freebsd-nq/contrib/hostapd/eap_i.h
2007-07-09 16:15:06 +00:00

193 lines
6.0 KiB
C

/*
* hostapd / EAP Authenticator state machine internal structures (RFC 4137)
* Copyright (c) 2004-2005, Jouni Malinen <j@w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* Alternatively, this software may be distributed under the terms of BSD
* license.
*
* See README and COPYING for more details.
*/
#ifndef EAP_I_H
#define EAP_I_H
#include "eap.h"
/* RFC 4137 - EAP Standalone Authenticator */
/**
* struct eap_method - EAP method interface
* This structure defines the EAP method interface. Each method will need to
* register its own EAP type, EAP name, and set of function pointers for method
* specific operations. This interface is based on section 5.4 of RFC 4137.
*/
struct eap_method {
int vendor;
EapType method;
const char *name;
void * (*init)(struct eap_sm *sm);
void * (*initPickUp)(struct eap_sm *sm);
void (*reset)(struct eap_sm *sm, void *priv);
u8 * (*buildReq)(struct eap_sm *sm, void *priv, int id,
size_t *reqDataLen);
int (*getTimeout)(struct eap_sm *sm, void *priv);
Boolean (*check)(struct eap_sm *sm, void *priv,
u8 *respData, size_t respDataLen);
void (*process)(struct eap_sm *sm, void *priv,
u8 *respData, size_t respDataLen);
Boolean (*isDone)(struct eap_sm *sm, void *priv);
u8 * (*getKey)(struct eap_sm *sm, void *priv, size_t *len);
/* isSuccess is not specified in draft-ietf-eap-statemachine-05.txt,
* but it is useful in implementing Policy.getDecision() */
Boolean (*isSuccess)(struct eap_sm *sm, void *priv);
/**
* free - Free EAP method data
* @method: Pointer to the method data registered with
* eap_server_method_register().
*
* This function will be called when the EAP method is being
* unregistered. If the EAP method allocated resources during
* registration (e.g., allocated struct eap_method), they should be
* freed in this function. No other method functions will be called
* after this call. If this function is not defined (i.e., function
* pointer is %NULL), a default handler is used to release the method
* data with free(method). This is suitable for most cases.
*/
void (*free)(struct eap_method *method);
#define EAP_SERVER_METHOD_INTERFACE_VERSION 1
/**
* version - Version of the EAP server method interface
*
* The EAP server method implementation should set this variable to
* EAP_SERVER_METHOD_INTERFACE_VERSION. This is used to verify that the
* EAP method is using supported API version when using dynamically
* loadable EAP methods.
*/
int version;
/**
* next - Pointer to the next EAP method
*
* This variable is used internally in the EAP method registration code
* to create a linked list of registered EAP methods.
*/
struct eap_method *next;
/**
* get_emsk - Get EAP method specific keying extended material (EMSK)
* @sm: Pointer to EAP state machine allocated with eap_sm_init()
* @priv: Pointer to private EAP method data from eap_method::init()
* @len: Pointer to a variable to store EMSK length
* Returns: EMSK or %NULL if not available
*
* This function can be used to get the extended keying material from
* the EAP method. The key may already be stored in the method-specific
* private data or this function may derive the key.
*/
u8 * (*get_emsk)(struct eap_sm *sm, void *priv, size_t *len);
};
/**
* struct eap_sm - EAP server state machine data
*/
struct eap_sm {
enum {
EAP_DISABLED, EAP_INITIALIZE, EAP_IDLE, EAP_RECEIVED,
EAP_INTEGRITY_CHECK, EAP_METHOD_RESPONSE, EAP_METHOD_REQUEST,
EAP_PROPOSE_METHOD, EAP_SELECT_ACTION, EAP_SEND_REQUEST,
EAP_DISCARD, EAP_NAK, EAP_RETRANSMIT, EAP_SUCCESS, EAP_FAILURE,
EAP_TIMEOUT_FAILURE, EAP_PICK_UP_METHOD
} EAP_state;
/* Constants */
int MaxRetrans;
/* Lower layer to standalone authenticator variables */
/* eapResp: eapol_sm->be_auth.eapResp */
/* portEnabled: eapol_sm->portEnabled */
/* eapRestart: eapol_sm->auth_pae.eapRestart */
u8 *eapRespData;
size_t eapRespDataLen;
int retransWhile;
int eapSRTT;
int eapRTTVAR;
/* Standalone authenticator to lower layer variables */
/* eapReq: eapol_sm->be_auth.eapReq */
/* eapNoReq: eapol_sm->be_auth.eapNoReq */
/* eapSuccess: eapol_sm->eapSuccess */
/* eapFail: eapol_sm->eapFail */
/* eapTimeout: eapol_sm->eapTimeout */
u8 *eapReqData;
size_t eapReqDataLen;
u8 *eapKeyData; /* also eapKeyAvailable (boolean) */
size_t eapKeyDataLen;
/* Standalone authenticator state machine local variables */
/* Long-term (maintained betwen packets) */
EapType currentMethod;
int currentId;
enum {
METHOD_PROPOSED, METHOD_CONTINUE, METHOD_END
} methodState;
int retransCount;
u8 *lastReqData;
size_t lastReqDataLen;
int methodTimeout;
/* Short-term (not maintained between packets) */
Boolean rxResp;
int respId;
EapType respMethod;
int respVendor;
u32 respVendorMethod;
Boolean ignore;
enum {
DECISION_SUCCESS, DECISION_FAILURE, DECISION_CONTINUE
} decision;
/* Miscellaneous variables */
const struct eap_method *m; /* selected EAP method */
/* not defined in draft-ietf-eap-statemachine-02 */
Boolean changed;
void *eapol_ctx, *msg_ctx;
struct eapol_callbacks *eapol_cb;
void *eap_method_priv;
u8 *identity;
size_t identity_len;
int lastId; /* Identifier used in the last EAP-Packet */
struct eap_user *user;
int user_eap_method_index;
int init_phase2;
void *ssl_ctx;
enum { TLV_REQ_NONE, TLV_REQ_SUCCESS, TLV_REQ_FAILURE } tlv_request;
void *eap_sim_db_priv;
Boolean backend_auth;
Boolean update_user;
int num_rounds;
enum {
METHOD_PENDING_NONE, METHOD_PENDING_WAIT, METHOD_PENDING_CONT
} method_pending;
};
int eap_user_get(struct eap_sm *sm, const u8 *identity, size_t identity_len,
int phase2);
void eap_sm_process_nak(struct eap_sm *sm, u8 *nak_list, size_t len);
const u8 * eap_hdr_validate(int vendor, EapType eap_type,
const u8 *msg, size_t msglen, size_t *plen);
struct eap_hdr * eap_msg_alloc(int vendor, EapType type, size_t *len,
size_t payload_len, u8 code, u8 identifier,
u8 **payload);
#endif /* EAP_I_H */