eapol_sm.h

Go to the documentation of this file.
00001 
00016 #ifndef EAPOL_SM_H
00017 #define EAPOL_SM_H
00018 
00019 #include "defs.h"
00020 #include "radius/radius.h"
00021 
00022 /* IEEE Std 802.1X-2004, Ch. 8.2 */
00023 
00024 typedef enum { ForceUnauthorized = 1, ForceAuthorized = 3, Auto = 2 }
00025         PortTypes;
00026 typedef enum { Unauthorized = 2, Authorized = 1 } PortState;
00027 typedef enum { Both = 0, In = 1 } ControlledDirection;
00028 typedef unsigned int Counter;
00029 
00030 struct eap_sm;
00031 
00032 
00033 struct eapol_auth_config {
00034         int eap_reauth_period;
00035         int wpa;
00036         int individual_wep_key_len;
00037         int eap_server;
00038         void *ssl_ctx;
00039         void *eap_sim_db_priv;
00040         char *eap_req_id_text; /* a copy of this will be allocated */
00041         size_t eap_req_id_text_len;
00042         u8 *pac_opaque_encr_key;
00043         u8 *eap_fast_a_id;
00044         size_t eap_fast_a_id_len;
00045         char *eap_fast_a_id_info;
00046         int eap_fast_prov;
00047         int pac_key_lifetime;
00048         int pac_key_refresh_time;
00049         int eap_sim_aka_result_ind;
00050         int tnc;
00051         struct wps_context *wps;
00052 
00053         /*
00054          * Pointer to hostapd data. This is a temporary workaround for
00055          * transition phase and will be removed once IEEE 802.1X/EAPOL code is
00056          * separated more cleanly from rest of hostapd.
00057          */
00058         struct hostapd_data *hapd;
00059 };
00060 
00061 struct eap_user;
00062 
00063 typedef enum {
00064         EAPOL_LOGGER_DEBUG, EAPOL_LOGGER_INFO, EAPOL_LOGGER_WARNING
00065 } eapol_logger_level;
00066 
00067 struct eapol_auth_cb {
00068         void (*eapol_send)(void *ctx, void *sta_ctx, u8 type, const u8 *data,
00069                            size_t datalen);
00070         void (*aaa_send)(void *ctx, void *sta_ctx, const u8 *data,
00071                          size_t datalen);
00072         void (*finished)(void *ctx, void *sta_ctx, int success, int preauth);
00073         int (*get_eap_user)(void *ctx, const u8 *identity, size_t identity_len,
00074                             int phase2, struct eap_user *user);
00075         int (*sta_entry_alive)(void *ctx, const u8 *addr);
00076         void (*logger)(void *ctx, const u8 *addr, eapol_logger_level level,
00077                        const char *txt);
00078         void (*set_port_authorized)(void *ctx, void *sta_ctx, int authorized);
00079         void (*abort_auth)(void *ctx, void *sta_ctx);
00080         void (*tx_key)(void *ctx, void *sta_ctx);
00081 };
00082 
00087 struct eapol_authenticator {
00088         struct eapol_auth_config conf;
00089         struct eapol_auth_cb cb;
00090 
00091         u8 *default_wep_key;
00092         u8 default_wep_key_idx;
00093 };
00094 
00095 
00100 struct eapol_state_machine {
00101         /* timers */
00102         int aWhile;
00103         int quietWhile;
00104         int reAuthWhen;
00105 
00106         /* global variables */
00107         Boolean authAbort;
00108         Boolean authFail;
00109         PortState authPortStatus;
00110         Boolean authStart;
00111         Boolean authTimeout;
00112         Boolean authSuccess;
00113         Boolean eapolEap;
00114         Boolean initialize;
00115         Boolean keyDone;
00116         Boolean keyRun;
00117         Boolean keyTxEnabled;
00118         PortTypes portControl;
00119         Boolean portValid;
00120         Boolean reAuthenticate;
00121 
00122         /* Port Timers state machine */
00123         /* 'Boolean tick' implicitly handled as registered timeout */
00124 
00125         /* Authenticator PAE state machine */
00126         enum { AUTH_PAE_INITIALIZE, AUTH_PAE_DISCONNECTED, AUTH_PAE_CONNECTING,
00127                AUTH_PAE_AUTHENTICATING, AUTH_PAE_AUTHENTICATED,
00128                AUTH_PAE_ABORTING, AUTH_PAE_HELD, AUTH_PAE_FORCE_AUTH,
00129                AUTH_PAE_FORCE_UNAUTH, AUTH_PAE_RESTART } auth_pae_state;
00130         /* variables */
00131         Boolean eapolLogoff;
00132         Boolean eapolStart;
00133         PortTypes portMode;
00134         unsigned int reAuthCount;
00135         /* constants */
00136         unsigned int quietPeriod; /* default 60; 0..65535 */
00137 #define AUTH_PAE_DEFAULT_quietPeriod 60
00138         unsigned int reAuthMax; /* default 2 */
00139 #define AUTH_PAE_DEFAULT_reAuthMax 2
00140         /* counters */
00141         Counter authEntersConnecting;
00142         Counter authEapLogoffsWhileConnecting;
00143         Counter authEntersAuthenticating;
00144         Counter authAuthSuccessesWhileAuthenticating;
00145         Counter authAuthTimeoutsWhileAuthenticating;
00146         Counter authAuthFailWhileAuthenticating;
00147         Counter authAuthEapStartsWhileAuthenticating;
00148         Counter authAuthEapLogoffWhileAuthenticating;
00149         Counter authAuthReauthsWhileAuthenticated;
00150         Counter authAuthEapStartsWhileAuthenticated;
00151         Counter authAuthEapLogoffWhileAuthenticated;
00152 
00153         /* Backend Authentication state machine */
00154         enum { BE_AUTH_REQUEST, BE_AUTH_RESPONSE, BE_AUTH_SUCCESS,
00155                BE_AUTH_FAIL, BE_AUTH_TIMEOUT, BE_AUTH_IDLE, BE_AUTH_INITIALIZE,
00156                BE_AUTH_IGNORE
00157         } be_auth_state;
00158         /* constants */
00159         unsigned int serverTimeout; /* default 30; 1..X */
00160 #define BE_AUTH_DEFAULT_serverTimeout 30
00161         /* counters */
00162         Counter backendResponses;
00163         Counter backendAccessChallenges;
00164         Counter backendOtherRequestsToSupplicant;
00165         Counter backendAuthSuccesses;
00166         Counter backendAuthFails;
00167 
00168         /* Reauthentication Timer state machine */
00169         enum { REAUTH_TIMER_INITIALIZE, REAUTH_TIMER_REAUTHENTICATE
00170         } reauth_timer_state;
00171         /* constants */
00172         unsigned int reAuthPeriod; /* default 3600 s */
00173         Boolean reAuthEnabled;
00174 
00175         /* Authenticator Key Transmit state machine */
00176         enum { AUTH_KEY_TX_NO_KEY_TRANSMIT, AUTH_KEY_TX_KEY_TRANSMIT
00177         } auth_key_tx_state;
00178 
00179         /* Key Receive state machine */
00180         enum { KEY_RX_NO_KEY_RECEIVE, KEY_RX_KEY_RECEIVE } key_rx_state;
00181         /* variables */
00182         Boolean rxKey;
00183 
00184         /* Controlled Directions state machine */
00185         enum { CTRL_DIR_FORCE_BOTH, CTRL_DIR_IN_OR_BOTH } ctrl_dir_state;
00186         /* variables */
00187         ControlledDirection adminControlledDirections;
00188         ControlledDirection operControlledDirections;
00189         Boolean operEdge;
00190 
00191         /* Authenticator Statistics Table */
00192         Counter dot1xAuthEapolFramesRx;
00193         Counter dot1xAuthEapolFramesTx;
00194         Counter dot1xAuthEapolStartFramesRx;
00195         Counter dot1xAuthEapolLogoffFramesRx;
00196         Counter dot1xAuthEapolRespIdFramesRx;
00197         Counter dot1xAuthEapolRespFramesRx;
00198         Counter dot1xAuthEapolReqIdFramesTx;
00199         Counter dot1xAuthEapolReqFramesTx;
00200         Counter dot1xAuthInvalidEapolFramesRx;
00201         Counter dot1xAuthEapLengthErrorFramesRx;
00202         Counter dot1xAuthLastEapolFrameVersion;
00203 
00204         /* Other variables - not defined in IEEE 802.1X */
00205         u8 addr[ETH_ALEN]; /* Supplicant address */
00206 #define EAPOL_SM_PREAUTH BIT(0)
00207 #define EAPOL_SM_WAIT_START BIT(1)
00208         int flags; /* EAPOL_SM_* */
00209 
00210         /* EAPOL/AAA <-> EAP full authenticator interface */
00211         struct eap_eapol_interface *eap_if;
00212 
00213         int radius_identifier;
00214         /* TODO: check when the last messages can be released */
00215         struct radius_msg *last_recv_radius;
00216         u8 last_eap_id; /* last used EAP Identifier */
00217         u8 *identity;
00218         size_t identity_len;
00219         u8 eap_type_authsrv; /* EAP type of the last EAP packet from
00220                               * Authentication server */
00221         u8 eap_type_supp; /* EAP type of the last EAP packet from Supplicant */
00222         struct radius_class_data radius_class;
00223 
00224         /* Keys for encrypting and signing EAPOL-Key frames */
00225         u8 *eapol_key_sign;
00226         size_t eapol_key_sign_len;
00227         u8 *eapol_key_crypt;
00228         size_t eapol_key_crypt_len;
00229 
00230         struct eap_sm *eap;
00231 
00232         Boolean initializing; /* in process of initializing state machines */
00233         Boolean changed;
00234 
00235         struct eapol_authenticator *eapol;
00236 
00237         /* Somewhat nasty pointers to global hostapd and STA data to avoid
00238          * passing these to every function */
00239         struct hostapd_data *hapd;
00240         struct sta_info *sta;
00241 };
00242 
00243 
00244 struct eapol_authenticator * eapol_auth_init(struct eapol_auth_config *conf,
00245                                              struct eapol_auth_cb *cb);
00246 void eapol_auth_deinit(struct eapol_authenticator *eapol);
00247 struct eapol_state_machine *
00248 eapol_auth_alloc(struct eapol_authenticator *eapol, const u8 *addr,
00249                  int preauth, struct sta_info *sta);
00250 void eapol_auth_free(struct eapol_state_machine *sm);
00251 void eapol_auth_step(struct eapol_state_machine *sm);
00252 void eapol_auth_initialize(struct eapol_state_machine *sm);
00253 void eapol_auth_dump_state(FILE *f, const char *prefix,
00254                            struct eapol_state_machine *sm);
00255 int eapol_auth_eap_pending_cb(struct eapol_state_machine *sm, void *ctx);
00256 
00257 #endif /* EAPOL_SM_H */
00258
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Defines
Generated on Sat Nov 21 23:16:47 2009 for hostapd by  doxygen 1.6.1