2 * hostapd / EAP Full Authenticator state machine (RFC 4137)
3 * Copyright (c) 2004-2014, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
12 #include "common/defs.h"
13 #include "utils/list.h"
14 #include "eap_common/eap_defs.h"
15 #include "eap_server/eap_methods.h"
20 #define EAP_TTLS_AUTH_PAP 1
21 #define EAP_TTLS_AUTH_CHAP 2
22 #define EAP_TTLS_AUTH_MSCHAP 4
23 #define EAP_TTLS_AUTH_MSCHAPV2 8
29 } methods[EAP_MAX_METHODS];
32 int password_hash; /* whether password is hashed with
33 * nt_password_hash() */
36 unsigned int remediation:1;
37 unsigned int macacl:1;
38 int ttls_auth; /* bitfield of
39 * EAP_TTLS_AUTH_{PAP,CHAP,MSCHAP,MSCHAPV2} */
40 struct hostapd_radius_attr *accept_attr;
43 struct eap_eapol_interface {
44 /* Lower layer to full authenticator variables */
45 Boolean eapResp; /* shared with EAPOL Backend Authentication */
46 struct wpabuf *eapRespData;
49 Boolean eapRestart; /* shared with EAPOL Authenticator PAE */
53 /* Full authenticator to lower layer variables */
54 Boolean eapReq; /* shared with EAPOL Backend Authentication */
55 Boolean eapNoReq; /* shared with EAPOL Backend Authentication */
59 struct wpabuf *eapReqData;
63 size_t eapSessionIdLen;
64 Boolean eapKeyAvailable; /* called keyAvailable in IEEE 802.1X-2004 */
66 /* AAA interface to full authenticator variables */
71 struct wpabuf *aaaEapReqData;
73 size_t aaaEapKeyDataLen;
74 Boolean aaaEapKeyAvailable;
77 /* Full authenticator to AAA interface variables */
79 struct wpabuf *aaaEapRespData;
80 /* aaaIdentity -> eap_get_identity() */
84 struct eap_server_erp_key {
88 u8 rRK[ERP_MAX_KEY_LEN];
89 u8 rIK[ERP_MAX_KEY_LEN];
95 struct eapol_callbacks {
96 int (*get_eap_user)(void *ctx, const u8 *identity, size_t identity_len,
97 int phase2, struct eap_user *user);
98 const char * (*get_eap_req_id_text)(void *ctx, size_t *len);
99 void (*log_msg)(void *ctx, const char *msg);
100 int (*get_erp_send_reauth_start)(void *ctx);
101 const char * (*get_erp_domain)(void *ctx);
102 struct eap_server_erp_key * (*erp_get_key)(void *ctx,
103 const char *keyname);
104 int (*erp_add_key)(void *ctx, struct eap_server_erp_key *erp);
110 void *eap_sim_db_priv;
111 Boolean backend_auth;
114 u8 *pac_opaque_encr_key;
116 size_t eap_fast_a_id_len;
117 char *eap_fast_a_id_info;
119 int pac_key_lifetime;
120 int pac_key_refresh_time;
121 int eap_sim_aka_result_ind;
123 struct wps_context *wps;
124 const struct wpabuf *assoc_wps_ie;
125 const struct wpabuf *assoc_p2p_ie;
132 size_t server_id_len;
134 unsigned int tls_session_lifetime;
136 #ifdef CONFIG_TESTING_OPTIONS
138 #endif /* CONFIG_TESTING_OPTIONS */
142 struct eap_sm * eap_server_sm_init(void *eapol_ctx,
143 const struct eapol_callbacks *eapol_cb,
144 struct eap_config *eap_conf);
145 void eap_server_sm_deinit(struct eap_sm *sm);
146 int eap_server_sm_step(struct eap_sm *sm);
147 void eap_sm_notify_cached(struct eap_sm *sm);
148 void eap_sm_pending_cb(struct eap_sm *sm);
149 int eap_sm_method_pending(struct eap_sm *sm);
150 const u8 * eap_get_identity(struct eap_sm *sm, size_t *len);
151 struct eap_eapol_interface * eap_get_interface(struct eap_sm *sm);
152 void eap_server_clear_identity(struct eap_sm *sm);
153 void eap_server_mschap_rx_callback(struct eap_sm *sm, const char *source,
154 const u8 *username, size_t username_len,
155 const u8 *challenge, const u8 *response);