2 * hostapd / EAP Authenticator state machine internal structures (RFC 4137)
3 * Copyright (c) 2004-2005, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
20 /* RFC 4137 - EAP Standalone Authenticator */
23 * struct eap_method - EAP method interface
24 * This structure defines the EAP method interface. Each method will need to
25 * register its own EAP type, EAP name, and set of function pointers for method
26 * specific operations. This interface is based on section 5.4 of RFC 4137.
33 void * (*init)(struct eap_sm *sm);
34 void * (*initPickUp)(struct eap_sm *sm);
35 void (*reset)(struct eap_sm *sm, void *priv);
37 u8 * (*buildReq)(struct eap_sm *sm, void *priv, int id,
39 int (*getTimeout)(struct eap_sm *sm, void *priv);
40 Boolean (*check)(struct eap_sm *sm, void *priv,
41 u8 *respData, size_t respDataLen);
42 void (*process)(struct eap_sm *sm, void *priv,
43 u8 *respData, size_t respDataLen);
44 Boolean (*isDone)(struct eap_sm *sm, void *priv);
45 u8 * (*getKey)(struct eap_sm *sm, void *priv, size_t *len);
46 /* isSuccess is not specified in draft-ietf-eap-statemachine-05.txt,
47 * but it is useful in implementing Policy.getDecision() */
48 Boolean (*isSuccess)(struct eap_sm *sm, void *priv);
51 * free - Free EAP method data
52 * @method: Pointer to the method data registered with
53 * eap_server_method_register().
55 * This function will be called when the EAP method is being
56 * unregistered. If the EAP method allocated resources during
57 * registration (e.g., allocated struct eap_method), they should be
58 * freed in this function. No other method functions will be called
59 * after this call. If this function is not defined (i.e., function
60 * pointer is %NULL), a default handler is used to release the method
61 * data with free(method). This is suitable for most cases.
63 void (*free)(struct eap_method *method);
65 #define EAP_SERVER_METHOD_INTERFACE_VERSION 1
67 * version - Version of the EAP server method interface
69 * The EAP server method implementation should set this variable to
70 * EAP_SERVER_METHOD_INTERFACE_VERSION. This is used to verify that the
71 * EAP method is using supported API version when using dynamically
72 * loadable EAP methods.
77 * next - Pointer to the next EAP method
79 * This variable is used internally in the EAP method registration code
80 * to create a linked list of registered EAP methods.
82 struct eap_method *next;
85 * get_emsk - Get EAP method specific keying extended material (EMSK)
86 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
87 * @priv: Pointer to private EAP method data from eap_method::init()
88 * @len: Pointer to a variable to store EMSK length
89 * Returns: EMSK or %NULL if not available
91 * This function can be used to get the extended keying material from
92 * the EAP method. The key may already be stored in the method-specific
93 * private data or this function may derive the key.
95 u8 * (*get_emsk)(struct eap_sm *sm, void *priv, size_t *len);
99 * struct eap_sm - EAP server state machine data
103 EAP_DISABLED, EAP_INITIALIZE, EAP_IDLE, EAP_RECEIVED,
104 EAP_INTEGRITY_CHECK, EAP_METHOD_RESPONSE, EAP_METHOD_REQUEST,
105 EAP_PROPOSE_METHOD, EAP_SELECT_ACTION, EAP_SEND_REQUEST,
106 EAP_DISCARD, EAP_NAK, EAP_RETRANSMIT, EAP_SUCCESS, EAP_FAILURE,
107 EAP_TIMEOUT_FAILURE, EAP_PICK_UP_METHOD
113 /* Lower layer to standalone authenticator variables */
114 /* eapResp: eapol_sm->be_auth.eapResp */
115 /* portEnabled: eapol_sm->portEnabled */
116 /* eapRestart: eapol_sm->auth_pae.eapRestart */
118 size_t eapRespDataLen;
123 /* Standalone authenticator to lower layer variables */
124 /* eapReq: eapol_sm->be_auth.eapReq */
125 /* eapNoReq: eapol_sm->be_auth.eapNoReq */
126 /* eapSuccess: eapol_sm->eapSuccess */
127 /* eapFail: eapol_sm->eapFail */
128 /* eapTimeout: eapol_sm->eapTimeout */
130 size_t eapReqDataLen;
131 u8 *eapKeyData; /* also eapKeyAvailable (boolean) */
132 size_t eapKeyDataLen;
134 /* Standalone authenticator state machine local variables */
136 /* Long-term (maintained betwen packets) */
137 EapType currentMethod;
140 METHOD_PROPOSED, METHOD_CONTINUE, METHOD_END
144 size_t lastReqDataLen;
147 /* Short-term (not maintained between packets) */
152 u32 respVendorMethod;
155 DECISION_SUCCESS, DECISION_FAILURE, DECISION_CONTINUE
158 /* Miscellaneous variables */
159 const struct eap_method *m; /* selected EAP method */
160 /* not defined in draft-ietf-eap-statemachine-02 */
162 void *eapol_ctx, *msg_ctx;
163 struct eapol_callbacks *eapol_cb;
164 void *eap_method_priv;
167 int lastId; /* Identifier used in the last EAP-Packet */
168 struct eap_user *user;
169 int user_eap_method_index;
172 enum { TLV_REQ_NONE, TLV_REQ_SUCCESS, TLV_REQ_FAILURE } tlv_request;
173 void *eap_sim_db_priv;
174 Boolean backend_auth;
179 METHOD_PENDING_NONE, METHOD_PENDING_WAIT, METHOD_PENDING_CONT
183 int eap_user_get(struct eap_sm *sm, const u8 *identity, size_t identity_len,
185 void eap_sm_process_nak(struct eap_sm *sm, u8 *nak_list, size_t len);
186 const u8 * eap_hdr_validate(int vendor, EapType eap_type,
187 const u8 *msg, size_t msglen, size_t *plen);
188 struct eap_hdr * eap_msg_alloc(int vendor, EapType type, size_t *len,
189 size_t payload_len, u8 code, u8 identifier,