16d49e1aeSJan Lentfer /* 26d49e1aeSJan Lentfer * EAP peer state machines internal structures (RFC 4137) 3*a1157835SDaniel Fojt * Copyright (c) 2004-2014, Jouni Malinen <j@w1.fi> 46d49e1aeSJan Lentfer * 53ff40c12SJohn Marino * This software may be distributed under the terms of the BSD license. 63ff40c12SJohn Marino * See README for more details. 76d49e1aeSJan Lentfer */ 86d49e1aeSJan Lentfer 96d49e1aeSJan Lentfer #ifndef EAP_I_H 106d49e1aeSJan Lentfer #define EAP_I_H 116d49e1aeSJan Lentfer 126d49e1aeSJan Lentfer #include "wpabuf.h" 13*a1157835SDaniel Fojt #include "utils/list.h" 146d49e1aeSJan Lentfer #include "eap_peer/eap.h" 156d49e1aeSJan Lentfer #include "eap_common/eap_common.h" 166d49e1aeSJan Lentfer 17*a1157835SDaniel Fojt #define NO_EAP_METHOD_ERROR (-1) 18*a1157835SDaniel Fojt 196d49e1aeSJan Lentfer /* RFC 4137 - EAP Peer state machine */ 206d49e1aeSJan Lentfer 216d49e1aeSJan Lentfer typedef enum { 226d49e1aeSJan Lentfer DECISION_FAIL, DECISION_COND_SUCC, DECISION_UNCOND_SUCC 236d49e1aeSJan Lentfer } EapDecision; 246d49e1aeSJan Lentfer 256d49e1aeSJan Lentfer typedef enum { 266d49e1aeSJan Lentfer METHOD_NONE, METHOD_INIT, METHOD_CONT, METHOD_MAY_CONT, METHOD_DONE 276d49e1aeSJan Lentfer } EapMethodState; 286d49e1aeSJan Lentfer 296d49e1aeSJan Lentfer /** 306d49e1aeSJan Lentfer * struct eap_method_ret - EAP return values from struct eap_method::process() 316d49e1aeSJan Lentfer * 326d49e1aeSJan Lentfer * These structure contains OUT variables for the interface between peer state 336d49e1aeSJan Lentfer * machine and methods (RFC 4137, Sect. 4.2). eapRespData will be returned as 346d49e1aeSJan Lentfer * the return value of struct eap_method::process() so it is not included in 356d49e1aeSJan Lentfer * this structure. 366d49e1aeSJan Lentfer */ 376d49e1aeSJan Lentfer struct eap_method_ret { 386d49e1aeSJan Lentfer /** 396d49e1aeSJan Lentfer * ignore - Whether method decided to drop the current packed (OUT) 406d49e1aeSJan Lentfer */ 416d49e1aeSJan Lentfer Boolean ignore; 426d49e1aeSJan Lentfer 436d49e1aeSJan Lentfer /** 446d49e1aeSJan Lentfer * methodState - Method-specific state (IN/OUT) 456d49e1aeSJan Lentfer */ 466d49e1aeSJan Lentfer EapMethodState methodState; 476d49e1aeSJan Lentfer 486d49e1aeSJan Lentfer /** 496d49e1aeSJan Lentfer * decision - Authentication decision (OUT) 506d49e1aeSJan Lentfer */ 516d49e1aeSJan Lentfer EapDecision decision; 526d49e1aeSJan Lentfer 536d49e1aeSJan Lentfer /** 546d49e1aeSJan Lentfer * allowNotifications - Whether method allows notifications (OUT) 556d49e1aeSJan Lentfer */ 566d49e1aeSJan Lentfer Boolean allowNotifications; 576d49e1aeSJan Lentfer }; 586d49e1aeSJan Lentfer 596d49e1aeSJan Lentfer 606d49e1aeSJan Lentfer /** 616d49e1aeSJan Lentfer * struct eap_method - EAP method interface 626d49e1aeSJan Lentfer * This structure defines the EAP method interface. Each method will need to 636d49e1aeSJan Lentfer * register its own EAP type, EAP name, and set of function pointers for method 646d49e1aeSJan Lentfer * specific operations. This interface is based on section 4.4 of RFC 4137. 656d49e1aeSJan Lentfer */ 666d49e1aeSJan Lentfer struct eap_method { 676d49e1aeSJan Lentfer /** 686d49e1aeSJan Lentfer * vendor - EAP Vendor-ID (EAP_VENDOR_*) (0 = IETF) 696d49e1aeSJan Lentfer */ 706d49e1aeSJan Lentfer int vendor; 716d49e1aeSJan Lentfer 726d49e1aeSJan Lentfer /** 736d49e1aeSJan Lentfer * method - EAP type number (EAP_TYPE_*) 746d49e1aeSJan Lentfer */ 756d49e1aeSJan Lentfer EapType method; 766d49e1aeSJan Lentfer 776d49e1aeSJan Lentfer /** 786d49e1aeSJan Lentfer * name - Name of the method (e.g., "TLS") 796d49e1aeSJan Lentfer */ 806d49e1aeSJan Lentfer const char *name; 816d49e1aeSJan Lentfer 826d49e1aeSJan Lentfer /** 836d49e1aeSJan Lentfer * init - Initialize an EAP method 846d49e1aeSJan Lentfer * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 856d49e1aeSJan Lentfer * Returns: Pointer to allocated private data, or %NULL on failure 866d49e1aeSJan Lentfer * 876d49e1aeSJan Lentfer * This function is used to initialize the EAP method explicitly 886d49e1aeSJan Lentfer * instead of using METHOD_INIT state as specific in RFC 4137. The 896d49e1aeSJan Lentfer * method is expected to initialize it method-specific state and return 906d49e1aeSJan Lentfer * a pointer that will be used as the priv argument to other calls. 916d49e1aeSJan Lentfer */ 926d49e1aeSJan Lentfer void * (*init)(struct eap_sm *sm); 936d49e1aeSJan Lentfer 946d49e1aeSJan Lentfer /** 956d49e1aeSJan Lentfer * deinit - Deinitialize an EAP method 966d49e1aeSJan Lentfer * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 976d49e1aeSJan Lentfer * @priv: Pointer to private EAP method data from eap_method::init() 986d49e1aeSJan Lentfer * 996d49e1aeSJan Lentfer * Deinitialize the EAP method and free any allocated private data. 1006d49e1aeSJan Lentfer */ 1016d49e1aeSJan Lentfer void (*deinit)(struct eap_sm *sm, void *priv); 1026d49e1aeSJan Lentfer 1036d49e1aeSJan Lentfer /** 1046d49e1aeSJan Lentfer * process - Process an EAP request 1056d49e1aeSJan Lentfer * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 1066d49e1aeSJan Lentfer * @priv: Pointer to private EAP method data from eap_method::init() 1076d49e1aeSJan Lentfer * @ret: Return values from EAP request validation and processing 1086d49e1aeSJan Lentfer * @reqData: EAP request to be processed (eapReqData) 1096d49e1aeSJan Lentfer * Returns: Pointer to allocated EAP response packet (eapRespData) 1106d49e1aeSJan Lentfer * 1116d49e1aeSJan Lentfer * This function is a combination of m.check(), m.process(), and 1126d49e1aeSJan Lentfer * m.buildResp() procedures defined in section 4.4 of RFC 4137 In other 1136d49e1aeSJan Lentfer * words, this function validates the incoming request, processes it, 1146d49e1aeSJan Lentfer * and build a response packet. m.check() and m.process() return values 1156d49e1aeSJan Lentfer * are returned through struct eap_method_ret *ret variable. Caller is 1166d49e1aeSJan Lentfer * responsible for freeing the returned EAP response packet. 1176d49e1aeSJan Lentfer */ 1186d49e1aeSJan Lentfer struct wpabuf * (*process)(struct eap_sm *sm, void *priv, 1196d49e1aeSJan Lentfer struct eap_method_ret *ret, 1206d49e1aeSJan Lentfer const struct wpabuf *reqData); 1216d49e1aeSJan Lentfer 1226d49e1aeSJan Lentfer /** 1236d49e1aeSJan Lentfer * isKeyAvailable - Find out whether EAP method has keying material 1246d49e1aeSJan Lentfer * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 1256d49e1aeSJan Lentfer * @priv: Pointer to private EAP method data from eap_method::init() 1266d49e1aeSJan Lentfer * Returns: %TRUE if key material (eapKeyData) is available 1276d49e1aeSJan Lentfer */ 1286d49e1aeSJan Lentfer Boolean (*isKeyAvailable)(struct eap_sm *sm, void *priv); 1296d49e1aeSJan Lentfer 1306d49e1aeSJan Lentfer /** 1316d49e1aeSJan Lentfer * getKey - Get EAP method specific keying material (eapKeyData) 1326d49e1aeSJan Lentfer * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 1336d49e1aeSJan Lentfer * @priv: Pointer to private EAP method data from eap_method::init() 1346d49e1aeSJan Lentfer * @len: Pointer to variable to store key length (eapKeyDataLen) 1356d49e1aeSJan Lentfer * Returns: Keying material (eapKeyData) or %NULL if not available 1366d49e1aeSJan Lentfer * 1376d49e1aeSJan Lentfer * This function can be used to get the keying material from the EAP 1386d49e1aeSJan Lentfer * method. The key may already be stored in the method-specific private 1396d49e1aeSJan Lentfer * data or this function may derive the key. 1406d49e1aeSJan Lentfer */ 1416d49e1aeSJan Lentfer u8 * (*getKey)(struct eap_sm *sm, void *priv, size_t *len); 1426d49e1aeSJan Lentfer 1436d49e1aeSJan Lentfer /** 1446d49e1aeSJan Lentfer * get_status - Get EAP method status 1456d49e1aeSJan Lentfer * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 1466d49e1aeSJan Lentfer * @priv: Pointer to private EAP method data from eap_method::init() 1476d49e1aeSJan Lentfer * @buf: Buffer for status information 1486d49e1aeSJan Lentfer * @buflen: Maximum buffer length 1496d49e1aeSJan Lentfer * @verbose: Whether to include verbose status information 1506d49e1aeSJan Lentfer * Returns: Number of bytes written to buf 1516d49e1aeSJan Lentfer * 1526d49e1aeSJan Lentfer * Query EAP method for status information. This function fills in a 1536d49e1aeSJan Lentfer * text area with current status information from the EAP method. If 1546d49e1aeSJan Lentfer * the buffer (buf) is not large enough, status information will be 1556d49e1aeSJan Lentfer * truncated to fit the buffer. 1566d49e1aeSJan Lentfer */ 1576d49e1aeSJan Lentfer int (*get_status)(struct eap_sm *sm, void *priv, char *buf, 1586d49e1aeSJan Lentfer size_t buflen, int verbose); 1596d49e1aeSJan Lentfer 1606d49e1aeSJan Lentfer /** 1616d49e1aeSJan Lentfer * has_reauth_data - Whether method is ready for fast reauthentication 1626d49e1aeSJan Lentfer * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 1636d49e1aeSJan Lentfer * @priv: Pointer to private EAP method data from eap_method::init() 1646d49e1aeSJan Lentfer * Returns: %TRUE or %FALSE based on whether fast reauthentication is 1656d49e1aeSJan Lentfer * possible 1666d49e1aeSJan Lentfer * 1676d49e1aeSJan Lentfer * This function is an optional handler that only EAP methods 1686d49e1aeSJan Lentfer * supporting fast re-authentication need to implement. 1696d49e1aeSJan Lentfer */ 1706d49e1aeSJan Lentfer Boolean (*has_reauth_data)(struct eap_sm *sm, void *priv); 1716d49e1aeSJan Lentfer 1726d49e1aeSJan Lentfer /** 1736d49e1aeSJan Lentfer * deinit_for_reauth - Release data that is not needed for fast re-auth 1746d49e1aeSJan Lentfer * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 1756d49e1aeSJan Lentfer * @priv: Pointer to private EAP method data from eap_method::init() 1766d49e1aeSJan Lentfer * 1776d49e1aeSJan Lentfer * This function is an optional handler that only EAP methods 1786d49e1aeSJan Lentfer * supporting fast re-authentication need to implement. This is called 1796d49e1aeSJan Lentfer * when authentication has been completed and EAP state machine is 1806d49e1aeSJan Lentfer * requesting that enough state information is maintained for fast 1816d49e1aeSJan Lentfer * re-authentication 1826d49e1aeSJan Lentfer */ 1836d49e1aeSJan Lentfer void (*deinit_for_reauth)(struct eap_sm *sm, void *priv); 1846d49e1aeSJan Lentfer 1856d49e1aeSJan Lentfer /** 1866d49e1aeSJan Lentfer * init_for_reauth - Prepare for start of fast re-authentication 1876d49e1aeSJan Lentfer * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 1886d49e1aeSJan Lentfer * @priv: Pointer to private EAP method data from eap_method::init() 1896d49e1aeSJan Lentfer * 1906d49e1aeSJan Lentfer * This function is an optional handler that only EAP methods 1916d49e1aeSJan Lentfer * supporting fast re-authentication need to implement. This is called 1926d49e1aeSJan Lentfer * when EAP authentication is started and EAP state machine is 1936d49e1aeSJan Lentfer * requesting fast re-authentication to be used. 1946d49e1aeSJan Lentfer */ 1956d49e1aeSJan Lentfer void * (*init_for_reauth)(struct eap_sm *sm, void *priv); 1966d49e1aeSJan Lentfer 1976d49e1aeSJan Lentfer /** 1986d49e1aeSJan Lentfer * get_identity - Get method specific identity for re-authentication 1996d49e1aeSJan Lentfer * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 2006d49e1aeSJan Lentfer * @priv: Pointer to private EAP method data from eap_method::init() 2016d49e1aeSJan Lentfer * @len: Length of the returned identity 2026d49e1aeSJan Lentfer * Returns: Pointer to the method specific identity or %NULL if default 2036d49e1aeSJan Lentfer * identity is to be used 2046d49e1aeSJan Lentfer * 2056d49e1aeSJan Lentfer * This function is an optional handler that only EAP methods 2066d49e1aeSJan Lentfer * that use method specific identity need to implement. 2076d49e1aeSJan Lentfer */ 2086d49e1aeSJan Lentfer const u8 * (*get_identity)(struct eap_sm *sm, void *priv, size_t *len); 2096d49e1aeSJan Lentfer 2106d49e1aeSJan Lentfer /** 211*a1157835SDaniel Fojt * get_error_code - Get the latest EAP method error code 212*a1157835SDaniel Fojt * @priv: Pointer to private EAP method data from eap_method::init() 213*a1157835SDaniel Fojt * Returns: An int for the EAP method specific error code if exists or 214*a1157835SDaniel Fojt * NO_EAP_METHOD_ERROR otherwise. 215*a1157835SDaniel Fojt * 216*a1157835SDaniel Fojt * This method is an optional handler that only EAP methods that need to 217*a1157835SDaniel Fojt * report their error code need to implement. 218*a1157835SDaniel Fojt */ 219*a1157835SDaniel Fojt int (*get_error_code)(void *priv); 220*a1157835SDaniel Fojt 221*a1157835SDaniel Fojt /** 2226d49e1aeSJan Lentfer * free - Free EAP method data 2236d49e1aeSJan Lentfer * @method: Pointer to the method data registered with 2246d49e1aeSJan Lentfer * eap_peer_method_register(). 2256d49e1aeSJan Lentfer * 2266d49e1aeSJan Lentfer * This function will be called when the EAP method is being 2276d49e1aeSJan Lentfer * unregistered. If the EAP method allocated resources during 2286d49e1aeSJan Lentfer * registration (e.g., allocated struct eap_method), they should be 2296d49e1aeSJan Lentfer * freed in this function. No other method functions will be called 2306d49e1aeSJan Lentfer * after this call. If this function is not defined (i.e., function 2316d49e1aeSJan Lentfer * pointer is %NULL), a default handler is used to release the method 2326d49e1aeSJan Lentfer * data with free(method). This is suitable for most cases. 2336d49e1aeSJan Lentfer */ 2346d49e1aeSJan Lentfer void (*free)(struct eap_method *method); 2356d49e1aeSJan Lentfer 2366d49e1aeSJan Lentfer #define EAP_PEER_METHOD_INTERFACE_VERSION 1 2376d49e1aeSJan Lentfer /** 2386d49e1aeSJan Lentfer * version - Version of the EAP peer method interface 2396d49e1aeSJan Lentfer * 2406d49e1aeSJan Lentfer * The EAP peer method implementation should set this variable to 2416d49e1aeSJan Lentfer * EAP_PEER_METHOD_INTERFACE_VERSION. This is used to verify that the 2426d49e1aeSJan Lentfer * EAP method is using supported API version when using dynamically 2436d49e1aeSJan Lentfer * loadable EAP methods. 2446d49e1aeSJan Lentfer */ 2456d49e1aeSJan Lentfer int version; 2466d49e1aeSJan Lentfer 2476d49e1aeSJan Lentfer /** 2486d49e1aeSJan Lentfer * next - Pointer to the next EAP method 2496d49e1aeSJan Lentfer * 2506d49e1aeSJan Lentfer * This variable is used internally in the EAP method registration code 2516d49e1aeSJan Lentfer * to create a linked list of registered EAP methods. 2526d49e1aeSJan Lentfer */ 2536d49e1aeSJan Lentfer struct eap_method *next; 2546d49e1aeSJan Lentfer 2556d49e1aeSJan Lentfer #ifdef CONFIG_DYNAMIC_EAP_METHODS 2566d49e1aeSJan Lentfer /** 2576d49e1aeSJan Lentfer * dl_handle - Handle for the dynamic library 2586d49e1aeSJan Lentfer * 2596d49e1aeSJan Lentfer * This variable is used internally in the EAP method registration code 2606d49e1aeSJan Lentfer * to store a handle for the dynamic library. If the method is linked 2616d49e1aeSJan Lentfer * in statically, this is %NULL. 2626d49e1aeSJan Lentfer */ 2636d49e1aeSJan Lentfer void *dl_handle; 2646d49e1aeSJan Lentfer #endif /* CONFIG_DYNAMIC_EAP_METHODS */ 2656d49e1aeSJan Lentfer 2666d49e1aeSJan Lentfer /** 2676d49e1aeSJan Lentfer * get_emsk - Get EAP method specific keying extended material (EMSK) 2686d49e1aeSJan Lentfer * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 2696d49e1aeSJan Lentfer * @priv: Pointer to private EAP method data from eap_method::init() 2706d49e1aeSJan Lentfer * @len: Pointer to a variable to store EMSK length 2716d49e1aeSJan Lentfer * Returns: EMSK or %NULL if not available 2726d49e1aeSJan Lentfer * 2736d49e1aeSJan Lentfer * This function can be used to get the extended keying material from 2746d49e1aeSJan Lentfer * the EAP method. The key may already be stored in the method-specific 2756d49e1aeSJan Lentfer * private data or this function may derive the key. 2766d49e1aeSJan Lentfer */ 2776d49e1aeSJan Lentfer u8 * (*get_emsk)(struct eap_sm *sm, void *priv, size_t *len); 2783ff40c12SJohn Marino 2793ff40c12SJohn Marino /** 2803ff40c12SJohn Marino * getSessionId - Get EAP method specific Session-Id 2813ff40c12SJohn Marino * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 2823ff40c12SJohn Marino * @priv: Pointer to private EAP method data from eap_method::init() 2833ff40c12SJohn Marino * @len: Pointer to a variable to store Session-Id length 2843ff40c12SJohn Marino * Returns: Session-Id or %NULL if not available 2853ff40c12SJohn Marino * 2863ff40c12SJohn Marino * This function can be used to get the Session-Id from the EAP method. 2873ff40c12SJohn Marino * The Session-Id may already be stored in the method-specific private 2883ff40c12SJohn Marino * data or this function may derive the Session-Id. 2893ff40c12SJohn Marino */ 2903ff40c12SJohn Marino u8 * (*getSessionId)(struct eap_sm *sm, void *priv, size_t *len); 2916d49e1aeSJan Lentfer }; 2926d49e1aeSJan Lentfer 2936d49e1aeSJan Lentfer 294*a1157835SDaniel Fojt struct eap_erp_key { 295*a1157835SDaniel Fojt struct dl_list list; 296*a1157835SDaniel Fojt size_t rRK_len; 297*a1157835SDaniel Fojt size_t rIK_len; 298*a1157835SDaniel Fojt u8 rRK[ERP_MAX_KEY_LEN]; 299*a1157835SDaniel Fojt u8 rIK[ERP_MAX_KEY_LEN]; 300*a1157835SDaniel Fojt u32 next_seq; 301*a1157835SDaniel Fojt char keyname_nai[]; 302*a1157835SDaniel Fojt }; 303*a1157835SDaniel Fojt 3046d49e1aeSJan Lentfer /** 3056d49e1aeSJan Lentfer * struct eap_sm - EAP state machine data 3066d49e1aeSJan Lentfer */ 3076d49e1aeSJan Lentfer struct eap_sm { 3086d49e1aeSJan Lentfer enum { 3096d49e1aeSJan Lentfer EAP_INITIALIZE, EAP_DISABLED, EAP_IDLE, EAP_RECEIVED, 3106d49e1aeSJan Lentfer EAP_GET_METHOD, EAP_METHOD, EAP_SEND_RESPONSE, EAP_DISCARD, 3116d49e1aeSJan Lentfer EAP_IDENTITY, EAP_NOTIFICATION, EAP_RETRANSMIT, EAP_SUCCESS, 3126d49e1aeSJan Lentfer EAP_FAILURE 3136d49e1aeSJan Lentfer } EAP_state; 3146d49e1aeSJan Lentfer /* Long-term local variables */ 3156d49e1aeSJan Lentfer EapType selectedMethod; 3166d49e1aeSJan Lentfer EapMethodState methodState; 3176d49e1aeSJan Lentfer int lastId; 3186d49e1aeSJan Lentfer struct wpabuf *lastRespData; 3196d49e1aeSJan Lentfer EapDecision decision; 3206d49e1aeSJan Lentfer /* Short-term local variables */ 3216d49e1aeSJan Lentfer Boolean rxReq; 3226d49e1aeSJan Lentfer Boolean rxSuccess; 3236d49e1aeSJan Lentfer Boolean rxFailure; 3246d49e1aeSJan Lentfer int reqId; 3256d49e1aeSJan Lentfer EapType reqMethod; 3266d49e1aeSJan Lentfer int reqVendor; 3276d49e1aeSJan Lentfer u32 reqVendorMethod; 3286d49e1aeSJan Lentfer Boolean ignore; 3296d49e1aeSJan Lentfer /* Constants */ 3306d49e1aeSJan Lentfer int ClientTimeout; 3316d49e1aeSJan Lentfer 3326d49e1aeSJan Lentfer /* Miscellaneous variables */ 3336d49e1aeSJan Lentfer Boolean allowNotifications; /* peer state machine <-> methods */ 3346d49e1aeSJan Lentfer struct wpabuf *eapRespData; /* peer to lower layer */ 3356d49e1aeSJan Lentfer Boolean eapKeyAvailable; /* peer to lower layer */ 3366d49e1aeSJan Lentfer u8 *eapKeyData; /* peer to lower layer */ 3376d49e1aeSJan Lentfer size_t eapKeyDataLen; /* peer to lower layer */ 3383ff40c12SJohn Marino u8 *eapSessionId; /* peer to lower layer */ 3393ff40c12SJohn Marino size_t eapSessionIdLen; /* peer to lower layer */ 3406d49e1aeSJan Lentfer const struct eap_method *m; /* selected EAP method */ 3416d49e1aeSJan Lentfer /* not defined in RFC 4137 */ 3426d49e1aeSJan Lentfer Boolean changed; 3436d49e1aeSJan Lentfer void *eapol_ctx; 344*a1157835SDaniel Fojt const struct eapol_callbacks *eapol_cb; 3456d49e1aeSJan Lentfer void *eap_method_priv; 3466d49e1aeSJan Lentfer int init_phase2; 3476d49e1aeSJan Lentfer int fast_reauth; 348*a1157835SDaniel Fojt Boolean reauthInit; /* send EAP-Identity/Re-auth */ 349*a1157835SDaniel Fojt u32 erp_seq; 3506d49e1aeSJan Lentfer 3516d49e1aeSJan Lentfer Boolean rxResp /* LEAP only */; 3526d49e1aeSJan Lentfer Boolean leap_done; 3536d49e1aeSJan Lentfer Boolean peap_done; 354*a1157835SDaniel Fojt u8 req_sha1[20]; /* SHA1() of the current EAP packet */ 355*a1157835SDaniel Fojt u8 last_sha1[20]; /* SHA1() of the previously received EAP packet; used 3566d49e1aeSJan Lentfer * in duplicate request detection. */ 3576d49e1aeSJan Lentfer 3586d49e1aeSJan Lentfer void *msg_ctx; 3596d49e1aeSJan Lentfer void *scard_ctx; 3606d49e1aeSJan Lentfer void *ssl_ctx; 3613ff40c12SJohn Marino void *ssl_ctx2; 3626d49e1aeSJan Lentfer 3636d49e1aeSJan Lentfer unsigned int workaround; 3646d49e1aeSJan Lentfer 3656d49e1aeSJan Lentfer /* Optional challenges generated in Phase 1 (EAP-FAST) */ 3666d49e1aeSJan Lentfer u8 *peer_challenge, *auth_challenge; 3676d49e1aeSJan Lentfer 3686d49e1aeSJan Lentfer int num_rounds; 3696d49e1aeSJan Lentfer int force_disabled; 3706d49e1aeSJan Lentfer 3716d49e1aeSJan Lentfer struct wps_context *wps; 3726d49e1aeSJan Lentfer 3736d49e1aeSJan Lentfer int prev_failure; 374*a1157835SDaniel Fojt struct eap_peer_config *last_config; 3753ff40c12SJohn Marino 3763ff40c12SJohn Marino struct ext_password_data *ext_pw; 3773ff40c12SJohn Marino struct wpabuf *ext_pw_buf; 3783ff40c12SJohn Marino 3793ff40c12SJohn Marino int external_sim; 3803ff40c12SJohn Marino 3813ff40c12SJohn Marino unsigned int expected_failure:1; 382*a1157835SDaniel Fojt unsigned int ext_cert_check:1; 383*a1157835SDaniel Fojt unsigned int waiting_ext_cert_check:1; 384*a1157835SDaniel Fojt 385*a1157835SDaniel Fojt struct dl_list erp_keys; /* struct eap_erp_key */ 3866d49e1aeSJan Lentfer }; 3876d49e1aeSJan Lentfer 3886d49e1aeSJan Lentfer const u8 * eap_get_config_identity(struct eap_sm *sm, size_t *len); 3896d49e1aeSJan Lentfer const u8 * eap_get_config_password(struct eap_sm *sm, size_t *len); 3906d49e1aeSJan Lentfer const u8 * eap_get_config_password2(struct eap_sm *sm, size_t *len, int *hash); 3916d49e1aeSJan Lentfer const u8 * eap_get_config_new_password(struct eap_sm *sm, size_t *len); 3926d49e1aeSJan Lentfer const u8 * eap_get_config_otp(struct eap_sm *sm, size_t *len); 3936d49e1aeSJan Lentfer void eap_clear_config_otp(struct eap_sm *sm); 3946d49e1aeSJan Lentfer const char * eap_get_config_phase1(struct eap_sm *sm); 3956d49e1aeSJan Lentfer const char * eap_get_config_phase2(struct eap_sm *sm); 3963ff40c12SJohn Marino int eap_get_config_fragment_size(struct eap_sm *sm); 3976d49e1aeSJan Lentfer struct eap_peer_config * eap_get_config(struct eap_sm *sm); 3986d49e1aeSJan Lentfer void eap_set_config_blob(struct eap_sm *sm, struct wpa_config_blob *blob); 3996d49e1aeSJan Lentfer const struct wpa_config_blob * 4006d49e1aeSJan Lentfer eap_get_config_blob(struct eap_sm *sm, const char *name); 4016d49e1aeSJan Lentfer void eap_notify_pending(struct eap_sm *sm); 4026d49e1aeSJan Lentfer int eap_allowed_method(struct eap_sm *sm, int vendor, u32 method); 4036d49e1aeSJan Lentfer 4046d49e1aeSJan Lentfer #endif /* EAP_I_H */ 405