xref: /dflybsd-src/contrib/wpa_supplicant/src/eap_peer/eap_i.h (revision 3a84a4273475ed07d0ab1c2dfeffdfedef35d9cd)
16d49e1aeSJan Lentfer /*
26d49e1aeSJan Lentfer  * EAP peer state machines internal structures (RFC 4137)
3*a1157835SDaniel Fojt  * Copyright (c) 2004-2014, Jouni Malinen <j@w1.fi>
46d49e1aeSJan Lentfer  *
53ff40c12SJohn Marino  * This software may be distributed under the terms of the BSD license.
63ff40c12SJohn Marino  * See README for more details.
76d49e1aeSJan Lentfer  */
86d49e1aeSJan Lentfer 
96d49e1aeSJan Lentfer #ifndef EAP_I_H
106d49e1aeSJan Lentfer #define EAP_I_H
116d49e1aeSJan Lentfer 
126d49e1aeSJan Lentfer #include "wpabuf.h"
13*a1157835SDaniel Fojt #include "utils/list.h"
146d49e1aeSJan Lentfer #include "eap_peer/eap.h"
156d49e1aeSJan Lentfer #include "eap_common/eap_common.h"
166d49e1aeSJan Lentfer 
17*a1157835SDaniel Fojt #define NO_EAP_METHOD_ERROR (-1)
18*a1157835SDaniel Fojt 
196d49e1aeSJan Lentfer /* RFC 4137 - EAP Peer state machine */
206d49e1aeSJan Lentfer 
216d49e1aeSJan Lentfer typedef enum {
226d49e1aeSJan Lentfer 	DECISION_FAIL, DECISION_COND_SUCC, DECISION_UNCOND_SUCC
236d49e1aeSJan Lentfer } EapDecision;
246d49e1aeSJan Lentfer 
256d49e1aeSJan Lentfer typedef enum {
266d49e1aeSJan Lentfer 	METHOD_NONE, METHOD_INIT, METHOD_CONT, METHOD_MAY_CONT, METHOD_DONE
276d49e1aeSJan Lentfer } EapMethodState;
286d49e1aeSJan Lentfer 
296d49e1aeSJan Lentfer /**
306d49e1aeSJan Lentfer  * struct eap_method_ret - EAP return values from struct eap_method::process()
316d49e1aeSJan Lentfer  *
326d49e1aeSJan Lentfer  * These structure contains OUT variables for the interface between peer state
336d49e1aeSJan Lentfer  * machine and methods (RFC 4137, Sect. 4.2). eapRespData will be returned as
346d49e1aeSJan Lentfer  * the return value of struct eap_method::process() so it is not included in
356d49e1aeSJan Lentfer  * this structure.
366d49e1aeSJan Lentfer  */
376d49e1aeSJan Lentfer struct eap_method_ret {
386d49e1aeSJan Lentfer 	/**
396d49e1aeSJan Lentfer 	 * ignore - Whether method decided to drop the current packed (OUT)
406d49e1aeSJan Lentfer 	 */
416d49e1aeSJan Lentfer 	Boolean ignore;
426d49e1aeSJan Lentfer 
436d49e1aeSJan Lentfer 	/**
446d49e1aeSJan Lentfer 	 * methodState - Method-specific state (IN/OUT)
456d49e1aeSJan Lentfer 	 */
466d49e1aeSJan Lentfer 	EapMethodState methodState;
476d49e1aeSJan Lentfer 
486d49e1aeSJan Lentfer 	/**
496d49e1aeSJan Lentfer 	 * decision - Authentication decision (OUT)
506d49e1aeSJan Lentfer 	 */
516d49e1aeSJan Lentfer 	EapDecision decision;
526d49e1aeSJan Lentfer 
536d49e1aeSJan Lentfer 	/**
546d49e1aeSJan Lentfer 	 * allowNotifications - Whether method allows notifications (OUT)
556d49e1aeSJan Lentfer 	 */
566d49e1aeSJan Lentfer 	Boolean allowNotifications;
576d49e1aeSJan Lentfer };
586d49e1aeSJan Lentfer 
596d49e1aeSJan Lentfer 
606d49e1aeSJan Lentfer /**
616d49e1aeSJan Lentfer  * struct eap_method - EAP method interface
626d49e1aeSJan Lentfer  * This structure defines the EAP method interface. Each method will need to
636d49e1aeSJan Lentfer  * register its own EAP type, EAP name, and set of function pointers for method
646d49e1aeSJan Lentfer  * specific operations. This interface is based on section 4.4 of RFC 4137.
656d49e1aeSJan Lentfer  */
666d49e1aeSJan Lentfer struct eap_method {
676d49e1aeSJan Lentfer 	/**
686d49e1aeSJan Lentfer 	 * vendor - EAP Vendor-ID (EAP_VENDOR_*) (0 = IETF)
696d49e1aeSJan Lentfer 	 */
706d49e1aeSJan Lentfer 	int vendor;
716d49e1aeSJan Lentfer 
726d49e1aeSJan Lentfer 	/**
736d49e1aeSJan Lentfer 	 * method - EAP type number (EAP_TYPE_*)
746d49e1aeSJan Lentfer 	 */
756d49e1aeSJan Lentfer 	EapType method;
766d49e1aeSJan Lentfer 
776d49e1aeSJan Lentfer 	/**
786d49e1aeSJan Lentfer 	 * name - Name of the method (e.g., "TLS")
796d49e1aeSJan Lentfer 	 */
806d49e1aeSJan Lentfer 	const char *name;
816d49e1aeSJan Lentfer 
826d49e1aeSJan Lentfer 	/**
836d49e1aeSJan Lentfer 	 * init - Initialize an EAP method
846d49e1aeSJan Lentfer 	 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
856d49e1aeSJan Lentfer 	 * Returns: Pointer to allocated private data, or %NULL on failure
866d49e1aeSJan Lentfer 	 *
876d49e1aeSJan Lentfer 	 * This function is used to initialize the EAP method explicitly
886d49e1aeSJan Lentfer 	 * instead of using METHOD_INIT state as specific in RFC 4137. The
896d49e1aeSJan Lentfer 	 * method is expected to initialize it method-specific state and return
906d49e1aeSJan Lentfer 	 * a pointer that will be used as the priv argument to other calls.
916d49e1aeSJan Lentfer 	 */
926d49e1aeSJan Lentfer 	void * (*init)(struct eap_sm *sm);
936d49e1aeSJan Lentfer 
946d49e1aeSJan Lentfer 	/**
956d49e1aeSJan Lentfer 	 * deinit - Deinitialize an EAP method
966d49e1aeSJan Lentfer 	 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
976d49e1aeSJan Lentfer 	 * @priv: Pointer to private EAP method data from eap_method::init()
986d49e1aeSJan Lentfer 	 *
996d49e1aeSJan Lentfer 	 * Deinitialize the EAP method and free any allocated private data.
1006d49e1aeSJan Lentfer 	 */
1016d49e1aeSJan Lentfer 	void (*deinit)(struct eap_sm *sm, void *priv);
1026d49e1aeSJan Lentfer 
1036d49e1aeSJan Lentfer 	/**
1046d49e1aeSJan Lentfer 	 * process - Process an EAP request
1056d49e1aeSJan Lentfer 	 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1066d49e1aeSJan Lentfer 	 * @priv: Pointer to private EAP method data from eap_method::init()
1076d49e1aeSJan Lentfer 	 * @ret: Return values from EAP request validation and processing
1086d49e1aeSJan Lentfer 	 * @reqData: EAP request to be processed (eapReqData)
1096d49e1aeSJan Lentfer 	 * Returns: Pointer to allocated EAP response packet (eapRespData)
1106d49e1aeSJan Lentfer 	 *
1116d49e1aeSJan Lentfer 	 * This function is a combination of m.check(), m.process(), and
1126d49e1aeSJan Lentfer 	 * m.buildResp() procedures defined in section 4.4 of RFC 4137 In other
1136d49e1aeSJan Lentfer 	 * words, this function validates the incoming request, processes it,
1146d49e1aeSJan Lentfer 	 * and build a response packet. m.check() and m.process() return values
1156d49e1aeSJan Lentfer 	 * are returned through struct eap_method_ret *ret variable. Caller is
1166d49e1aeSJan Lentfer 	 * responsible for freeing the returned EAP response packet.
1176d49e1aeSJan Lentfer 	 */
1186d49e1aeSJan Lentfer 	struct wpabuf * (*process)(struct eap_sm *sm, void *priv,
1196d49e1aeSJan Lentfer 				   struct eap_method_ret *ret,
1206d49e1aeSJan Lentfer 				   const struct wpabuf *reqData);
1216d49e1aeSJan Lentfer 
1226d49e1aeSJan Lentfer 	/**
1236d49e1aeSJan Lentfer 	 * isKeyAvailable - Find out whether EAP method has keying material
1246d49e1aeSJan Lentfer 	 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1256d49e1aeSJan Lentfer 	 * @priv: Pointer to private EAP method data from eap_method::init()
1266d49e1aeSJan Lentfer 	 * Returns: %TRUE if key material (eapKeyData) is available
1276d49e1aeSJan Lentfer 	 */
1286d49e1aeSJan Lentfer 	Boolean (*isKeyAvailable)(struct eap_sm *sm, void *priv);
1296d49e1aeSJan Lentfer 
1306d49e1aeSJan Lentfer 	/**
1316d49e1aeSJan Lentfer 	 * getKey - Get EAP method specific keying material (eapKeyData)
1326d49e1aeSJan Lentfer 	 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1336d49e1aeSJan Lentfer 	 * @priv: Pointer to private EAP method data from eap_method::init()
1346d49e1aeSJan Lentfer 	 * @len: Pointer to variable to store key length (eapKeyDataLen)
1356d49e1aeSJan Lentfer 	 * Returns: Keying material (eapKeyData) or %NULL if not available
1366d49e1aeSJan Lentfer 	 *
1376d49e1aeSJan Lentfer 	 * This function can be used to get the keying material from the EAP
1386d49e1aeSJan Lentfer 	 * method. The key may already be stored in the method-specific private
1396d49e1aeSJan Lentfer 	 * data or this function may derive the key.
1406d49e1aeSJan Lentfer 	 */
1416d49e1aeSJan Lentfer 	u8 * (*getKey)(struct eap_sm *sm, void *priv, size_t *len);
1426d49e1aeSJan Lentfer 
1436d49e1aeSJan Lentfer 	/**
1446d49e1aeSJan Lentfer 	 * get_status - Get EAP method status
1456d49e1aeSJan Lentfer 	 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1466d49e1aeSJan Lentfer 	 * @priv: Pointer to private EAP method data from eap_method::init()
1476d49e1aeSJan Lentfer 	 * @buf: Buffer for status information
1486d49e1aeSJan Lentfer 	 * @buflen: Maximum buffer length
1496d49e1aeSJan Lentfer 	 * @verbose: Whether to include verbose status information
1506d49e1aeSJan Lentfer 	 * Returns: Number of bytes written to buf
1516d49e1aeSJan Lentfer 	 *
1526d49e1aeSJan Lentfer 	 * Query EAP method for status information. This function fills in a
1536d49e1aeSJan Lentfer 	 * text area with current status information from the EAP method. If
1546d49e1aeSJan Lentfer 	 * the buffer (buf) is not large enough, status information will be
1556d49e1aeSJan Lentfer 	 * truncated to fit the buffer.
1566d49e1aeSJan Lentfer 	 */
1576d49e1aeSJan Lentfer 	int (*get_status)(struct eap_sm *sm, void *priv, char *buf,
1586d49e1aeSJan Lentfer 			  size_t buflen, int verbose);
1596d49e1aeSJan Lentfer 
1606d49e1aeSJan Lentfer 	/**
1616d49e1aeSJan Lentfer 	 * has_reauth_data - Whether method is ready for fast reauthentication
1626d49e1aeSJan Lentfer 	 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1636d49e1aeSJan Lentfer 	 * @priv: Pointer to private EAP method data from eap_method::init()
1646d49e1aeSJan Lentfer 	 * Returns: %TRUE or %FALSE based on whether fast reauthentication is
1656d49e1aeSJan Lentfer 	 * possible
1666d49e1aeSJan Lentfer 	 *
1676d49e1aeSJan Lentfer 	 * This function is an optional handler that only EAP methods
1686d49e1aeSJan Lentfer 	 * supporting fast re-authentication need to implement.
1696d49e1aeSJan Lentfer 	 */
1706d49e1aeSJan Lentfer 	Boolean (*has_reauth_data)(struct eap_sm *sm, void *priv);
1716d49e1aeSJan Lentfer 
1726d49e1aeSJan Lentfer 	/**
1736d49e1aeSJan Lentfer 	 * deinit_for_reauth - Release data that is not needed for fast re-auth
1746d49e1aeSJan Lentfer 	 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1756d49e1aeSJan Lentfer 	 * @priv: Pointer to private EAP method data from eap_method::init()
1766d49e1aeSJan Lentfer 	 *
1776d49e1aeSJan Lentfer 	 * This function is an optional handler that only EAP methods
1786d49e1aeSJan Lentfer 	 * supporting fast re-authentication need to implement. This is called
1796d49e1aeSJan Lentfer 	 * when authentication has been completed and EAP state machine is
1806d49e1aeSJan Lentfer 	 * requesting that enough state information is maintained for fast
1816d49e1aeSJan Lentfer 	 * re-authentication
1826d49e1aeSJan Lentfer 	 */
1836d49e1aeSJan Lentfer 	void (*deinit_for_reauth)(struct eap_sm *sm, void *priv);
1846d49e1aeSJan Lentfer 
1856d49e1aeSJan Lentfer 	/**
1866d49e1aeSJan Lentfer 	 * init_for_reauth - Prepare for start of fast re-authentication
1876d49e1aeSJan Lentfer 	 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
1886d49e1aeSJan Lentfer 	 * @priv: Pointer to private EAP method data from eap_method::init()
1896d49e1aeSJan Lentfer 	 *
1906d49e1aeSJan Lentfer 	 * This function is an optional handler that only EAP methods
1916d49e1aeSJan Lentfer 	 * supporting fast re-authentication need to implement. This is called
1926d49e1aeSJan Lentfer 	 * when EAP authentication is started and EAP state machine is
1936d49e1aeSJan Lentfer 	 * requesting fast re-authentication to be used.
1946d49e1aeSJan Lentfer 	 */
1956d49e1aeSJan Lentfer 	void * (*init_for_reauth)(struct eap_sm *sm, void *priv);
1966d49e1aeSJan Lentfer 
1976d49e1aeSJan Lentfer 	/**
1986d49e1aeSJan Lentfer 	 * get_identity - Get method specific identity for re-authentication
1996d49e1aeSJan Lentfer 	 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
2006d49e1aeSJan Lentfer 	 * @priv: Pointer to private EAP method data from eap_method::init()
2016d49e1aeSJan Lentfer 	 * @len: Length of the returned identity
2026d49e1aeSJan Lentfer 	 * Returns: Pointer to the method specific identity or %NULL if default
2036d49e1aeSJan Lentfer 	 * identity is to be used
2046d49e1aeSJan Lentfer 	 *
2056d49e1aeSJan Lentfer 	 * This function is an optional handler that only EAP methods
2066d49e1aeSJan Lentfer 	 * that use method specific identity need to implement.
2076d49e1aeSJan Lentfer 	 */
2086d49e1aeSJan Lentfer 	const u8 * (*get_identity)(struct eap_sm *sm, void *priv, size_t *len);
2096d49e1aeSJan Lentfer 
2106d49e1aeSJan Lentfer 	/**
211*a1157835SDaniel Fojt 	 * get_error_code - Get the latest EAP method error code
212*a1157835SDaniel Fojt 	 * @priv: Pointer to private EAP method data from eap_method::init()
213*a1157835SDaniel Fojt 	 * Returns: An int for the EAP method specific error code if exists or
214*a1157835SDaniel Fojt 	 * NO_EAP_METHOD_ERROR otherwise.
215*a1157835SDaniel Fojt 	 *
216*a1157835SDaniel Fojt 	 * This method is an optional handler that only EAP methods that need to
217*a1157835SDaniel Fojt 	 * report their error code need to implement.
218*a1157835SDaniel Fojt 	 */
219*a1157835SDaniel Fojt 	int (*get_error_code)(void *priv);
220*a1157835SDaniel Fojt 
221*a1157835SDaniel Fojt 	/**
2226d49e1aeSJan Lentfer 	 * free - Free EAP method data
2236d49e1aeSJan Lentfer 	 * @method: Pointer to the method data registered with
2246d49e1aeSJan Lentfer 	 * eap_peer_method_register().
2256d49e1aeSJan Lentfer 	 *
2266d49e1aeSJan Lentfer 	 * This function will be called when the EAP method is being
2276d49e1aeSJan Lentfer 	 * unregistered. If the EAP method allocated resources during
2286d49e1aeSJan Lentfer 	 * registration (e.g., allocated struct eap_method), they should be
2296d49e1aeSJan Lentfer 	 * freed in this function. No other method functions will be called
2306d49e1aeSJan Lentfer 	 * after this call. If this function is not defined (i.e., function
2316d49e1aeSJan Lentfer 	 * pointer is %NULL), a default handler is used to release the method
2326d49e1aeSJan Lentfer 	 * data with free(method). This is suitable for most cases.
2336d49e1aeSJan Lentfer 	 */
2346d49e1aeSJan Lentfer 	void (*free)(struct eap_method *method);
2356d49e1aeSJan Lentfer 
2366d49e1aeSJan Lentfer #define EAP_PEER_METHOD_INTERFACE_VERSION 1
2376d49e1aeSJan Lentfer 	/**
2386d49e1aeSJan Lentfer 	 * version - Version of the EAP peer method interface
2396d49e1aeSJan Lentfer 	 *
2406d49e1aeSJan Lentfer 	 * The EAP peer method implementation should set this variable to
2416d49e1aeSJan Lentfer 	 * EAP_PEER_METHOD_INTERFACE_VERSION. This is used to verify that the
2426d49e1aeSJan Lentfer 	 * EAP method is using supported API version when using dynamically
2436d49e1aeSJan Lentfer 	 * loadable EAP methods.
2446d49e1aeSJan Lentfer 	 */
2456d49e1aeSJan Lentfer 	int version;
2466d49e1aeSJan Lentfer 
2476d49e1aeSJan Lentfer 	/**
2486d49e1aeSJan Lentfer 	 * next - Pointer to the next EAP method
2496d49e1aeSJan Lentfer 	 *
2506d49e1aeSJan Lentfer 	 * This variable is used internally in the EAP method registration code
2516d49e1aeSJan Lentfer 	 * to create a linked list of registered EAP methods.
2526d49e1aeSJan Lentfer 	 */
2536d49e1aeSJan Lentfer 	struct eap_method *next;
2546d49e1aeSJan Lentfer 
2556d49e1aeSJan Lentfer #ifdef CONFIG_DYNAMIC_EAP_METHODS
2566d49e1aeSJan Lentfer 	/**
2576d49e1aeSJan Lentfer 	 * dl_handle - Handle for the dynamic library
2586d49e1aeSJan Lentfer 	 *
2596d49e1aeSJan Lentfer 	 * This variable is used internally in the EAP method registration code
2606d49e1aeSJan Lentfer 	 * to store a handle for the dynamic library. If the method is linked
2616d49e1aeSJan Lentfer 	 * in statically, this is %NULL.
2626d49e1aeSJan Lentfer 	 */
2636d49e1aeSJan Lentfer 	void *dl_handle;
2646d49e1aeSJan Lentfer #endif /* CONFIG_DYNAMIC_EAP_METHODS */
2656d49e1aeSJan Lentfer 
2666d49e1aeSJan Lentfer 	/**
2676d49e1aeSJan Lentfer 	 * get_emsk - Get EAP method specific keying extended material (EMSK)
2686d49e1aeSJan Lentfer 	 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
2696d49e1aeSJan Lentfer 	 * @priv: Pointer to private EAP method data from eap_method::init()
2706d49e1aeSJan Lentfer 	 * @len: Pointer to a variable to store EMSK length
2716d49e1aeSJan Lentfer 	 * Returns: EMSK or %NULL if not available
2726d49e1aeSJan Lentfer 	 *
2736d49e1aeSJan Lentfer 	 * This function can be used to get the extended keying material from
2746d49e1aeSJan Lentfer 	 * the EAP method. The key may already be stored in the method-specific
2756d49e1aeSJan Lentfer 	 * private data or this function may derive the key.
2766d49e1aeSJan Lentfer 	 */
2776d49e1aeSJan Lentfer 	u8 * (*get_emsk)(struct eap_sm *sm, void *priv, size_t *len);
2783ff40c12SJohn Marino 
2793ff40c12SJohn Marino 	/**
2803ff40c12SJohn Marino 	 * getSessionId - Get EAP method specific Session-Id
2813ff40c12SJohn Marino 	 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
2823ff40c12SJohn Marino 	 * @priv: Pointer to private EAP method data from eap_method::init()
2833ff40c12SJohn Marino 	 * @len: Pointer to a variable to store Session-Id length
2843ff40c12SJohn Marino 	 * Returns: Session-Id or %NULL if not available
2853ff40c12SJohn Marino 	 *
2863ff40c12SJohn Marino 	 * This function can be used to get the Session-Id from the EAP method.
2873ff40c12SJohn Marino 	 * The Session-Id may already be stored in the method-specific private
2883ff40c12SJohn Marino 	 * data or this function may derive the Session-Id.
2893ff40c12SJohn Marino 	 */
2903ff40c12SJohn Marino 	u8 * (*getSessionId)(struct eap_sm *sm, void *priv, size_t *len);
2916d49e1aeSJan Lentfer };
2926d49e1aeSJan Lentfer 
2936d49e1aeSJan Lentfer 
294*a1157835SDaniel Fojt struct eap_erp_key {
295*a1157835SDaniel Fojt 	struct dl_list list;
296*a1157835SDaniel Fojt 	size_t rRK_len;
297*a1157835SDaniel Fojt 	size_t rIK_len;
298*a1157835SDaniel Fojt 	u8 rRK[ERP_MAX_KEY_LEN];
299*a1157835SDaniel Fojt 	u8 rIK[ERP_MAX_KEY_LEN];
300*a1157835SDaniel Fojt 	u32 next_seq;
301*a1157835SDaniel Fojt 	char keyname_nai[];
302*a1157835SDaniel Fojt };
303*a1157835SDaniel Fojt 
3046d49e1aeSJan Lentfer /**
3056d49e1aeSJan Lentfer  * struct eap_sm - EAP state machine data
3066d49e1aeSJan Lentfer  */
3076d49e1aeSJan Lentfer struct eap_sm {
3086d49e1aeSJan Lentfer 	enum {
3096d49e1aeSJan Lentfer 		EAP_INITIALIZE, EAP_DISABLED, EAP_IDLE, EAP_RECEIVED,
3106d49e1aeSJan Lentfer 		EAP_GET_METHOD, EAP_METHOD, EAP_SEND_RESPONSE, EAP_DISCARD,
3116d49e1aeSJan Lentfer 		EAP_IDENTITY, EAP_NOTIFICATION, EAP_RETRANSMIT, EAP_SUCCESS,
3126d49e1aeSJan Lentfer 		EAP_FAILURE
3136d49e1aeSJan Lentfer 	} EAP_state;
3146d49e1aeSJan Lentfer 	/* Long-term local variables */
3156d49e1aeSJan Lentfer 	EapType selectedMethod;
3166d49e1aeSJan Lentfer 	EapMethodState methodState;
3176d49e1aeSJan Lentfer 	int lastId;
3186d49e1aeSJan Lentfer 	struct wpabuf *lastRespData;
3196d49e1aeSJan Lentfer 	EapDecision decision;
3206d49e1aeSJan Lentfer 	/* Short-term local variables */
3216d49e1aeSJan Lentfer 	Boolean rxReq;
3226d49e1aeSJan Lentfer 	Boolean rxSuccess;
3236d49e1aeSJan Lentfer 	Boolean rxFailure;
3246d49e1aeSJan Lentfer 	int reqId;
3256d49e1aeSJan Lentfer 	EapType reqMethod;
3266d49e1aeSJan Lentfer 	int reqVendor;
3276d49e1aeSJan Lentfer 	u32 reqVendorMethod;
3286d49e1aeSJan Lentfer 	Boolean ignore;
3296d49e1aeSJan Lentfer 	/* Constants */
3306d49e1aeSJan Lentfer 	int ClientTimeout;
3316d49e1aeSJan Lentfer 
3326d49e1aeSJan Lentfer 	/* Miscellaneous variables */
3336d49e1aeSJan Lentfer 	Boolean allowNotifications; /* peer state machine <-> methods */
3346d49e1aeSJan Lentfer 	struct wpabuf *eapRespData; /* peer to lower layer */
3356d49e1aeSJan Lentfer 	Boolean eapKeyAvailable; /* peer to lower layer */
3366d49e1aeSJan Lentfer 	u8 *eapKeyData; /* peer to lower layer */
3376d49e1aeSJan Lentfer 	size_t eapKeyDataLen; /* peer to lower layer */
3383ff40c12SJohn Marino 	u8 *eapSessionId; /* peer to lower layer */
3393ff40c12SJohn Marino 	size_t eapSessionIdLen; /* peer to lower layer */
3406d49e1aeSJan Lentfer 	const struct eap_method *m; /* selected EAP method */
3416d49e1aeSJan Lentfer 	/* not defined in RFC 4137 */
3426d49e1aeSJan Lentfer 	Boolean changed;
3436d49e1aeSJan Lentfer 	void *eapol_ctx;
344*a1157835SDaniel Fojt 	const struct eapol_callbacks *eapol_cb;
3456d49e1aeSJan Lentfer 	void *eap_method_priv;
3466d49e1aeSJan Lentfer 	int init_phase2;
3476d49e1aeSJan Lentfer 	int fast_reauth;
348*a1157835SDaniel Fojt 	Boolean reauthInit; /* send EAP-Identity/Re-auth */
349*a1157835SDaniel Fojt 	u32 erp_seq;
3506d49e1aeSJan Lentfer 
3516d49e1aeSJan Lentfer 	Boolean rxResp /* LEAP only */;
3526d49e1aeSJan Lentfer 	Boolean leap_done;
3536d49e1aeSJan Lentfer 	Boolean peap_done;
354*a1157835SDaniel Fojt 	u8 req_sha1[20]; /* SHA1() of the current EAP packet */
355*a1157835SDaniel Fojt 	u8 last_sha1[20]; /* SHA1() of the previously received EAP packet; used
3566d49e1aeSJan Lentfer 			   * in duplicate request detection. */
3576d49e1aeSJan Lentfer 
3586d49e1aeSJan Lentfer 	void *msg_ctx;
3596d49e1aeSJan Lentfer 	void *scard_ctx;
3606d49e1aeSJan Lentfer 	void *ssl_ctx;
3613ff40c12SJohn Marino 	void *ssl_ctx2;
3626d49e1aeSJan Lentfer 
3636d49e1aeSJan Lentfer 	unsigned int workaround;
3646d49e1aeSJan Lentfer 
3656d49e1aeSJan Lentfer 	/* Optional challenges generated in Phase 1 (EAP-FAST) */
3666d49e1aeSJan Lentfer 	u8 *peer_challenge, *auth_challenge;
3676d49e1aeSJan Lentfer 
3686d49e1aeSJan Lentfer 	int num_rounds;
3696d49e1aeSJan Lentfer 	int force_disabled;
3706d49e1aeSJan Lentfer 
3716d49e1aeSJan Lentfer 	struct wps_context *wps;
3726d49e1aeSJan Lentfer 
3736d49e1aeSJan Lentfer 	int prev_failure;
374*a1157835SDaniel Fojt 	struct eap_peer_config *last_config;
3753ff40c12SJohn Marino 
3763ff40c12SJohn Marino 	struct ext_password_data *ext_pw;
3773ff40c12SJohn Marino 	struct wpabuf *ext_pw_buf;
3783ff40c12SJohn Marino 
3793ff40c12SJohn Marino 	int external_sim;
3803ff40c12SJohn Marino 
3813ff40c12SJohn Marino 	unsigned int expected_failure:1;
382*a1157835SDaniel Fojt 	unsigned int ext_cert_check:1;
383*a1157835SDaniel Fojt 	unsigned int waiting_ext_cert_check:1;
384*a1157835SDaniel Fojt 
385*a1157835SDaniel Fojt 	struct dl_list erp_keys; /* struct eap_erp_key */
3866d49e1aeSJan Lentfer };
3876d49e1aeSJan Lentfer 
3886d49e1aeSJan Lentfer const u8 * eap_get_config_identity(struct eap_sm *sm, size_t *len);
3896d49e1aeSJan Lentfer const u8 * eap_get_config_password(struct eap_sm *sm, size_t *len);
3906d49e1aeSJan Lentfer const u8 * eap_get_config_password2(struct eap_sm *sm, size_t *len, int *hash);
3916d49e1aeSJan Lentfer const u8 * eap_get_config_new_password(struct eap_sm *sm, size_t *len);
3926d49e1aeSJan Lentfer const u8 * eap_get_config_otp(struct eap_sm *sm, size_t *len);
3936d49e1aeSJan Lentfer void eap_clear_config_otp(struct eap_sm *sm);
3946d49e1aeSJan Lentfer const char * eap_get_config_phase1(struct eap_sm *sm);
3956d49e1aeSJan Lentfer const char * eap_get_config_phase2(struct eap_sm *sm);
3963ff40c12SJohn Marino int eap_get_config_fragment_size(struct eap_sm *sm);
3976d49e1aeSJan Lentfer struct eap_peer_config * eap_get_config(struct eap_sm *sm);
3986d49e1aeSJan Lentfer void eap_set_config_blob(struct eap_sm *sm, struct wpa_config_blob *blob);
3996d49e1aeSJan Lentfer const struct wpa_config_blob *
4006d49e1aeSJan Lentfer eap_get_config_blob(struct eap_sm *sm, const char *name);
4016d49e1aeSJan Lentfer void eap_notify_pending(struct eap_sm *sm);
4026d49e1aeSJan Lentfer int eap_allowed_method(struct eap_sm *sm, int vendor, u32 method);
4036d49e1aeSJan Lentfer 
4046d49e1aeSJan Lentfer #endif /* EAP_I_H */
405