1.fi> 48d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 5c5ec7f57ead87efa365800228aa0b09a12d9e6c4Dmitry Shmidt * This software may be distributed under the terms of the BSD license. 6c5ec7f57ead87efa365800228aa0b09a12d9e6c4Dmitry Shmidt * See README for more details. 78d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 88d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 98d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#ifndef EAP_H 108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define EAP_H 118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#include "common/defs.h" 136c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt#include "utils/list.h" 148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#include "eap_common/eap_defs.h" 158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#include "eap_server/eap_methods.h" 168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#include "wpabuf.h" 178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct eap_sm; 198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define EAP_TTLS_AUTH_PAP 1 218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define EAP_TTLS_AUTH_CHAP 2 228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define EAP_TTLS_AUTH_MSCHAP 4 238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define EAP_TTLS_AUTH_MSCHAPV2 8 248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct eap_user { 268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct { 278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int vendor; 288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u32 method; 298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt } methods[EAP_MAX_METHODS]; 308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *password; 318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t password_len; 328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int password_hash; /* whether password is hashed with 338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * nt_password_hash() */ 348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int phase2; 358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int force_version; 36f21452aea786ac056eb01f1cbba4f553bd502747Dmitry Shmidt unsigned int remediation:1; 37df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt unsigned int macacl:1; 388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int ttls_auth; /* bitfield of 398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP_TTLS_AUTH_{PAP,CHAP,MSCHAP,MSCHAPV2} */ 40818ea489ef32dcdc7c098d8a336d6e1dd8996112Dmitry Shmidt struct hostapd_radius_attr *accept_attr; 418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct eap_eapol_interface { 448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* Lower layer to full authenticator variables */ 458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean eapResp; /* shared with EAPOL Backend Authentication */ 468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct wpabuf *eapRespData; 478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean portEnabled; 488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int retransWhile; 498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean eapRestart; /* shared with EAPOL Authenticator PAE */ 508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int eapSRTT; 518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int eapRTTVAR; 528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* Full authenticator to lower layer variables */ 548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean eapReq; /* shared with EAPOL Backend Authentication */ 558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean eapNoReq; /* shared with EAPOL Backend Authentication */ 568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean eapSuccess; 578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean eapFail; 588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean eapTimeout; 598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct wpabuf *eapReqData; 608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *eapKeyData; 618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t eapKeyDataLen; 626c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt u8 *eapSessionId; 636c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt size_t eapSessionIdLen; 648d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean eapKeyAvailable; /* called keyAvailable in IEEE 802.1X-2004 */ 658d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 668d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* AAA interface to full authenticator variables */ 678d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean aaaEapReq; 688d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean aaaEapNoReq; 698d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean aaaSuccess; 708d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean aaaFail; 718d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct wpabuf *aaaEapReqData; 728d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *aaaEapKeyData; 738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t aaaEapKeyDataLen; 748d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean aaaEapKeyAvailable; 758d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int aaaMethodTimeout; 768d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 778d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* Full authenticator to AAA interface variables */ 788d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean aaaEapResp; 798d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct wpabuf *aaaEapRespData; 808d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* aaaIdentity -> eap_get_identity() */ 818d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean aaaTimeout; 828d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 838d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 846c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidtstruct eap_server_erp_key { 856c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt struct dl_list list; 866c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt size_t rRK_len; 876c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt size_t rIK_len; 886c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt u8 rRK[ERP_MAX_KEY_LEN]; 896c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt u8 rIK[ERP_MAX_KEY_LEN]; 906c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt u32 recv_seq; 916c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt u8 cryptosuite; 926c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt char keyname_nai[]; 936c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt}; 946c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt 958d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct eapol_callbacks { 968d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int (*get_eap_user)(void *ctx, const u8 *identity, size_t identity_len, 978d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int phase2, struct eap_user *user); 988d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const char * (*get_eap_req_id_text)(void *ctx, size_t *len); 99818ea489ef32dcdc7c098d8a336d6e1dd8996112Dmitry Shmidt void (*log_msg)(void *ctx, const char *msg); 1006c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt int (*get_erp_send_reauth_start)(void *ctx); 1016c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt const char * (*get_erp_domain)(void *ctx); 1026c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt struct eap_server_erp_key * (*erp_get_key)(void *ctx, 1036c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt const char *keyname); 1046c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt int (*erp_add_key)(void *ctx, struct eap_server_erp_key *erp); 1058d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 1068d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1078d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct eap_config { 1088d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt void *ssl_ctx; 1098d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt void *msg_ctx; 1108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt void *eap_sim_db_priv; 1118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean backend_auth; 1128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int eap_server; 1138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u16 pwd_group; 1148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *pac_opaque_encr_key; 1158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *eap_fast_a_id; 1168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t eap_fast_a_id_len; 1178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt char *eap_fast_a_id_info; 1188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int eap_fast_prov; 1198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int pac_key_lifetime; 1208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int pac_key_refresh_time; 1218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int eap_sim_aka_result_ind; 1228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int tnc; 1238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct wps_context *wps; 1248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const struct wpabuf *assoc_wps_ie; 1258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const struct wpabuf *assoc_p2p_ie; 1268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const u8 *peer_addr; 1278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int fragment_size; 12887fd279308af3f806848c8f2ab65ef18c6ac4c30Jouni Malinen 12987fd279308af3f806848c8f2ab65ef18c6ac4c30Jouni Malinen int pbc_in_m1; 13034af306c42b7ccf956508e7cd23f0ba90606e360Dmitry Shmidt 13134af306c42b7ccf956508e7cd23f0ba90606e360Dmitry Shmidt const u8 *server_id; 13234af306c42b7ccf956508e7cd23f0ba90606e360Dmitry Shmidt size_t server_id_len; 1336c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt int erp; 134d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt unsigned int tls_session_lifetime; 135818ea489ef32dcdc7c098d8a336d6e1dd8996112Dmitry Shmidt 136818ea489ef32dcdc7c098d8a336d6e1dd8996112Dmitry Shmidt#ifdef CONFIG_TESTING_OPTIONS 137818ea489ef32dcdc7c098d8a336d6e1dd8996112Dmitry Shmidt u32 tls_test_flags; 138818ea489ef32dcdc7c098d8a336d6e1dd8996112Dmitry Shmidt#endif /* CONFIG_TESTING_OPTIONS */ 1398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 1408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct eap_sm * eap_server_sm_init(void *eapol_ctx, 1431d755d025b206e22b06aeb322e25a79f98ca7777Dmitry Shmidt const struct eapol_callbacks *eapol_cb, 1448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct eap_config *eap_conf); 1458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtvoid eap_server_sm_deinit(struct eap_sm *sm); 1468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtint eap_server_sm_step(struct eap_sm *sm); 1478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtvoid eap_sm_notify_cached(struct eap_sm *sm); 1488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtvoid eap_sm_pending_cb(struct eap_sm *sm); 1498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtint eap_sm_method_pending(struct eap_sm *sm); 1508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtconst u8 * eap_get_identity(struct eap_sm *sm, size_t *len); 1518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct eap_eapol_interface * eap_get_interface(struct eap_sm *sm); 1528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtvoid eap_server_clear_identity(struct eap_sm *sm); 153af9da3180dc20f57df1fc1e1811f3df9fa9e6ab5Dmitry Shmidtvoid eap_server_mschap_rx_callback(struct eap_sm *sm, const char *source, 154af9da3180dc20f57df1fc1e1811f3df9fa9e6ab5Dmitry Shmidt const u8 *username, size_t username_len, 155af9da3180dc20f57df1fc1e1811f3df9fa9e6ab5Dmitry Shmidt const u8 *challenge, const u8 *response); 1569839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidtvoid eap_erp_update_identity(struct eap_sm *sm, const u8 *eap, size_t len); 1578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#endif /* EAP_H */ 159