aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2009-11-29 21:16:04 (GMT)
committerJouni Malinen <j@w1.fi>2009-11-29 21:16:04 (GMT)
commite0e14a7bc337b2827ea2ddd81b2a13fb06c8911f (patch)
tree65e748fe50a2a133e014fd3474c9f0601d42ea22
parent03da66bd59567c90dc3b3b0892c3346472a0b413 (diff)
downloadhostap-e0e14a7bc337b2827ea2ddd81b2a13fb06c8911f.zip
hostap-e0e14a7bc337b2827ea2ddd81b2a13fb06c8911f.tar.gz
hostap-e0e14a7bc337b2827ea2ddd81b2a13fb06c8911f.tar.bz2
Move internal EAPOL authenticator defines into their own file
This is an initial step in further cleaning up the EAPOL authenticator use to avoid requiring direct accesses to the internal data structures. For now, number of external files are still including the internal definitions from eapol_auth_sm_i.h, but eventually, these direct references should be removed.
-rw-r--r--hostapd/dump_state.c9
-rw-r--r--hostapd/hostapd.c1
-rw-r--r--hostapd/ieee802_1x.c1
-rw-r--r--hostapd/pmksa_cache.c1
-rw-r--r--hostapd/pmksa_cache.h2
-rw-r--r--hostapd/preauth.c1
-rw-r--r--hostapd/wps_hostapd.c1
-rw-r--r--src/eapol_auth/eapol_auth_dump.c1
-rw-r--r--src/eapol_auth/eapol_auth_sm.c8
-rw-r--r--src/eapol_auth/eapol_auth_sm.h174
-rw-r--r--src/eapol_auth/eapol_auth_sm_i.h183
11 files changed, 205 insertions, 177 deletions
diff --git a/hostapd/dump_state.c b/hostapd/dump_state.c
index f4ed075..fe57178 100644
--- a/hostapd/dump_state.c
+++ b/hostapd/dump_state.c
@@ -16,14 +16,15 @@
#include "includes.h"
#include "common.h"
-#include "hostapd.h"
-#include "config.h"
-#include "sta_flags.h"
-#include "sta_info.h"
#include "radius/radius_client.h"
#include "radius/radius_server.h"
#include "eapol_auth/eapol_auth_sm.h"
+#include "eapol_auth/eapol_auth_sm_i.h"
#include "eap_server/eap.h"
+#include "hostapd.h"
+#include "config.h"
+#include "sta_flags.h"
+#include "sta_info.h"
static void fprint_char(FILE *f, char c)
diff --git a/hostapd/hostapd.c b/hostapd/hostapd.c
index da873d0..19a6d4f 100644
--- a/hostapd/hostapd.c
+++ b/hostapd/hostapd.c
@@ -19,6 +19,7 @@
#include "crypto/tls.h"
#include "common/ieee802_11_defs.h"
#include "eapol_auth/eapol_auth_sm.h"
+#include "eapol_auth/eapol_auth_sm_i.h"
#include "radius/radius_client.h"
#include "radius/radius_server.h"
#include "eap_server/eap_sim_db.h"
diff --git a/hostapd/ieee802_1x.c b/hostapd/ieee802_1x.c
index 9336750..5a0f407 100644
--- a/hostapd/ieee802_1x.c
+++ b/hostapd/ieee802_1x.c
@@ -23,6 +23,7 @@
#include "radius/radius.h"
#include "radius/radius_client.h"
#include "eapol_auth/eapol_auth_sm.h"
+#include "eapol_auth/eapol_auth_sm_i.h"
#include "hostapd.h"
#include "ieee802_1x.h"
#include "accounting.h"
diff --git a/hostapd/pmksa_cache.c b/hostapd/pmksa_cache.c
index a2b964e..c731f97 100644
--- a/hostapd/pmksa_cache.c
+++ b/hostapd/pmksa_cache.c
@@ -20,6 +20,7 @@
#include "common.h"
#include "eloop.h"
#include "eapol_auth/eapol_auth_sm.h"
+#include "eapol_auth/eapol_auth_sm_i.h"
#include "pmksa_cache.h"
diff --git a/hostapd/pmksa_cache.h b/hostapd/pmksa_cache.h
index 41ba61d..9628b13 100644
--- a/hostapd/pmksa_cache.h
+++ b/hostapd/pmksa_cache.h
@@ -15,6 +15,8 @@
#ifndef PMKSA_CACHE_H
#define PMKSA_CACHE_H
+#include "radius/radius.h"
+
/**
* struct rsn_pmksa_cache_entry - PMKSA cache entry
*/
diff --git a/hostapd/preauth.c b/hostapd/preauth.c
index e0f5853..9db6380 100644
--- a/hostapd/preauth.c
+++ b/hostapd/preauth.c
@@ -26,6 +26,7 @@
#include "sta_info.h"
#include "common/wpa_common.h"
#include "eapol_auth/eapol_auth_sm.h"
+#include "eapol_auth/eapol_auth_sm_i.h"
#include "wpa.h"
#include "preauth.h"
diff --git a/hostapd/wps_hostapd.c b/hostapd/wps_hostapd.c
index e82a74f..b968f2f 100644
--- a/hostapd/wps_hostapd.c
+++ b/hostapd/wps_hostapd.c
@@ -22,6 +22,7 @@
#include "common/ieee802_11_defs.h"
#include "common/ieee802_11_common.h"
#include "eapol_auth/eapol_auth_sm.h"
+#include "eapol_auth/eapol_auth_sm_i.h"
#include "wps/wps.h"
#include "wps/wps_defs.h"
#include "wps/wps_dev_attr.h"
diff --git a/src/eapol_auth/eapol_auth_dump.c b/src/eapol_auth/eapol_auth_dump.c
index 0cae350..a0f0e8d 100644
--- a/src/eapol_auth/eapol_auth_dump.c
+++ b/src/eapol_auth/eapol_auth_dump.c
@@ -17,6 +17,7 @@
#include "common.h"
#include "eap_server/eap.h"
#include "eapol_auth_sm.h"
+#include "eapol_auth_sm_i.h"
static inline const char * port_type_txt(PortTypes pt)
{
diff --git a/src/eapol_auth/eapol_auth_sm.c b/src/eapol_auth/eapol_auth_sm.c
index e69b7f4..ec5bc39 100644
--- a/src/eapol_auth/eapol_auth_sm.c
+++ b/src/eapol_auth/eapol_auth_sm.c
@@ -15,12 +15,14 @@
#include "includes.h"
#include "common.h"
-#include "eapol_auth_sm.h"
#include "eloop.h"
-#include "common/eapol_common.h"
-#include "eap_server/eap.h"
#include "state_machine.h"
+#include "common/eapol_common.h"
+#include "eap_common/eap_defs.h"
#include "eap_common/eap_common.h"
+#include "eap_server/eap.h"
+#include "eapol_auth_sm.h"
+#include "eapol_auth_sm_i.h"
#define STATE_MACHINE_DATA struct eapol_state_machine
#define STATE_MACHINE_DEBUG_PREFIX "IEEE 802.1X"
diff --git a/src/eapol_auth/eapol_auth_sm.h b/src/eapol_auth/eapol_auth_sm.h
index 3e4dd33..fed7c05 100644
--- a/src/eapol_auth/eapol_auth_sm.h
+++ b/src/eapol_auth/eapol_auth_sm.h
@@ -15,19 +15,10 @@
#ifndef EAPOL_AUTH_SM_H
#define EAPOL_AUTH_SM_H
-#include "common/defs.h"
-#include "radius/radius.h"
-
-/* IEEE Std 802.1X-2004, Ch. 8.2 */
-
-typedef enum { ForceUnauthorized = 1, ForceAuthorized = 3, Auto = 2 }
- PortTypes;
-typedef enum { Unauthorized = 2, Authorized = 1 } PortState;
-typedef enum { Both = 0, In = 1 } ControlledDirection;
-typedef unsigned int Counter;
-
-struct eap_sm;
-
+#define EAPOL_SM_PREAUTH BIT(0)
+#define EAPOL_SM_WAIT_START BIT(1)
+#define EAPOL_SM_USES_WPA BIT(2)
+#define EAPOL_SM_FROM_PMKSA_CACHE BIT(3)
struct eapol_auth_config {
int eap_reauth_period;
@@ -81,163 +72,6 @@ struct eapol_auth_cb {
void (*eapol_event)(void *ctx, void *sta_ctx, enum eapol_event type);
};
-/**
- * struct eapol_authenticator - Global EAPOL authenticator data
- */
-struct eapol_authenticator {
- struct eapol_auth_config conf;
- struct eapol_auth_cb cb;
-
- u8 *default_wep_key;
- u8 default_wep_key_idx;
-};
-
-
-/**
- * struct eapol_state_machine - Per-Supplicant Authenticator state machines
- */
-struct eapol_state_machine {
- /* timers */
- int aWhile;
- int quietWhile;
- int reAuthWhen;
-
- /* global variables */
- Boolean authAbort;
- Boolean authFail;
- PortState authPortStatus;
- Boolean authStart;
- Boolean authTimeout;
- Boolean authSuccess;
- Boolean eapolEap;
- Boolean initialize;
- Boolean keyDone;
- Boolean keyRun;
- Boolean keyTxEnabled;
- PortTypes portControl;
- Boolean portValid;
- Boolean reAuthenticate;
-
- /* Port Timers state machine */
- /* 'Boolean tick' implicitly handled as registered timeout */
-
- /* Authenticator PAE state machine */
- enum { AUTH_PAE_INITIALIZE, AUTH_PAE_DISCONNECTED, AUTH_PAE_CONNECTING,
- AUTH_PAE_AUTHENTICATING, AUTH_PAE_AUTHENTICATED,
- AUTH_PAE_ABORTING, AUTH_PAE_HELD, AUTH_PAE_FORCE_AUTH,
- AUTH_PAE_FORCE_UNAUTH, AUTH_PAE_RESTART } auth_pae_state;
- /* variables */
- Boolean eapolLogoff;
- Boolean eapolStart;
- PortTypes portMode;
- unsigned int reAuthCount;
- /* constants */
- unsigned int quietPeriod; /* default 60; 0..65535 */
-#define AUTH_PAE_DEFAULT_quietPeriod 60
- unsigned int reAuthMax; /* default 2 */
-#define AUTH_PAE_DEFAULT_reAuthMax 2
- /* counters */
- Counter authEntersConnecting;
- Counter authEapLogoffsWhileConnecting;
- Counter authEntersAuthenticating;
- Counter authAuthSuccessesWhileAuthenticating;
- Counter authAuthTimeoutsWhileAuthenticating;
- Counter authAuthFailWhileAuthenticating;
- Counter authAuthEapStartsWhileAuthenticating;
- Counter authAuthEapLogoffWhileAuthenticating;
- Counter authAuthReauthsWhileAuthenticated;
- Counter authAuthEapStartsWhileAuthenticated;
- Counter authAuthEapLogoffWhileAuthenticated;
-
- /* Backend Authentication state machine */
- enum { BE_AUTH_REQUEST, BE_AUTH_RESPONSE, BE_AUTH_SUCCESS,
- BE_AUTH_FAIL, BE_AUTH_TIMEOUT, BE_AUTH_IDLE, BE_AUTH_INITIALIZE,
- BE_AUTH_IGNORE
- } be_auth_state;
- /* constants */
- unsigned int serverTimeout; /* default 30; 1..X */
-#define BE_AUTH_DEFAULT_serverTimeout 30
- /* counters */
- Counter backendResponses;
- Counter backendAccessChallenges;
- Counter backendOtherRequestsToSupplicant;
- Counter backendAuthSuccesses;
- Counter backendAuthFails;
-
- /* Reauthentication Timer state machine */
- enum { REAUTH_TIMER_INITIALIZE, REAUTH_TIMER_REAUTHENTICATE
- } reauth_timer_state;
- /* constants */
- unsigned int reAuthPeriod; /* default 3600 s */
- Boolean reAuthEnabled;
-
- /* Authenticator Key Transmit state machine */
- enum { AUTH_KEY_TX_NO_KEY_TRANSMIT, AUTH_KEY_TX_KEY_TRANSMIT
- } auth_key_tx_state;
-
- /* Key Receive state machine */
- enum { KEY_RX_NO_KEY_RECEIVE, KEY_RX_KEY_RECEIVE } key_rx_state;
- /* variables */
- Boolean rxKey;
-
- /* Controlled Directions state machine */
- enum { CTRL_DIR_FORCE_BOTH, CTRL_DIR_IN_OR_BOTH } ctrl_dir_state;
- /* variables */
- ControlledDirection adminControlledDirections;
- ControlledDirection operControlledDirections;
- Boolean operEdge;
-
- /* Authenticator Statistics Table */
- Counter dot1xAuthEapolFramesRx;
- Counter dot1xAuthEapolFramesTx;
- Counter dot1xAuthEapolStartFramesRx;
- Counter dot1xAuthEapolLogoffFramesRx;
- Counter dot1xAuthEapolRespIdFramesRx;
- Counter dot1xAuthEapolRespFramesRx;
- Counter dot1xAuthEapolReqIdFramesTx;
- Counter dot1xAuthEapolReqFramesTx;
- Counter dot1xAuthInvalidEapolFramesRx;
- Counter dot1xAuthEapLengthErrorFramesRx;
- Counter dot1xAuthLastEapolFrameVersion;
-
- /* Other variables - not defined in IEEE 802.1X */
- u8 addr[ETH_ALEN]; /* Supplicant address */
-#define EAPOL_SM_PREAUTH BIT(0)
-#define EAPOL_SM_WAIT_START BIT(1)
-#define EAPOL_SM_USES_WPA BIT(2)
-#define EAPOL_SM_FROM_PMKSA_CACHE BIT(3)
- int flags; /* EAPOL_SM_* */
-
- /* EAPOL/AAA <-> EAP full authenticator interface */
- struct eap_eapol_interface *eap_if;
-
- int radius_identifier;
- /* TODO: check when the last messages can be released */
- struct radius_msg *last_recv_radius;
- u8 last_eap_id; /* last used EAP Identifier */
- u8 *identity;
- size_t identity_len;
- u8 eap_type_authsrv; /* EAP type of the last EAP packet from
- * Authentication server */
- u8 eap_type_supp; /* EAP type of the last EAP packet from Supplicant */
- struct radius_class_data radius_class;
-
- /* Keys for encrypting and signing EAPOL-Key frames */
- u8 *eapol_key_sign;
- size_t eapol_key_sign_len;
- u8 *eapol_key_crypt;
- size_t eapol_key_crypt_len;
-
- struct eap_sm *eap;
-
- Boolean initializing; /* in process of initializing state machines */
- Boolean changed;
-
- struct eapol_authenticator *eapol;
-
- void *sta; /* station context pointer to use in callbacks */
-};
-
struct eapol_authenticator * eapol_auth_init(struct eapol_auth_config *conf,
struct eapol_auth_cb *cb);
diff --git a/src/eapol_auth/eapol_auth_sm_i.h b/src/eapol_auth/eapol_auth_sm_i.h
new file mode 100644
index 0000000..1000da4
--- /dev/null
+++ b/src/eapol_auth/eapol_auth_sm_i.h
@@ -0,0 +1,183 @@
+/*
+ * IEEE 802.1X-2004 Authenticator - EAPOL state machine (internal definitions)
+ * Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef EAPOL_AUTH_SM_I_H
+#define EAPOL_AUTH_SM_I_H
+
+#include "common/defs.h"
+#include "radius/radius.h"
+
+/* IEEE Std 802.1X-2004, Ch. 8.2 */
+
+typedef enum { ForceUnauthorized = 1, ForceAuthorized = 3, Auto = 2 }
+ PortTypes;
+typedef enum { Unauthorized = 2, Authorized = 1 } PortState;
+typedef enum { Both = 0, In = 1 } ControlledDirection;
+typedef unsigned int Counter;
+
+
+/**
+ * struct eapol_authenticator - Global EAPOL authenticator data
+ */
+struct eapol_authenticator {
+ struct eapol_auth_config conf;
+ struct eapol_auth_cb cb;
+
+ u8 *default_wep_key;
+ u8 default_wep_key_idx;
+};
+
+
+/**
+ * struct eapol_state_machine - Per-Supplicant Authenticator state machines
+ */
+struct eapol_state_machine {
+ /* timers */
+ int aWhile;
+ int quietWhile;
+ int reAuthWhen;
+
+ /* global variables */
+ Boolean authAbort;
+ Boolean authFail;
+ PortState authPortStatus;
+ Boolean authStart;
+ Boolean authTimeout;
+ Boolean authSuccess;
+ Boolean eapolEap;
+ Boolean initialize;
+ Boolean keyDone;
+ Boolean keyRun;
+ Boolean keyTxEnabled;
+ PortTypes portControl;
+ Boolean portValid;
+ Boolean reAuthenticate;
+
+ /* Port Timers state machine */
+ /* 'Boolean tick' implicitly handled as registered timeout */
+
+ /* Authenticator PAE state machine */
+ enum { AUTH_PAE_INITIALIZE, AUTH_PAE_DISCONNECTED, AUTH_PAE_CONNECTING,
+ AUTH_PAE_AUTHENTICATING, AUTH_PAE_AUTHENTICATED,
+ AUTH_PAE_ABORTING, AUTH_PAE_HELD, AUTH_PAE_FORCE_AUTH,
+ AUTH_PAE_FORCE_UNAUTH, AUTH_PAE_RESTART } auth_pae_state;
+ /* variables */
+ Boolean eapolLogoff;
+ Boolean eapolStart;
+ PortTypes portMode;
+ unsigned int reAuthCount;
+ /* constants */
+ unsigned int quietPeriod; /* default 60; 0..65535 */
+#define AUTH_PAE_DEFAULT_quietPeriod 60
+ unsigned int reAuthMax; /* default 2 */
+#define AUTH_PAE_DEFAULT_reAuthMax 2
+ /* counters */
+ Counter authEntersConnecting;
+ Counter authEapLogoffsWhileConnecting;
+ Counter authEntersAuthenticating;
+ Counter authAuthSuccessesWhileAuthenticating;
+ Counter authAuthTimeoutsWhileAuthenticating;
+ Counter authAuthFailWhileAuthenticating;
+ Counter authAuthEapStartsWhileAuthenticating;
+ Counter authAuthEapLogoffWhileAuthenticating;
+ Counter authAuthReauthsWhileAuthenticated;
+ Counter authAuthEapStartsWhileAuthenticated;
+ Counter authAuthEapLogoffWhileAuthenticated;
+
+ /* Backend Authentication state machine */
+ enum { BE_AUTH_REQUEST, BE_AUTH_RESPONSE, BE_AUTH_SUCCESS,
+ BE_AUTH_FAIL, BE_AUTH_TIMEOUT, BE_AUTH_IDLE, BE_AUTH_INITIALIZE,
+ BE_AUTH_IGNORE
+ } be_auth_state;
+ /* constants */
+ unsigned int serverTimeout; /* default 30; 1..X */
+#define BE_AUTH_DEFAULT_serverTimeout 30
+ /* counters */
+ Counter backendResponses;
+ Counter backendAccessChallenges;
+ Counter backendOtherRequestsToSupplicant;
+ Counter backendAuthSuccesses;
+ Counter backendAuthFails;
+
+ /* Reauthentication Timer state machine */
+ enum { REAUTH_TIMER_INITIALIZE, REAUTH_TIMER_REAUTHENTICATE
+ } reauth_timer_state;
+ /* constants */
+ unsigned int reAuthPeriod; /* default 3600 s */
+ Boolean reAuthEnabled;
+
+ /* Authenticator Key Transmit state machine */
+ enum { AUTH_KEY_TX_NO_KEY_TRANSMIT, AUTH_KEY_TX_KEY_TRANSMIT
+ } auth_key_tx_state;
+
+ /* Key Receive state machine */
+ enum { KEY_RX_NO_KEY_RECEIVE, KEY_RX_KEY_RECEIVE } key_rx_state;
+ /* variables */
+ Boolean rxKey;
+
+ /* Controlled Directions state machine */
+ enum { CTRL_DIR_FORCE_BOTH, CTRL_DIR_IN_OR_BOTH } ctrl_dir_state;
+ /* variables */
+ ControlledDirection adminControlledDirections;
+ ControlledDirection operControlledDirections;
+ Boolean operEdge;
+
+ /* Authenticator Statistics Table */
+ Counter dot1xAuthEapolFramesRx;
+ Counter dot1xAuthEapolFramesTx;
+ Counter dot1xAuthEapolStartFramesRx;
+ Counter dot1xAuthEapolLogoffFramesRx;
+ Counter dot1xAuthEapolRespIdFramesRx;
+ Counter dot1xAuthEapolRespFramesRx;
+ Counter dot1xAuthEapolReqIdFramesTx;
+ Counter dot1xAuthEapolReqFramesTx;
+ Counter dot1xAuthInvalidEapolFramesRx;
+ Counter dot1xAuthEapLengthErrorFramesRx;
+ Counter dot1xAuthLastEapolFrameVersion;
+
+ /* Other variables - not defined in IEEE 802.1X */
+ u8 addr[ETH_ALEN]; /* Supplicant address */
+ int flags; /* EAPOL_SM_* */
+
+ /* EAPOL/AAA <-> EAP full authenticator interface */
+ struct eap_eapol_interface *eap_if;
+
+ int radius_identifier;
+ /* TODO: check when the last messages can be released */
+ struct radius_msg *last_recv_radius;
+ u8 last_eap_id; /* last used EAP Identifier */
+ u8 *identity;
+ size_t identity_len;
+ u8 eap_type_authsrv; /* EAP type of the last EAP packet from
+ * Authentication server */
+ u8 eap_type_supp; /* EAP type of the last EAP packet from Supplicant */
+ struct radius_class_data radius_class;
+
+ /* Keys for encrypting and signing EAPOL-Key frames */
+ u8 *eapol_key_sign;
+ size_t eapol_key_sign_len;
+ u8 *eapol_key_crypt;
+ size_t eapol_key_crypt_len;
+
+ struct eap_sm *eap;
+
+ Boolean initializing; /* in process of initializing state machines */
+ Boolean changed;
+
+ struct eapol_authenticator *eapol;
+
+ void *sta; /* station context pointer to use in callbacks */
+};
+
+#endif /* EAPOL_AUTH_SM_I_H */