]>
Commit | Line | Data |
---|---|---|
6fc6879b JM |
1 | /* |
2 | * EAPOL supplicant state machines | |
3 | * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi> | |
4 | * | |
5 | * This program is free software; you can redistribute it and/or modify | |
6 | * it under the terms of the GNU General Public License version 2 as | |
7 | * published by the Free Software Foundation. | |
8 | * | |
9 | * Alternatively, this software may be distributed under the terms of BSD | |
10 | * license. | |
11 | * | |
12 | * See README and COPYING for more details. | |
13 | */ | |
14 | ||
15 | #ifndef EAPOL_SUPP_SM_H | |
16 | #define EAPOL_SUPP_SM_H | |
17 | ||
90973fb2 | 18 | #include "common/defs.h" |
6fc6879b JM |
19 | |
20 | typedef enum { Unauthorized, Authorized } PortStatus; | |
21 | typedef enum { Auto, ForceUnauthorized, ForceAuthorized } PortControl; | |
22 | ||
23 | /** | |
24 | * struct eapol_config - Per network configuration for EAPOL state machines | |
25 | */ | |
26 | struct eapol_config { | |
27 | /** | |
28 | * accept_802_1x_keys - Accept IEEE 802.1X (non-WPA) EAPOL-Key frames | |
29 | * | |
30 | * This variable should be set to 1 when using EAPOL state machines | |
31 | * with non-WPA security policy to generate dynamic WEP keys. When | |
32 | * using WPA, this should be set to 0 so that WPA state machine can | |
33 | * process the EAPOL-Key frames. | |
34 | */ | |
35 | int accept_802_1x_keys; | |
36 | ||
37 | #define EAPOL_REQUIRE_KEY_UNICAST BIT(0) | |
38 | #define EAPOL_REQUIRE_KEY_BROADCAST BIT(1) | |
39 | /** | |
40 | * required_keys - Which EAPOL-Key packets are required | |
41 | * | |
42 | * This variable determines which EAPOL-Key packets are required before | |
43 | * marking connection authenticated. This is a bit field of | |
44 | * EAPOL_REQUIRE_KEY_UNICAST and EAPOL_REQUIRE_KEY_BROADCAST flags. | |
45 | */ | |
46 | int required_keys; | |
47 | ||
48 | /** | |
49 | * fast_reauth - Whether fast EAP reauthentication is enabled | |
50 | */ | |
51 | int fast_reauth; | |
52 | ||
53 | /** | |
54 | * workaround - Whether EAP workarounds are enabled | |
55 | */ | |
56 | unsigned int workaround; | |
57 | ||
58 | /** | |
59 | * eap_disabled - Whether EAP is disabled | |
60 | */ | |
61 | int eap_disabled; | |
62 | }; | |
63 | ||
64 | struct eapol_sm; | |
65 | struct wpa_config_blob; | |
66 | ||
67 | /** | |
68 | * struct eapol_ctx - Global (for all networks) EAPOL state machine context | |
69 | */ | |
70 | struct eapol_ctx { | |
71 | /** | |
72 | * ctx - Pointer to arbitrary upper level context | |
73 | */ | |
74 | void *ctx; | |
75 | ||
76 | /** | |
77 | * preauth - IEEE 802.11i/RSN pre-authentication | |
78 | * | |
79 | * This EAPOL state machine is used for IEEE 802.11i/RSN | |
80 | * pre-authentication | |
81 | */ | |
82 | int preauth; | |
83 | ||
84 | /** | |
85 | * cb - Function to be called when EAPOL negotiation has been completed | |
86 | * @eapol: Pointer to EAPOL state machine data | |
87 | * @success: Whether the authentication was completed successfully | |
88 | * @ctx: Pointer to context data (cb_ctx) | |
89 | * | |
90 | * This optional callback function will be called when the EAPOL | |
91 | * authentication has been completed. This allows the owner of the | |
92 | * EAPOL state machine to process the key and terminate the EAPOL state | |
93 | * machine. Currently, this is used only in RSN pre-authentication. | |
94 | */ | |
95 | void (*cb)(struct eapol_sm *eapol, int success, void *ctx); | |
96 | ||
97 | /** | |
98 | * cb_ctx - Callback context for cb() | |
99 | */ | |
100 | void *cb_ctx; | |
101 | ||
102 | /** | |
103 | * msg_ctx - Callback context for wpa_msg() calls | |
104 | */ | |
105 | void *msg_ctx; | |
106 | ||
107 | /** | |
108 | * scard_ctx - Callback context for PC/SC scard_*() function calls | |
109 | * | |
110 | * This context can be updated with eapol_sm_register_scard_ctx(). | |
111 | */ | |
112 | void *scard_ctx; | |
113 | ||
114 | /** | |
115 | * eapol_send_ctx - Callback context for eapol_send() calls | |
116 | */ | |
117 | void *eapol_send_ctx; | |
118 | ||
119 | /** | |
120 | * eapol_done_cb - Function to be called at successful completion | |
121 | * @ctx: Callback context (ctx) | |
122 | * | |
123 | * This function is called at the successful completion of EAPOL | |
124 | * authentication. If dynamic WEP keys are used, this is called only | |
125 | * after all the expected keys have been received. | |
126 | */ | |
127 | void (*eapol_done_cb)(void *ctx); | |
128 | ||
129 | /** | |
130 | * eapol_send - Send EAPOL packets | |
131 | * @ctx: Callback context (eapol_send_ctx) | |
132 | * @type: EAPOL type (IEEE802_1X_TYPE_*) | |
133 | * @buf: Pointer to EAPOL payload | |
134 | * @len: Length of the EAPOL payload | |
135 | * Returns: 0 on success, -1 on failure | |
136 | */ | |
137 | int (*eapol_send)(void *ctx, int type, const u8 *buf, size_t len); | |
138 | ||
139 | /** | |
140 | * set_wep_key - Configure WEP keys | |
141 | * @ctx: Callback context (ctx) | |
142 | * @unicast: Non-zero = unicast, 0 = multicast/broadcast key | |
143 | * @keyidx: Key index (0..3) | |
144 | * @key: WEP key | |
145 | * @keylen: Length of the WEP key | |
146 | * Returns: 0 on success, -1 on failure | |
147 | */ | |
148 | int (*set_wep_key)(void *ctx, int unicast, int keyidx, | |
149 | const u8 *key, size_t keylen); | |
150 | ||
151 | /** | |
152 | * set_config_blob - Set or add a named configuration blob | |
153 | * @ctx: Callback context (ctx) | |
154 | * @blob: New value for the blob | |
155 | * | |
156 | * Adds a new configuration blob or replaces the current value of an | |
157 | * existing blob. | |
158 | */ | |
159 | void (*set_config_blob)(void *ctx, struct wpa_config_blob *blob); | |
160 | ||
161 | /** | |
162 | * get_config_blob - Get a named configuration blob | |
163 | * @ctx: Callback context (ctx) | |
164 | * @name: Name of the blob | |
165 | * Returns: Pointer to blob data or %NULL if not found | |
166 | */ | |
167 | const struct wpa_config_blob * (*get_config_blob)(void *ctx, | |
168 | const char *name); | |
169 | ||
170 | /** | |
171 | * aborted_cached - Notify that cached PMK attempt was aborted | |
172 | * @ctx: Callback context (ctx) | |
173 | */ | |
174 | void (*aborted_cached)(void *ctx); | |
175 | ||
176 | #ifdef EAP_TLS_OPENSSL | |
177 | /** | |
178 | * opensc_engine_path - Path to the OpenSSL engine for opensc | |
179 | * | |
180 | * This is an OpenSSL specific configuration option for loading OpenSC | |
181 | * engine (engine_opensc.so); if %NULL, this engine is not loaded. | |
182 | */ | |
183 | const char *opensc_engine_path; | |
184 | ||
185 | /** | |
186 | * pkcs11_engine_path - Path to the OpenSSL engine for PKCS#11 | |
187 | * | |
188 | * This is an OpenSSL specific configuration option for loading PKCS#11 | |
189 | * engine (engine_pkcs11.so); if %NULL, this engine is not loaded. | |
190 | */ | |
191 | const char *pkcs11_engine_path; | |
192 | ||
193 | /** | |
194 | * pkcs11_module_path - Path to the OpenSSL OpenSC/PKCS#11 module | |
195 | * | |
196 | * This is an OpenSSL specific configuration option for configuring | |
197 | * path to OpenSC/PKCS#11 engine (opensc-pkcs11.so); if %NULL, this | |
198 | * module is not loaded. | |
199 | */ | |
200 | const char *pkcs11_module_path; | |
201 | #endif /* EAP_TLS_OPENSSL */ | |
f855f923 | 202 | |
ad08c363 | 203 | /** |
116654ce | 204 | * wps - WPS context data |
ad08c363 | 205 | * |
116654ce | 206 | * This is only used by EAP-WSC and can be left %NULL if not available. |
ad08c363 | 207 | */ |
116654ce | 208 | struct wps_context *wps; |
6fc6879b JM |
209 | |
210 | /** | |
211 | * eap_param_needed - Notify that EAP parameter is needed | |
212 | * @ctx: Callback context (ctx) | |
213 | * @field: Field name (e.g., "IDENTITY") | |
214 | * @txt: User readable text describing the required parameter | |
215 | */ | |
216 | void (*eap_param_needed)(void *ctx, const char *field, | |
217 | const char *txt); | |
4bc181ec JM |
218 | |
219 | /** | |
220 | * port_cb - Set port authorized/unauthorized callback (optional) | |
221 | * @ctx: Callback context (ctx) | |
222 | * @authorized: Whether the supplicant port is now in authorized state | |
223 | */ | |
224 | void (*port_cb)(void *ctx, int authorized); | |
6fc6879b JM |
225 | }; |
226 | ||
227 | ||
228 | struct eap_peer_config; | |
229 | ||
230 | #ifdef IEEE8021X_EAPOL | |
231 | struct eapol_sm *eapol_sm_init(struct eapol_ctx *ctx); | |
232 | void eapol_sm_deinit(struct eapol_sm *sm); | |
233 | void eapol_sm_step(struct eapol_sm *sm); | |
234 | int eapol_sm_get_status(struct eapol_sm *sm, char *buf, size_t buflen, | |
235 | int verbose); | |
236 | int eapol_sm_get_mib(struct eapol_sm *sm, char *buf, size_t buflen); | |
237 | void eapol_sm_configure(struct eapol_sm *sm, int heldPeriod, int authPeriod, | |
238 | int startPeriod, int maxStart); | |
239 | int eapol_sm_rx_eapol(struct eapol_sm *sm, const u8 *src, const u8 *buf, | |
240 | size_t len); | |
241 | void eapol_sm_notify_tx_eapol_key(struct eapol_sm *sm); | |
242 | void eapol_sm_notify_portEnabled(struct eapol_sm *sm, Boolean enabled); | |
243 | void eapol_sm_notify_portValid(struct eapol_sm *sm, Boolean valid); | |
244 | void eapol_sm_notify_eap_success(struct eapol_sm *sm, Boolean success); | |
245 | void eapol_sm_notify_eap_fail(struct eapol_sm *sm, Boolean fail); | |
246 | void eapol_sm_notify_config(struct eapol_sm *sm, | |
247 | struct eap_peer_config *config, | |
248 | const struct eapol_config *conf); | |
249 | int eapol_sm_get_key(struct eapol_sm *sm, u8 *key, size_t len); | |
250 | void eapol_sm_notify_logoff(struct eapol_sm *sm, Boolean logoff); | |
251 | void eapol_sm_notify_cached(struct eapol_sm *sm); | |
252 | void eapol_sm_notify_pmkid_attempt(struct eapol_sm *sm, int attempt); | |
253 | void eapol_sm_register_scard_ctx(struct eapol_sm *sm, void *ctx); | |
254 | void eapol_sm_notify_portControl(struct eapol_sm *sm, PortControl portControl); | |
255 | void eapol_sm_notify_ctrl_attached(struct eapol_sm *sm); | |
256 | void eapol_sm_notify_ctrl_response(struct eapol_sm *sm); | |
257 | void eapol_sm_request_reauth(struct eapol_sm *sm); | |
258 | void eapol_sm_notify_lower_layer_success(struct eapol_sm *sm, int in_eapol_sm); | |
259 | void eapol_sm_invalidate_cached_session(struct eapol_sm *sm); | |
260 | #else /* IEEE8021X_EAPOL */ | |
261 | static inline struct eapol_sm *eapol_sm_init(struct eapol_ctx *ctx) | |
262 | { | |
263 | free(ctx); | |
264 | return (struct eapol_sm *) 1; | |
265 | } | |
266 | static inline void eapol_sm_deinit(struct eapol_sm *sm) | |
267 | { | |
268 | } | |
269 | static inline void eapol_sm_step(struct eapol_sm *sm) | |
270 | { | |
271 | } | |
272 | static inline int eapol_sm_get_status(struct eapol_sm *sm, char *buf, | |
273 | size_t buflen, int verbose) | |
274 | { | |
275 | return 0; | |
276 | } | |
277 | static inline int eapol_sm_get_mib(struct eapol_sm *sm, char *buf, | |
278 | size_t buflen) | |
279 | { | |
280 | return 0; | |
281 | } | |
282 | static inline void eapol_sm_configure(struct eapol_sm *sm, int heldPeriod, | |
283 | int authPeriod, int startPeriod, | |
284 | int maxStart) | |
285 | { | |
286 | } | |
287 | static inline int eapol_sm_rx_eapol(struct eapol_sm *sm, const u8 *src, | |
288 | const u8 *buf, size_t len) | |
289 | { | |
290 | return 0; | |
291 | } | |
292 | static inline void eapol_sm_notify_tx_eapol_key(struct eapol_sm *sm) | |
293 | { | |
294 | } | |
295 | static inline void eapol_sm_notify_portEnabled(struct eapol_sm *sm, | |
296 | Boolean enabled) | |
297 | { | |
298 | } | |
299 | static inline void eapol_sm_notify_portValid(struct eapol_sm *sm, | |
300 | Boolean valid) | |
301 | { | |
302 | } | |
303 | static inline void eapol_sm_notify_eap_success(struct eapol_sm *sm, | |
304 | Boolean success) | |
305 | { | |
306 | } | |
307 | static inline void eapol_sm_notify_eap_fail(struct eapol_sm *sm, Boolean fail) | |
308 | { | |
309 | } | |
310 | static inline void eapol_sm_notify_config(struct eapol_sm *sm, | |
311 | struct eap_peer_config *config, | |
312 | struct eapol_config *conf) | |
313 | { | |
314 | } | |
315 | static inline int eapol_sm_get_key(struct eapol_sm *sm, u8 *key, size_t len) | |
316 | { | |
317 | return -1; | |
318 | } | |
319 | static inline void eapol_sm_notify_logoff(struct eapol_sm *sm, Boolean logoff) | |
320 | { | |
321 | } | |
322 | static inline void eapol_sm_notify_cached(struct eapol_sm *sm) | |
323 | { | |
324 | } | |
325 | #define eapol_sm_notify_pmkid_attempt(sm, attempt) do { } while (0) | |
326 | #define eapol_sm_register_scard_ctx(sm, ctx) do { } while (0) | |
327 | static inline void eapol_sm_notify_portControl(struct eapol_sm *sm, | |
328 | PortControl portControl) | |
329 | { | |
330 | } | |
331 | static inline void eapol_sm_notify_ctrl_attached(struct eapol_sm *sm) | |
332 | { | |
333 | } | |
334 | static inline void eapol_sm_notify_ctrl_response(struct eapol_sm *sm) | |
335 | { | |
336 | } | |
337 | static inline void eapol_sm_request_reauth(struct eapol_sm *sm) | |
338 | { | |
339 | } | |
340 | static inline void eapol_sm_notify_lower_layer_success(struct eapol_sm *sm, | |
341 | int in_eapol_sm) | |
342 | { | |
343 | } | |
344 | static inline void eapol_sm_invalidate_cached_session(struct eapol_sm *sm) | |
345 | { | |
346 | } | |
347 | #endif /* IEEE8021X_EAPOL */ | |
348 | ||
349 | #endif /* EAPOL_SUPP_SM_H */ |