18d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* 28d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP peer state machines internal structures (RFC 4137) 36c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt * Copyright (c) 2004-2014, Jouni Malinen <j@w1.fi> 48d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 5c5ec7f57ead87efa365800228aa0b09a12d9e6c4Dmitry Shmidt * This software may be distributed under the terms of the BSD license. 6c5ec7f57ead87efa365800228aa0b09a12d9e6c4Dmitry Shmidt * See README for more details. 78d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 88d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 98d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#ifndef EAP_I_H 108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define EAP_I_H 118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#include "wpabuf.h" 136c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt#include "utils/list.h" 148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#include "eap_peer/eap.h" 158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#include "eap_common/eap_common.h" 168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 179c86a7f3b4994b1346418f183a9e71c82c87de65Ahmed ElArabawy#define NO_EAP_METHOD_ERROR (-1) 189c86a7f3b4994b1346418f183a9e71c82c87de65Ahmed ElArabawy 198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* RFC 4137 - EAP Peer state machine */ 208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidttypedef enum { 228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt DECISION_FAIL, DECISION_COND_SUCC, DECISION_UNCOND_SUCC 238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt} EapDecision; 248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidttypedef enum { 268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt METHOD_NONE, METHOD_INIT, METHOD_CONT, METHOD_MAY_CONT, METHOD_DONE 278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt} EapMethodState; 288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/** 308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * struct eap_method_ret - EAP return values from struct eap_method::process() 318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * These structure contains OUT variables for the interface between peer state 338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * machine and methods (RFC 4137, Sect. 4.2). eapRespData will be returned as 348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * the return value of struct eap_method::process() so it is not included in 358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * this structure. 368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct eap_method_ret { 388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * ignore - Whether method decided to drop the current packed (OUT) 408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean ignore; 428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * methodState - Method-specific state (IN/OUT) 458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt EapMethodState methodState; 478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * decision - Authentication decision (OUT) 508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt EapDecision decision; 528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * allowNotifications - Whether method allows notifications (OUT) 558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean allowNotifications; 578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/** 618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * struct eap_method - EAP method interface 628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This structure defines the EAP method interface. Each method will need to 638d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * register its own EAP type, EAP name, and set of function pointers for method 648d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * specific operations. This interface is based on section 4.4 of RFC 4137. 658d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 668d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct eap_method { 678d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 688d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * vendor - EAP Vendor-ID (EAP_VENDOR_*) (0 = IETF) 698d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 708d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int vendor; 718d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 728d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * method - EAP type number (EAP_TYPE_*) 748d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 758d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt EapType method; 768d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 778d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 788d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * name - Name of the method (e.g., "TLS") 798d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 808d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const char *name; 818d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 828d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 838d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * init - Initialize an EAP method 848d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 858d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Returns: Pointer to allocated private data, or %NULL on failure 868d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 878d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This function is used to initialize the EAP method explicitly 888d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * instead of using METHOD_INIT state as specific in RFC 4137. The 898d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * method is expected to initialize it method-specific state and return 908d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * a pointer that will be used as the priv argument to other calls. 918d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 928d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt void * (*init)(struct eap_sm *sm); 938d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 948d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 958d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * deinit - Deinitialize an EAP method 968d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 978d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @priv: Pointer to private EAP method data from eap_method::init() 988d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 998d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Deinitialize the EAP method and free any allocated private data. 1008d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 1018d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt void (*deinit)(struct eap_sm *sm, void *priv); 1028d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1038d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 1048d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * process - Process an EAP request 1058d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 1068d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @priv: Pointer to private EAP method data from eap_method::init() 1078d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @ret: Return values from EAP request validation and processing 1088d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @reqData: EAP request to be processed (eapReqData) 1098d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Returns: Pointer to allocated EAP response packet (eapRespData) 1108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This function is a combination of m.check(), m.process(), and 1128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * m.buildResp() procedures defined in section 4.4 of RFC 4137 In other 1138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * words, this function validates the incoming request, processes it, 1148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * and build a response packet. m.check() and m.process() return values 1158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * are returned through struct eap_method_ret *ret variable. Caller is 1168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * responsible for freeing the returned EAP response packet. 1178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 1188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct wpabuf * (*process)(struct eap_sm *sm, void *priv, 1198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct eap_method_ret *ret, 1208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const struct wpabuf *reqData); 1218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 1238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * isKeyAvailable - Find out whether EAP method has keying material 1248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 1258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @priv: Pointer to private EAP method data from eap_method::init() 1268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Returns: %TRUE if key material (eapKeyData) is available 1278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 1288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean (*isKeyAvailable)(struct eap_sm *sm, void *priv); 1298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 1318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * getKey - Get EAP method specific keying material (eapKeyData) 1328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 1338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @priv: Pointer to private EAP method data from eap_method::init() 1348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @len: Pointer to variable to store key length (eapKeyDataLen) 1358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Returns: Keying material (eapKeyData) or %NULL if not available 1368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This function can be used to get the keying material from the EAP 1388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * method. The key may already be stored in the method-specific private 1398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * data or this function may derive the key. 1408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 1418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 * (*getKey)(struct eap_sm *sm, void *priv, size_t *len); 1428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 1448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * get_status - Get EAP method status 1458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 1468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @priv: Pointer to private EAP method data from eap_method::init() 1478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @buf: Buffer for status information 1488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @buflen: Maximum buffer length 1498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @verbose: Whether to include verbose status information 1508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Returns: Number of bytes written to buf 1518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Query EAP method for status information. This function fills in a 1538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * text area with current status information from the EAP method. If 1548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * the buffer (buf) is not large enough, status information will be 1558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * truncated to fit the buffer. 1568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 1578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int (*get_status)(struct eap_sm *sm, void *priv, char *buf, 1588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t buflen, int verbose); 1598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 1618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * has_reauth_data - Whether method is ready for fast reauthentication 1628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 1638d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @priv: Pointer to private EAP method data from eap_method::init() 1648d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Returns: %TRUE or %FALSE based on whether fast reauthentication is 1658d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * possible 1668d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1678d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This function is an optional handler that only EAP methods 1688d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * supporting fast re-authentication need to implement. 1698d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 1708d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean (*has_reauth_data)(struct eap_sm *sm, void *priv); 1718d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1728d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 1738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * deinit_for_reauth - Release data that is not needed for fast re-auth 1748d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 1758d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @priv: Pointer to private EAP method data from eap_method::init() 1768d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1778d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This function is an optional handler that only EAP methods 1788d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * supporting fast re-authentication need to implement. This is called 1798d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * when authentication has been completed and EAP state machine is 1808d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * requesting that enough state information is maintained for fast 1818d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * re-authentication 1828d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 1838d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt void (*deinit_for_reauth)(struct eap_sm *sm, void *priv); 1848d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1858d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 1868d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * init_for_reauth - Prepare for start of fast re-authentication 1878d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 1888d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @priv: Pointer to private EAP method data from eap_method::init() 1898d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1908d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This function is an optional handler that only EAP methods 1918d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * supporting fast re-authentication need to implement. This is called 1928d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * when EAP authentication is started and EAP state machine is 1938d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * requesting fast re-authentication to be used. 1948d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 1958d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt void * (*init_for_reauth)(struct eap_sm *sm, void *priv); 1968d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1978d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 1988d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * get_identity - Get method specific identity for re-authentication 1998d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 2008d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @priv: Pointer to private EAP method data from eap_method::init() 2018d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @len: Length of the returned identity 2028d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Returns: Pointer to the method specific identity or %NULL if default 2038d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * identity is to be used 2048d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2058d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This function is an optional handler that only EAP methods 2068d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * that use method specific identity need to implement. 2078d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 2088d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const u8 * (*get_identity)(struct eap_sm *sm, void *priv, size_t *len); 2098d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 2119c86a7f3b4994b1346418f183a9e71c82c87de65Ahmed ElArabawy * get_error_code - Get latest EAP method error code 2129c86a7f3b4994b1346418f183a9e71c82c87de65Ahmed ElArabawy * @priv: Pointer to private EAP method data from eap_method::init() 2139c86a7f3b4994b1346418f183a9e71c82c87de65Ahmed ElArabawy * Returns: An int for the EAP Method Error code if exists or 2149c86a7f3b4994b1346418f183a9e71c82c87de65Ahmed ElArabawy * NO_EAP_METHOD_ERROR otherwise 2159c86a7f3b4994b1346418f183a9e71c82c87de65Ahmed ElArabawy * 2169c86a7f3b4994b1346418f183a9e71c82c87de65Ahmed ElArabawy * This method is an optional handler that only EAP methods that need to 2179c86a7f3b4994b1346418f183a9e71c82c87de65Ahmed ElArabawy * report their error code need to implement. 2189c86a7f3b4994b1346418f183a9e71c82c87de65Ahmed ElArabawy */ 2199c86a7f3b4994b1346418f183a9e71c82c87de65Ahmed ElArabawy int (*get_error_code)(void *priv); 2209c86a7f3b4994b1346418f183a9e71c82c87de65Ahmed ElArabawy 2219c86a7f3b4994b1346418f183a9e71c82c87de65Ahmed ElArabawy /** 2228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * free - Free EAP method data 2238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @method: Pointer to the method data registered with 2248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * eap_peer_method_register(). 2258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This function will be called when the EAP method is being 2278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * unregistered. If the EAP method allocated resources during 2288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * registration (e.g., allocated struct eap_method), they should be 2298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * freed in this function. No other method functions will be called 2308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * after this call. If this function is not defined (i.e., function 2318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * pointer is %NULL), a default handler is used to release the method 2328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * data with free(method). This is suitable for most cases. 2338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 2348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt void (*free)(struct eap_method *method); 2358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define EAP_PEER_METHOD_INTERFACE_VERSION 1 2378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 2388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * version - Version of the EAP peer method interface 2398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * The EAP peer method implementation should set this variable to 2418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP_PEER_METHOD_INTERFACE_VERSION. This is used to verify that the 2428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP method is using supported API version when using dynamically 2438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * loadable EAP methods. 2448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 2458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int version; 2468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 2488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * next - Pointer to the next EAP method 2498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This variable is used internally in the EAP method registration code 2518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * to create a linked list of registered EAP methods. 2528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 2538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct eap_method *next; 2548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#ifdef CONFIG_DYNAMIC_EAP_METHODS 2568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 2578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * dl_handle - Handle for the dynamic library 2588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This variable is used internally in the EAP method registration code 2608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * to store a handle for the dynamic library. If the method is linked 2618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * in statically, this is %NULL. 2628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 2638d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt void *dl_handle; 2648d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#endif /* CONFIG_DYNAMIC_EAP_METHODS */ 2658d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2668d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 2678d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * get_emsk - Get EAP method specific keying extended material (EMSK) 2688d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 2698d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @priv: Pointer to private EAP method data from eap_method::init() 2708d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * @len: Pointer to a variable to store EMSK length 2718d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Returns: EMSK or %NULL if not available 2728d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This function can be used to get the extended keying material from 2748d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * the EAP method. The key may already be stored in the method-specific 2758d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * private data or this function may derive the key. 2768d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 2778d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 * (*get_emsk)(struct eap_sm *sm, void *priv, size_t *len); 278f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt 279f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt /** 280f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt * getSessionId - Get EAP method specific Session-Id 281f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 282f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt * @priv: Pointer to private EAP method data from eap_method::init() 283f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt * @len: Pointer to a variable to store Session-Id length 284f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt * Returns: Session-Id or %NULL if not available 285f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt * 286f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt * This function can be used to get the Session-Id from the EAP method. 287f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt * The Session-Id may already be stored in the method-specific private 288f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt * data or this function may derive the Session-Id. 289f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt */ 290f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt u8 * (*getSessionId)(struct eap_sm *sm, void *priv, size_t *len); 2918d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 2928d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2938d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2946c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidtstruct eap_erp_key { 2956c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt struct dl_list list; 2966c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt size_t rRK_len; 2976c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt size_t rIK_len; 2986c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt u8 rRK[ERP_MAX_KEY_LEN]; 2996c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt u8 rIK[ERP_MAX_KEY_LEN]; 3006c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt u32 next_seq; 3016c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt char keyname_nai[]; 3026c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt}; 3036c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt 3048d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/** 3058d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * struct eap_sm - EAP state machine data 3068d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 3078d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct eap_sm { 3088d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt enum { 3098d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt EAP_INITIALIZE, EAP_DISABLED, EAP_IDLE, EAP_RECEIVED, 3108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt EAP_GET_METHOD, EAP_METHOD, EAP_SEND_RESPONSE, EAP_DISCARD, 3118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt EAP_IDENTITY, EAP_NOTIFICATION, EAP_RETRANSMIT, EAP_SUCCESS, 3128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt EAP_FAILURE 3138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt } EAP_state; 3148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* Long-term local variables */ 3158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt EapType selectedMethod; 3168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt EapMethodState methodState; 3178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int lastId; 3188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct wpabuf *lastRespData; 3198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt EapDecision decision; 3208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* Short-term local variables */ 3218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean rxReq; 3228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean rxSuccess; 3238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean rxFailure; 3248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int reqId; 3258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt EapType reqMethod; 3268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int reqVendor; 3278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u32 reqVendorMethod; 3288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean ignore; 3298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* Constants */ 3308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int ClientTimeout; 3318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* Miscellaneous variables */ 3338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean allowNotifications; /* peer state machine <-> methods */ 3348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct wpabuf *eapRespData; /* peer to lower layer */ 3358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean eapKeyAvailable; /* peer to lower layer */ 3368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *eapKeyData; /* peer to lower layer */ 3378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t eapKeyDataLen; /* peer to lower layer */ 338f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt u8 *eapSessionId; /* peer to lower layer */ 339f86232838cf712377867cb42417c1613ab5dc425Dmitry Shmidt size_t eapSessionIdLen; /* peer to lower layer */ 3408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const struct eap_method *m; /* selected EAP method */ 3418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* not defined in RFC 4137 */ 3428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean changed; 3438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt void *eapol_ctx; 3441d755d025b206e22b06aeb322e25a79f98ca7777Dmitry Shmidt const struct eapol_callbacks *eapol_cb; 3458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt void *eap_method_priv; 3468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int init_phase2; 3478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int fast_reauth; 3486c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt Boolean reauthInit; /* send EAP-Identity/Re-auth */ 3496c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt u32 erp_seq; 3508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean rxResp /* LEAP only */; 3528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean leap_done; 3538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt Boolean peap_done; 354d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt u8 req_sha1[20]; /* SHA1() of the current EAP packet */ 355d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt u8 last_sha1[20]; /* SHA1() of the previously received EAP packet; used 356d80a401aed31d06f261efd19223cf55d1a2a8228Dmitry Shmidt * in duplicate request detection. */ 3578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt void *msg_ctx; 3598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt void *scard_ctx; 3608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt void *ssl_ctx; 36104949598a23f501be6eec21697465fd46a28840aDmitry Shmidt void *ssl_ctx2; 3628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3638d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt unsigned int workaround; 3648d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3658d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* Optional challenges generated in Phase 1 (EAP-FAST) */ 3668d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *peer_challenge, *auth_challenge; 3678d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3688d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int num_rounds; 3698d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int force_disabled; 3708d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3718d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct wps_context *wps; 3728d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int prev_failure; 3747f0b69e88015ca077ef7a417fde0a76c10df23a5Dmitry Shmidt struct eap_peer_config *last_config; 37561d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt 37661d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt struct ext_password_data *ext_pw; 37761d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt struct wpabuf *ext_pw_buf; 378051af73b8f8014eff33330aead0f36944b3403e6Dmitry Shmidt 379051af73b8f8014eff33330aead0f36944b3403e6Dmitry Shmidt int external_sim; 380344abd362cfe2d03ed956666527352826b67bde5Dmitry Shmidt 381344abd362cfe2d03ed956666527352826b67bde5Dmitry Shmidt unsigned int expected_failure:1; 3821b46775bb44f06b3cc285481ff5f7a673559ed7dDmitry Shmidt unsigned int ext_cert_check:1; 3831b46775bb44f06b3cc285481ff5f7a673559ed7dDmitry Shmidt unsigned int waiting_ext_cert_check:1; 3846c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt 3856c0da2bb83f6915d8260912362692d1a742e057bDmitry Shmidt struct dl_list erp_keys; /* struct eap_erp_key */ 3868d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 3878d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3888d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtconst u8 * eap_get_config_identity(struct eap_sm *sm, size_t *len); 3898d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtconst u8 * eap_get_config_password(struct eap_sm *sm, size_t *len); 3908d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtconst u8 * eap_get_config_password2(struct eap_sm *sm, size_t *len, int *hash); 3918d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtconst u8 * eap_get_config_new_password(struct eap_sm *sm, size_t *len); 3928d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtconst u8 * eap_get_config_otp(struct eap_sm *sm, size_t *len); 3938d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtvoid eap_clear_config_otp(struct eap_sm *sm); 3948d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtconst char * eap_get_config_phase1(struct eap_sm *sm); 3958d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtconst char * eap_get_config_phase2(struct eap_sm *sm); 3968d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtint eap_get_config_fragment_size(struct eap_sm *sm); 3978d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct eap_peer_config * eap_get_config(struct eap_sm *sm); 3988d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtvoid eap_set_config_blob(struct eap_sm *sm, struct wpa_config_blob *blob); 3998d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtconst struct wpa_config_blob * 4008d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidteap_get_config_blob(struct eap_sm *sm, const char *name); 4018d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtvoid eap_notify_pending(struct eap_sm *sm); 4028d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtint eap_allowed_method(struct eap_sm *sm, int vendor, u32 method); 4038d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 4048d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#endif /* EAP_I_H */ 405