2 * EAP peer state machine functions (RFC 4137)
3 * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
18 #include "common/defs.h"
19 #include "eap_common/eap_defs.h"
20 #include "eap_peer/eap_methods.h"
27 struct wpa_config_blob;
30 struct eap_method_type {
35 #ifdef IEEE8021X_EAPOL
38 * enum eapol_bool_var - EAPOL boolean state variables for EAP state machine
40 * These variables are used in the interface between EAP peer state machine and
41 * lower layer. These are defined in RFC 4137, Sect. 4.1. Lower layer code is
42 * expected to maintain these variables and register a callback functions for
43 * EAP state machine to get and set the variables.
47 * EAPOL_eapSuccess - EAP SUCCESS state reached
49 * EAP state machine reads and writes this value.
54 * EAPOL_eapRestart - Lower layer request to restart authentication
56 * Set to TRUE in lower layer, FALSE in EAP state machine.
61 * EAPOL_eapFail - EAP FAILURE state reached
63 * EAP state machine writes this value.
68 * EAPOL_eapResp - Response to send
70 * Set to TRUE in EAP state machine, FALSE in lower layer.
75 * EAPOL_eapNoResp - Request has been process; no response to send
77 * Set to TRUE in EAP state machine, FALSE in lower layer.
82 * EAPOL_eapReq - EAP request available from lower layer
84 * Set to TRUE in lower layer, FALSE in EAP state machine.
89 * EAPOL_portEnabled - Lower layer is ready for communication
91 * EAP state machines reads this value.
96 * EAPOL_altAccept - Alternate indication of success (RFC3748)
98 * EAP state machines reads this value.
103 * EAPOL_altReject - Alternate indication of failure (RFC3748)
105 * EAP state machines reads this value.
111 * enum eapol_int_var - EAPOL integer state variables for EAP state machine
113 * These variables are used in the interface between EAP peer state machine and
114 * lower layer. These are defined in RFC 4137, Sect. 4.1. Lower layer code is
115 * expected to maintain these variables and register a callback functions for
116 * EAP state machine to get and set the variables.
120 * EAPOL_idleWhile - Outside time for EAP peer timeout
122 * This integer variable is used to provide an outside timer that the
123 * external (to EAP state machine) code must decrement by one every
124 * second until the value reaches zero. This is used in the same way as
125 * EAPOL state machine timers. EAP state machine reads and writes this
132 * struct eapol_callbacks - Callback functions from EAP to lower layer
134 * This structure defines the callback functions that EAP state machine
135 * requires from the lower layer (usually EAPOL state machine) for updating
136 * state variables and requesting information. eapol_ctx from
137 * eap_peer_sm_init() call will be used as the ctx parameter for these
138 * callback functions.
140 struct eapol_callbacks {
142 * get_config - Get pointer to the current network configuration
143 * @ctx: eapol_ctx from eap_peer_sm_init() call
145 struct eap_peer_config * (*get_config)(void *ctx);
148 * get_bool - Get a boolean EAPOL state variable
149 * @variable: EAPOL boolean variable to get
150 * Returns: Value of the EAPOL variable
152 Boolean (*get_bool)(void *ctx, enum eapol_bool_var variable);
155 * set_bool - Set a boolean EAPOL state variable
156 * @ctx: eapol_ctx from eap_peer_sm_init() call
157 * @variable: EAPOL boolean variable to set
158 * @value: Value for the EAPOL variable
160 void (*set_bool)(void *ctx, enum eapol_bool_var variable,
164 * get_int - Get an integer EAPOL state variable
165 * @ctx: eapol_ctx from eap_peer_sm_init() call
166 * @variable: EAPOL integer variable to get
167 * Returns: Value of the EAPOL variable
169 unsigned int (*get_int)(void *ctx, enum eapol_int_var variable);
172 * set_int - Set an integer EAPOL state variable
173 * @ctx: eapol_ctx from eap_peer_sm_init() call
174 * @variable: EAPOL integer variable to set
175 * @value: Value for the EAPOL variable
177 void (*set_int)(void *ctx, enum eapol_int_var variable,
181 * get_eapReqData - Get EAP-Request data
182 * @ctx: eapol_ctx from eap_peer_sm_init() call
183 * @len: Pointer to variable that will be set to eapReqDataLen
184 * Returns: Reference to eapReqData (EAP state machine will not free
185 * this) or %NULL if eapReqData not available.
187 struct wpabuf * (*get_eapReqData)(void *ctx);
190 * set_config_blob - Set named configuration blob
191 * @ctx: eapol_ctx from eap_peer_sm_init() call
192 * @blob: New value for the blob
194 * Adds a new configuration blob or replaces the current value of an
197 void (*set_config_blob)(void *ctx, struct wpa_config_blob *blob);
200 * get_config_blob - Get a named configuration blob
201 * @ctx: eapol_ctx from eap_peer_sm_init() call
202 * @name: Name of the blob
203 * Returns: Pointer to blob data or %NULL if not found
205 const struct wpa_config_blob * (*get_config_blob)(void *ctx,
209 * notify_pending - Notify that a pending request can be retried
210 * @ctx: eapol_ctx from eap_peer_sm_init() call
212 * An EAP method can perform a pending operation (e.g., to get a
213 * response from an external process). Once the response is available,
214 * this callback function can be used to request EAPOL state machine to
215 * retry delivering the previously received (and still unanswered) EAP
216 * request to EAP state machine.
218 void (*notify_pending)(void *ctx);
221 * eap_param_needed - Notify that EAP parameter is needed
222 * @ctx: eapol_ctx from eap_peer_sm_init() call
223 * @field: Field name (e.g., "IDENTITY")
224 * @txt: User readable text describing the required parameter
226 void (*eap_param_needed)(void *ctx, const char *field,
231 * struct eap_config - Configuration for EAP state machine
235 * opensc_engine_path - OpenSC engine for OpenSSL engine support
237 * Usually, path to engine_opensc.so.
239 const char *opensc_engine_path;
241 * pkcs11_engine_path - PKCS#11 engine for OpenSSL engine support
243 * Usually, path to engine_pkcs11.so.
245 const char *pkcs11_engine_path;
247 * pkcs11_module_path - OpenSC PKCS#11 module for OpenSSL engine
249 * Usually, path to opensc-pkcs11.so.
251 const char *pkcs11_module_path;
253 * wps - WPS context data
255 * This is only used by EAP-WSC and can be left %NULL if not available.
257 struct wps_context *wps;
260 struct eap_sm * eap_peer_sm_init(void *eapol_ctx,
261 struct eapol_callbacks *eapol_cb,
262 void *msg_ctx, struct eap_config *conf);
263 void eap_peer_sm_deinit(struct eap_sm *sm);
264 int eap_peer_sm_step(struct eap_sm *sm);
265 void eap_sm_abort(struct eap_sm *sm);
266 int eap_sm_get_status(struct eap_sm *sm, char *buf, size_t buflen,
268 struct wpabuf * eap_sm_buildIdentity(struct eap_sm *sm, int id, int encrypted);
269 void eap_sm_request_identity(struct eap_sm *sm);
270 void eap_sm_request_password(struct eap_sm *sm);
271 void eap_sm_request_new_password(struct eap_sm *sm);
272 void eap_sm_request_pin(struct eap_sm *sm);
273 void eap_sm_request_otp(struct eap_sm *sm, const char *msg, size_t msg_len);
274 void eap_sm_request_passphrase(struct eap_sm *sm);
275 void eap_sm_notify_ctrl_attached(struct eap_sm *sm);
276 u32 eap_get_phase2_type(const char *name, int *vendor);
277 struct eap_method_type * eap_get_phase2_types(struct eap_peer_config *config,
279 void eap_set_fast_reauth(struct eap_sm *sm, int enabled);
280 void eap_set_workaround(struct eap_sm *sm, unsigned int workaround);
281 void eap_set_force_disabled(struct eap_sm *sm, int disabled);
282 int eap_key_available(struct eap_sm *sm);
283 void eap_notify_success(struct eap_sm *sm);
284 void eap_notify_lower_layer_success(struct eap_sm *sm);
285 const u8 * eap_get_eapKeyData(struct eap_sm *sm, size_t *len);
286 struct wpabuf * eap_get_eapRespData(struct eap_sm *sm);
287 void eap_register_scard_ctx(struct eap_sm *sm, void *ctx);
288 void eap_invalidate_cached_session(struct eap_sm *sm);
290 int eap_is_wps_pbc_enrollee(struct eap_peer_config *conf);
291 int eap_is_wps_pin_enrollee(struct eap_peer_config *conf);
293 #endif /* IEEE8021X_EAPOL */