Import hostapd 0.5.8
[dragonfly.git] / contrib / hostapd-0.5.8 / eapol_sm.h
CommitLineData
ebfa2275
SZ
1/*
2 * hostapd / IEEE 802.1X Authenticator - EAPOL state machine
3 * Copyright (c) 2002-2005, Jouni Malinen <j@w1.fi>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * Alternatively, this software may be distributed under the terms of BSD
10 * license.
11 *
12 * See README and COPYING for more details.
13 */
14
15#ifndef EAPOL_SM_H
16#define EAPOL_SM_H
17
18#include "defs.h"
19
20/* IEEE Std 802.1X-2004, Ch. 8.2 */
21
22typedef enum { ForceUnauthorized = 1, ForceAuthorized = 3, Auto = 2 }
23 PortTypes;
24typedef enum { Unauthorized = 2, Authorized = 1 } PortState;
25typedef enum { Both = 0, In = 1 } ControlledDirection;
26typedef unsigned int Counter;
27
28struct eap_sm;
29
30struct radius_attr_data {
31 u8 *data;
32 size_t len;
33};
34
35struct radius_class_data {
36 struct radius_attr_data *attr;
37 size_t count;
38};
39
40struct eapol_state_machine {
41 /* timers */
42 int aWhile;
43 int quietWhile;
44 int reAuthWhen;
45
46 /* global variables */
47 Boolean authAbort;
48 Boolean authFail;
49 PortState authPortStatus;
50 Boolean authStart;
51 Boolean authTimeout;
52 Boolean authSuccess;
53 Boolean eapFail;
54 Boolean eapolEap;
55 Boolean eapSuccess;
56 Boolean eapTimeout;
57 Boolean initialize;
58 Boolean keyAvailable;
59 Boolean keyDone;
60 Boolean keyRun;
61 Boolean keyTxEnabled;
62 PortTypes portControl;
63 Boolean portEnabled;
64 Boolean portValid;
65 Boolean reAuthenticate;
66
67 /* Port Timers state machine */
68 /* 'Boolean tick' implicitly handled as registered timeout */
69
70 /* Authenticator PAE state machine */
71 enum { AUTH_PAE_INITIALIZE, AUTH_PAE_DISCONNECTED, AUTH_PAE_CONNECTING,
72 AUTH_PAE_AUTHENTICATING, AUTH_PAE_AUTHENTICATED,
73 AUTH_PAE_ABORTING, AUTH_PAE_HELD, AUTH_PAE_FORCE_AUTH,
74 AUTH_PAE_FORCE_UNAUTH, AUTH_PAE_RESTART } auth_pae_state;
75 /* variables */
76 Boolean eapolLogoff;
77 Boolean eapolStart;
78 Boolean eapRestart;
79 PortTypes portMode;
80 unsigned int reAuthCount;
81 /* constants */
82 unsigned int quietPeriod; /* default 60; 0..65535 */
83#define AUTH_PAE_DEFAULT_quietPeriod 60
84 unsigned int reAuthMax; /* default 2 */
85#define AUTH_PAE_DEFAULT_reAuthMax 2
86 /* counters */
87 Counter authEntersConnecting;
88 Counter authEapLogoffsWhileConnecting;
89 Counter authEntersAuthenticating;
90 Counter authAuthSuccessesWhileAuthenticating;
91 Counter authAuthTimeoutsWhileAuthenticating;
92 Counter authAuthFailWhileAuthenticating;
93 Counter authAuthEapStartsWhileAuthenticating;
94 Counter authAuthEapLogoffWhileAuthenticating;
95 Counter authAuthReauthsWhileAuthenticated;
96 Counter authAuthEapStartsWhileAuthenticated;
97 Counter authAuthEapLogoffWhileAuthenticated;
98
99 /* Backend Authentication state machine */
100 enum { BE_AUTH_REQUEST, BE_AUTH_RESPONSE, BE_AUTH_SUCCESS,
101 BE_AUTH_FAIL, BE_AUTH_TIMEOUT, BE_AUTH_IDLE, BE_AUTH_INITIALIZE,
102 BE_AUTH_IGNORE
103 } be_auth_state;
104 /* variables */
105 Boolean eapNoReq;
106 Boolean eapReq;
107 Boolean eapResp;
108 /* constants */
109 unsigned int serverTimeout; /* default 30; 1..X */
110#define BE_AUTH_DEFAULT_serverTimeout 30
111 /* counters */
112 Counter backendResponses;
113 Counter backendAccessChallenges;
114 Counter backendOtherRequestsToSupplicant;
115 Counter backendAuthSuccesses;
116 Counter backendAuthFails;
117
118 /* Reauthentication Timer state machine */
119 enum { REAUTH_TIMER_INITIALIZE, REAUTH_TIMER_REAUTHENTICATE
120 } reauth_timer_state;
121 /* constants */
122 unsigned int reAuthPeriod; /* default 3600 s */
123 Boolean reAuthEnabled;
124
125 /* Authenticator Key Transmit state machine */
126 enum { AUTH_KEY_TX_NO_KEY_TRANSMIT, AUTH_KEY_TX_KEY_TRANSMIT
127 } auth_key_tx_state;
128
129 /* Key Receive state machine */
130 enum { KEY_RX_NO_KEY_RECEIVE, KEY_RX_KEY_RECEIVE } key_rx_state;
131 /* variables */
132 Boolean rxKey;
133
134 /* Controlled Directions state machine */
135 enum { CTRL_DIR_FORCE_BOTH, CTRL_DIR_IN_OR_BOTH } ctrl_dir_state;
136 /* variables */
137 ControlledDirection adminControlledDirections;
138 ControlledDirection operControlledDirections;
139 Boolean operEdge;
140
141 /* Authenticator Statistics Table */
142 Counter dot1xAuthEapolFramesRx;
143 Counter dot1xAuthEapolFramesTx;
144 Counter dot1xAuthEapolStartFramesRx;
145 Counter dot1xAuthEapolLogoffFramesRx;
146 Counter dot1xAuthEapolRespIdFramesRx;
147 Counter dot1xAuthEapolRespFramesRx;
148 Counter dot1xAuthEapolReqIdFramesTx;
149 Counter dot1xAuthEapolReqFramesTx;
150 Counter dot1xAuthInvalidEapolFramesRx;
151 Counter dot1xAuthEapLengthErrorFramesRx;
152 Counter dot1xAuthLastEapolFrameVersion;
153
154 /* Other variables - not defined in IEEE 802.1X */
155 u8 addr[ETH_ALEN]; /* Supplicant address */
156#define EAPOL_SM_PREAUTH BIT(0)
157 int flags; /* EAPOL_SM_* */
158
159 int radius_identifier;
160 /* TODO: check when the last messages can be released */
161 struct radius_msg *last_recv_radius;
162 u8 *last_eap_supp; /* last received EAP Response from Supplicant */
163 size_t last_eap_supp_len;
164 u8 *last_eap_radius; /* last received EAP Response from Authentication
165 * Server */
166 size_t last_eap_radius_len;
167 u8 *identity;
168 size_t identity_len;
169 u8 eap_type_authsrv; /* EAP type of the last EAP packet from
170 * Authentication server */
171 u8 eap_type_supp; /* EAP type of the last EAP packet from Supplicant */
172 struct radius_class_data radius_class;
173
174 /* Keys for encrypting and signing EAPOL-Key frames */
175 u8 *eapol_key_sign;
176 size_t eapol_key_sign_len;
177 u8 *eapol_key_crypt;
178 size_t eapol_key_crypt_len;
179
180 Boolean rx_identity; /* set to TRUE on reception of
181 * EAP-Response/Identity */
182
183 struct eap_sm *eap;
184
185 /* currentId was removed in IEEE 802.1X-REV, but it is needed to filter
186 * out EAP-Responses to old packets (e.g., to two EAP-Request/Identity
187 * packets that are often sent in the beginning of the authentication).
188 */
189 u8 currentId;
190
191 Boolean initializing; /* in process of initializing state machines */
192 Boolean changed;
193
194 /* Somewhat nasty pointers to global hostapd and STA data to avoid
195 * passing these to every function */
196 struct hostapd_data *hapd;
197 struct sta_info *sta;
198};
199
200
201struct eapol_state_machine *eapol_sm_alloc(struct hostapd_data *hapd,
202 struct sta_info *sta);
203void eapol_sm_free(struct eapol_state_machine *sm);
204void eapol_sm_step(struct eapol_state_machine *sm);
205void eapol_sm_initialize(struct eapol_state_machine *sm);
206void eapol_sm_dump_state(FILE *f, const char *prefix,
207 struct eapol_state_machine *sm);
208int eapol_sm_eap_pending_cb(struct eapol_state_machine *sm, void *ctx);
209
210#endif /* EAPOL_SM_H */