1e5b75505Sopenharmony_ci/* 2e5b75505Sopenharmony_ci * hostapd / EAP Full Authenticator state machine (RFC 4137) 3e5b75505Sopenharmony_ci * Copyright (c) 2004-2014, Jouni Malinen <j@w1.fi> 4e5b75505Sopenharmony_ci * 5e5b75505Sopenharmony_ci * This software may be distributed under the terms of the BSD license. 6e5b75505Sopenharmony_ci * See README for more details. 7e5b75505Sopenharmony_ci */ 8e5b75505Sopenharmony_ci 9e5b75505Sopenharmony_ci#ifndef EAP_H 10e5b75505Sopenharmony_ci#define EAP_H 11e5b75505Sopenharmony_ci 12e5b75505Sopenharmony_ci#include "common/defs.h" 13e5b75505Sopenharmony_ci#include "utils/list.h" 14e5b75505Sopenharmony_ci#include "eap_common/eap_defs.h" 15e5b75505Sopenharmony_ci#include "eap_server/eap_methods.h" 16e5b75505Sopenharmony_ci#include "wpabuf.h" 17e5b75505Sopenharmony_ci 18e5b75505Sopenharmony_cistruct eap_sm; 19e5b75505Sopenharmony_ci 20e5b75505Sopenharmony_ci#define EAP_TTLS_AUTH_PAP 1 21e5b75505Sopenharmony_ci#define EAP_TTLS_AUTH_CHAP 2 22e5b75505Sopenharmony_ci#define EAP_TTLS_AUTH_MSCHAP 4 23e5b75505Sopenharmony_ci#define EAP_TTLS_AUTH_MSCHAPV2 8 24e5b75505Sopenharmony_ci 25e5b75505Sopenharmony_cistruct eap_user { 26e5b75505Sopenharmony_ci struct { 27e5b75505Sopenharmony_ci int vendor; 28e5b75505Sopenharmony_ci u32 method; 29e5b75505Sopenharmony_ci } methods[EAP_MAX_METHODS]; 30e5b75505Sopenharmony_ci u8 *password; 31e5b75505Sopenharmony_ci size_t password_len; 32e5b75505Sopenharmony_ci int password_hash; /* whether password is hashed with 33e5b75505Sopenharmony_ci * nt_password_hash() */ 34e5b75505Sopenharmony_ci u8 *salt; 35e5b75505Sopenharmony_ci size_t salt_len; 36e5b75505Sopenharmony_ci int phase2; 37e5b75505Sopenharmony_ci int force_version; 38e5b75505Sopenharmony_ci unsigned int remediation:1; 39e5b75505Sopenharmony_ci unsigned int macacl:1; 40e5b75505Sopenharmony_ci int ttls_auth; /* bitfield of 41e5b75505Sopenharmony_ci * EAP_TTLS_AUTH_{PAP,CHAP,MSCHAP,MSCHAPV2} */ 42e5b75505Sopenharmony_ci struct hostapd_radius_attr *accept_attr; 43e5b75505Sopenharmony_ci u32 t_c_timestamp; 44e5b75505Sopenharmony_ci}; 45e5b75505Sopenharmony_ci 46e5b75505Sopenharmony_cistruct eap_eapol_interface { 47e5b75505Sopenharmony_ci /* Lower layer to full authenticator variables */ 48e5b75505Sopenharmony_ci Boolean eapResp; /* shared with EAPOL Backend Authentication */ 49e5b75505Sopenharmony_ci struct wpabuf *eapRespData; 50e5b75505Sopenharmony_ci Boolean portEnabled; 51e5b75505Sopenharmony_ci int retransWhile; 52e5b75505Sopenharmony_ci Boolean eapRestart; /* shared with EAPOL Authenticator PAE */ 53e5b75505Sopenharmony_ci int eapSRTT; 54e5b75505Sopenharmony_ci int eapRTTVAR; 55e5b75505Sopenharmony_ci 56e5b75505Sopenharmony_ci /* Full authenticator to lower layer variables */ 57e5b75505Sopenharmony_ci Boolean eapReq; /* shared with EAPOL Backend Authentication */ 58e5b75505Sopenharmony_ci Boolean eapNoReq; /* shared with EAPOL Backend Authentication */ 59e5b75505Sopenharmony_ci Boolean eapSuccess; 60e5b75505Sopenharmony_ci Boolean eapFail; 61e5b75505Sopenharmony_ci Boolean eapTimeout; 62e5b75505Sopenharmony_ci struct wpabuf *eapReqData; 63e5b75505Sopenharmony_ci u8 *eapKeyData; 64e5b75505Sopenharmony_ci size_t eapKeyDataLen; 65e5b75505Sopenharmony_ci u8 *eapSessionId; 66e5b75505Sopenharmony_ci size_t eapSessionIdLen; 67e5b75505Sopenharmony_ci Boolean eapKeyAvailable; /* called keyAvailable in IEEE 802.1X-2004 */ 68e5b75505Sopenharmony_ci 69e5b75505Sopenharmony_ci /* AAA interface to full authenticator variables */ 70e5b75505Sopenharmony_ci Boolean aaaEapReq; 71e5b75505Sopenharmony_ci Boolean aaaEapNoReq; 72e5b75505Sopenharmony_ci Boolean aaaSuccess; 73e5b75505Sopenharmony_ci Boolean aaaFail; 74e5b75505Sopenharmony_ci struct wpabuf *aaaEapReqData; 75e5b75505Sopenharmony_ci u8 *aaaEapKeyData; 76e5b75505Sopenharmony_ci size_t aaaEapKeyDataLen; 77e5b75505Sopenharmony_ci Boolean aaaEapKeyAvailable; 78e5b75505Sopenharmony_ci int aaaMethodTimeout; 79e5b75505Sopenharmony_ci 80e5b75505Sopenharmony_ci /* Full authenticator to AAA interface variables */ 81e5b75505Sopenharmony_ci Boolean aaaEapResp; 82e5b75505Sopenharmony_ci struct wpabuf *aaaEapRespData; 83e5b75505Sopenharmony_ci /* aaaIdentity -> eap_get_identity() */ 84e5b75505Sopenharmony_ci Boolean aaaTimeout; 85e5b75505Sopenharmony_ci}; 86e5b75505Sopenharmony_ci 87e5b75505Sopenharmony_cistruct eap_server_erp_key { 88e5b75505Sopenharmony_ci struct dl_list list; 89e5b75505Sopenharmony_ci size_t rRK_len; 90e5b75505Sopenharmony_ci size_t rIK_len; 91e5b75505Sopenharmony_ci u8 rRK[ERP_MAX_KEY_LEN]; 92e5b75505Sopenharmony_ci u8 rIK[ERP_MAX_KEY_LEN]; 93e5b75505Sopenharmony_ci u32 recv_seq; 94e5b75505Sopenharmony_ci u8 cryptosuite; 95e5b75505Sopenharmony_ci char keyname_nai[]; 96e5b75505Sopenharmony_ci}; 97e5b75505Sopenharmony_ci 98e5b75505Sopenharmony_cistruct eapol_callbacks { 99e5b75505Sopenharmony_ci int (*get_eap_user)(void *ctx, const u8 *identity, size_t identity_len, 100e5b75505Sopenharmony_ci int phase2, struct eap_user *user); 101e5b75505Sopenharmony_ci const char * (*get_eap_req_id_text)(void *ctx, size_t *len); 102e5b75505Sopenharmony_ci void (*log_msg)(void *ctx, const char *msg); 103e5b75505Sopenharmony_ci int (*get_erp_send_reauth_start)(void *ctx); 104e5b75505Sopenharmony_ci const char * (*get_erp_domain)(void *ctx); 105e5b75505Sopenharmony_ci struct eap_server_erp_key * (*erp_get_key)(void *ctx, 106e5b75505Sopenharmony_ci const char *keyname); 107e5b75505Sopenharmony_ci int (*erp_add_key)(void *ctx, struct eap_server_erp_key *erp); 108e5b75505Sopenharmony_ci}; 109e5b75505Sopenharmony_ci 110e5b75505Sopenharmony_cistruct eap_config { 111e5b75505Sopenharmony_ci void *ssl_ctx; 112e5b75505Sopenharmony_ci void *msg_ctx; 113e5b75505Sopenharmony_ci void *eap_sim_db_priv; 114e5b75505Sopenharmony_ci Boolean backend_auth; 115e5b75505Sopenharmony_ci int eap_server; 116e5b75505Sopenharmony_ci u16 pwd_group; 117e5b75505Sopenharmony_ci u8 *pac_opaque_encr_key; 118e5b75505Sopenharmony_ci u8 *eap_fast_a_id; 119e5b75505Sopenharmony_ci size_t eap_fast_a_id_len; 120e5b75505Sopenharmony_ci char *eap_fast_a_id_info; 121e5b75505Sopenharmony_ci int eap_fast_prov; 122e5b75505Sopenharmony_ci int pac_key_lifetime; 123e5b75505Sopenharmony_ci int pac_key_refresh_time; 124e5b75505Sopenharmony_ci int eap_teap_auth; 125e5b75505Sopenharmony_ci int eap_teap_pac_no_inner; 126e5b75505Sopenharmony_ci int eap_sim_aka_result_ind; 127e5b75505Sopenharmony_ci int eap_sim_id; 128e5b75505Sopenharmony_ci int tnc; 129e5b75505Sopenharmony_ci struct wps_context *wps; 130e5b75505Sopenharmony_ci const struct wpabuf *assoc_wps_ie; 131e5b75505Sopenharmony_ci const struct wpabuf *assoc_p2p_ie; 132e5b75505Sopenharmony_ci const u8 *peer_addr; 133e5b75505Sopenharmony_ci int fragment_size; 134e5b75505Sopenharmony_ci 135e5b75505Sopenharmony_ci int pbc_in_m1; 136e5b75505Sopenharmony_ci 137e5b75505Sopenharmony_ci const u8 *server_id; 138e5b75505Sopenharmony_ci size_t server_id_len; 139e5b75505Sopenharmony_ci int erp; 140e5b75505Sopenharmony_ci unsigned int tls_session_lifetime; 141e5b75505Sopenharmony_ci unsigned int tls_flags; 142e5b75505Sopenharmony_ci 143e5b75505Sopenharmony_ci#ifdef CONFIG_TESTING_OPTIONS 144e5b75505Sopenharmony_ci u32 tls_test_flags; 145e5b75505Sopenharmony_ci#endif /* CONFIG_TESTING_OPTIONS */ 146e5b75505Sopenharmony_ci}; 147e5b75505Sopenharmony_ci 148e5b75505Sopenharmony_ci 149e5b75505Sopenharmony_cistruct eap_sm * eap_server_sm_init(void *eapol_ctx, 150e5b75505Sopenharmony_ci const struct eapol_callbacks *eapol_cb, 151e5b75505Sopenharmony_ci struct eap_config *eap_conf); 152e5b75505Sopenharmony_civoid eap_server_sm_deinit(struct eap_sm *sm); 153e5b75505Sopenharmony_ciint eap_server_sm_step(struct eap_sm *sm); 154e5b75505Sopenharmony_civoid eap_sm_notify_cached(struct eap_sm *sm); 155e5b75505Sopenharmony_civoid eap_sm_pending_cb(struct eap_sm *sm); 156e5b75505Sopenharmony_ciint eap_sm_method_pending(struct eap_sm *sm); 157e5b75505Sopenharmony_ciconst u8 * eap_get_identity(struct eap_sm *sm, size_t *len); 158e5b75505Sopenharmony_ciconst char * eap_get_serial_num(struct eap_sm *sm); 159e5b75505Sopenharmony_ciconst char * eap_get_method(struct eap_sm *sm); 160e5b75505Sopenharmony_ciconst char * eap_get_imsi(struct eap_sm *sm); 161e5b75505Sopenharmony_cistruct eap_eapol_interface * eap_get_interface(struct eap_sm *sm); 162e5b75505Sopenharmony_civoid eap_server_clear_identity(struct eap_sm *sm); 163e5b75505Sopenharmony_civoid eap_server_mschap_rx_callback(struct eap_sm *sm, const char *source, 164e5b75505Sopenharmony_ci const u8 *username, size_t username_len, 165e5b75505Sopenharmony_ci const u8 *challenge, const u8 *response); 166e5b75505Sopenharmony_civoid eap_erp_update_identity(struct eap_sm *sm, const u8 *eap, size_t len); 167e5b75505Sopenharmony_civoid eap_user_free(struct eap_user *user); 168e5b75505Sopenharmony_ci 169e5b75505Sopenharmony_ci#endif /* EAP_H */ 170