Delete reference without relevance.
[dragonfly.git] / contrib / wpa_supplicant-0.5.8 / eap_i.h
blobad7a1dd496d9806ddd65edf5b07bec75d6b7993d
1 /*
2 * EAP peer state machines internal structures (RFC 4137)
3 * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
10 * license.
12 * See README and COPYING for more details.
15 #ifndef EAP_I_H
16 #define EAP_I_H
18 #include "eap.h"
20 /* RFC 4137 - EAP Peer state machine */
22 typedef enum {
23 DECISION_FAIL, DECISION_COND_SUCC, DECISION_UNCOND_SUCC
24 } EapDecision;
26 typedef enum {
27 METHOD_NONE, METHOD_INIT, METHOD_CONT, METHOD_MAY_CONT, METHOD_DONE
28 } EapMethodState;
30 /**
31 * struct eap_method_ret - EAP return values from struct eap_method::process()
33 * These structure contains OUT variables for the interface between peer state
34 * machine and methods (RFC 4137, Sect. 4.2). eapRespData will be returned as
35 * the return value of struct eap_method::process() so it is not included in
36 * this structure.
38 struct eap_method_ret {
39 /**
40 * ignore - Whether method decided to drop the current packed (OUT)
42 Boolean ignore;
44 /**
45 * methodState - Method-specific state (IN/OUT)
47 EapMethodState methodState;
49 /**
50 * decision - Authentication decision (OUT)
52 EapDecision decision;
54 /**
55 * allowNotifications - Whether method allows notifications (OUT)
57 Boolean allowNotifications;
61 /**
62 * struct eap_method - EAP method interface
63 * This structure defines the EAP method interface. Each method will need to
64 * register its own EAP type, EAP name, and set of function pointers for method
65 * specific operations. This interface is based on section 4.4 of RFC 4137.
67 struct eap_method {
68 /**
69 * vendor - EAP Vendor-ID (EAP_VENDOR_*) (0 = IETF)
71 int vendor;
73 /**
74 * method - EAP type number (EAP_TYPE_*)
76 EapType method;
78 /**
79 * name - Name of the method (e.g., "TLS")
81 const char *name;
83 /**
84 * init - Initialize an EAP method
85 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
86 * Returns: Pointer to allocated private data, or %NULL on failure
88 * This function is used to initialize the EAP method explicitly
89 * instead of using METHOD_INIT state as specific in RFC 4137. The
90 * method is expected to initialize it method-specific state and return
91 * a pointer that will be used as the priv argument to other calls.
93 void * (*init)(struct eap_sm *sm);
95 /**
96 * deinit - Deinitialize an EAP method
97 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
98 * @priv: Pointer to private EAP method data from eap_method::init()
100 * Deinitialize the EAP method and free any allocated private data.
102 void (*deinit)(struct eap_sm *sm, void *priv);
105 * process - Process an EAP request
106 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
107 * @priv: Pointer to private EAP method data from eap_method::init()
108 * @ret: Return values from EAP request validation and processing
109 * @reqData: EAP request to be processed (eapReqData)
110 * @reqDataLen: Length of the EAP request
111 * @respDataLen: Length of the returned EAP response
112 * Returns: Pointer to allocated EAP response packet (eapRespData)
114 * This function is a combination of m.check(), m.process(), and
115 * m.buildResp() procedures defined in section 4.4 of RFC 4137 In other
116 * words, this function validates the incoming request, processes it,
117 * and build a response packet. m.check() and m.process() return values
118 * are returned through struct eap_method_ret *ret variable. Caller is
119 * responsible for freeing the returned EAP response packet.
121 u8 * (*process)(struct eap_sm *sm, void *priv,
122 struct eap_method_ret *ret,
123 const u8 *reqData, size_t reqDataLen,
124 size_t *respDataLen);
127 * isKeyAvailable - Find out whether EAP method has keying material
128 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
129 * @priv: Pointer to private EAP method data from eap_method::init()
130 * Returns: %TRUE if key material (eapKeyData) is available
132 Boolean (*isKeyAvailable)(struct eap_sm *sm, void *priv);
135 * getKey - Get EAP method specific keying material (eapKeyData)
136 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
137 * @priv: Pointer to private EAP method data from eap_method::init()
138 * @len: Pointer to variable to store key length (eapKeyDataLen)
139 * Returns: Keying material (eapKeyData) or %NULL if not available
141 * This function can be used to get the keying material from the EAP
142 * method. The key may already be stored in the method-specific private
143 * data or this function may derive the key.
145 u8 * (*getKey)(struct eap_sm *sm, void *priv, size_t *len);
148 * get_status - Get EAP method status
149 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
150 * @priv: Pointer to private EAP method data from eap_method::init()
151 * @buf: Buffer for status information
152 * @buflen: Maximum buffer length
153 * @verbose: Whether to include verbose status information
154 * Returns: Number of bytes written to buf
156 * Query EAP method for status information. This function fills in a
157 * text area with current status information from the EAP method. If
158 * the buffer (buf) is not large enough, status information will be
159 * truncated to fit the buffer.
161 int (*get_status)(struct eap_sm *sm, void *priv, char *buf,
162 size_t buflen, int verbose);
165 * has_reauth_data - Whether method is ready for fast reauthentication
166 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
167 * @priv: Pointer to private EAP method data from eap_method::init()
168 * Returns: %TRUE or %FALSE based on whether fast reauthentication is
169 * possible
171 * This function is an optional handler that only EAP methods
172 * supporting fast re-authentication need to implement.
174 Boolean (*has_reauth_data)(struct eap_sm *sm, void *priv);
177 * deinit_for_reauth - Release data that is not needed for fast re-auth
178 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
179 * @priv: Pointer to private EAP method data from eap_method::init()
181 * This function is an optional handler that only EAP methods
182 * supporting fast re-authentication need to implement. This is called
183 * when authentication has been completed and EAP state machine is
184 * requesting that enough state information is maintained for fast
185 * re-authentication
187 void (*deinit_for_reauth)(struct eap_sm *sm, void *priv);
190 * init_for_reauth - Prepare for start of fast re-authentication
191 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
192 * @priv: Pointer to private EAP method data from eap_method::init()
194 * This function is an optional handler that only EAP methods
195 * supporting fast re-authentication need to implement. This is called
196 * when EAP authentication is started and EAP state machine is
197 * requesting fast re-authentication to be used.
199 void * (*init_for_reauth)(struct eap_sm *sm, void *priv);
202 * get_identity - Get method specific identity for re-authentication
203 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
204 * @priv: Pointer to private EAP method data from eap_method::init()
205 * @len: Length of the returned identity
206 * Returns: Pointer to the method specific identity or %NULL if default
207 * identity is to be used
209 * This function is an optional handler that only EAP methods
210 * that use method specific identity need to implement.
212 const u8 * (*get_identity)(struct eap_sm *sm, void *priv, size_t *len);
215 * free - Free EAP method data
216 * @method: Pointer to the method data registered with
217 * eap_peer_method_register().
219 * This function will be called when the EAP method is being
220 * unregistered. If the EAP method allocated resources during
221 * registration (e.g., allocated struct eap_method), they should be
222 * freed in this function. No other method functions will be called
223 * after this call. If this function is not defined (i.e., function
224 * pointer is %NULL), a default handler is used to release the method
225 * data with free(method). This is suitable for most cases.
227 void (*free)(struct eap_method *method);
229 #define EAP_PEER_METHOD_INTERFACE_VERSION 1
231 * version - Version of the EAP peer method interface
233 * The EAP peer method implementation should set this variable to
234 * EAP_PEER_METHOD_INTERFACE_VERSION. This is used to verify that the
235 * EAP method is using supported API version when using dynamically
236 * loadable EAP methods.
238 int version;
241 * next - Pointer to the next EAP method
243 * This variable is used internally in the EAP method registration code
244 * to create a linked list of registered EAP methods.
246 struct eap_method *next;
248 #ifdef CONFIG_DYNAMIC_EAP_METHODS
250 * dl_handle - Handle for the dynamic library
252 * This variable is used internally in the EAP method registration code
253 * to store a handle for the dynamic library. If the method is linked
254 * in statically, this is %NULL.
256 void *dl_handle;
257 #endif /* CONFIG_DYNAMIC_EAP_METHODS */
260 * get_emsk - Get EAP method specific keying extended material (EMSK)
261 * @sm: Pointer to EAP state machine allocated with eap_sm_init()
262 * @priv: Pointer to private EAP method data from eap_method::init()
263 * @len: Pointer to a variable to store EMSK length
264 * Returns: EMSK or %NULL if not available
266 * This function can be used to get the extended keying material from
267 * the EAP method. The key may already be stored in the method-specific
268 * private data or this function may derive the key.
270 u8 * (*get_emsk)(struct eap_sm *sm, void *priv, size_t *len);
275 * struct eap_sm - EAP state machine data
277 struct eap_sm {
278 enum {
279 EAP_INITIALIZE, EAP_DISABLED, EAP_IDLE, EAP_RECEIVED,
280 EAP_GET_METHOD, EAP_METHOD, EAP_SEND_RESPONSE, EAP_DISCARD,
281 EAP_IDENTITY, EAP_NOTIFICATION, EAP_RETRANSMIT, EAP_SUCCESS,
282 EAP_FAILURE
283 } EAP_state;
284 /* Long-term local variables */
285 EapType selectedMethod;
286 EapMethodState methodState;
287 int lastId;
288 u8 *lastRespData;
289 size_t lastRespDataLen;
290 EapDecision decision;
291 /* Short-term local variables */
292 Boolean rxReq;
293 Boolean rxSuccess;
294 Boolean rxFailure;
295 int reqId;
296 EapType reqMethod;
297 int reqVendor;
298 u32 reqVendorMethod;
299 Boolean ignore;
300 /* Constants */
301 int ClientTimeout;
303 /* Miscellaneous variables */
304 Boolean allowNotifications; /* peer state machine <-> methods */
305 u8 *eapRespData; /* peer to lower layer */
306 size_t eapRespDataLen; /* peer to lower layer */
307 Boolean eapKeyAvailable; /* peer to lower layer */
308 u8 *eapKeyData; /* peer to lower layer */
309 size_t eapKeyDataLen; /* peer to lower layer */
310 const struct eap_method *m; /* selected EAP method */
311 /* not defined in RFC 4137 */
312 Boolean changed;
313 void *eapol_ctx;
314 struct eapol_callbacks *eapol_cb;
315 void *eap_method_priv;
316 int init_phase2;
317 int fast_reauth;
319 Boolean rxResp /* LEAP only */;
320 Boolean leap_done;
321 Boolean peap_done;
322 u8 req_md5[16]; /* MD5() of the current EAP packet */
323 u8 last_md5[16]; /* MD5() of the previously received EAP packet; used
324 * in duplicate request detection. */
326 void *msg_ctx;
327 void *scard_ctx;
328 void *ssl_ctx;
330 unsigned int workaround;
332 /* Optional challenges generated in Phase 1 (EAP-FAST) */
333 u8 *peer_challenge, *auth_challenge;
334 int mschapv2_full_key; /* Request full MSCHAPv2 key */
336 int num_rounds;
337 int force_disabled;
340 const u8 * eap_hdr_validate(int vendor, EapType eap_type,
341 const u8 *msg, size_t msglen, size_t *plen);
342 const u8 * eap_get_config_identity(struct eap_sm *sm, size_t *len);
343 const u8 * eap_get_config_password(struct eap_sm *sm, size_t *len);
344 const u8 * eap_get_config_new_password(struct eap_sm *sm, size_t *len);
345 const u8 * eap_get_config_otp(struct eap_sm *sm, size_t *len);
346 void eap_clear_config_otp(struct eap_sm *sm);
347 struct wpa_ssid * eap_get_config(struct eap_sm *sm);
348 void eap_set_config_blob(struct eap_sm *sm, struct wpa_config_blob *blob);
349 const struct wpa_config_blob *
350 eap_get_config_blob(struct eap_sm *sm, const char *name);
351 struct eap_hdr * eap_msg_alloc(int vendor, EapType type, size_t *len,
352 size_t payload_len, u8 code, u8 identifier,
353 u8 **payload);
354 void eap_notify_pending(struct eap_sm *sm);
356 #endif /* EAP_I_H */