xref: /minix3/minix/lib/liblwip/dist/src/include/netif/ppp/eap.h (revision 5d5fbe79c1b60734f34c69330aec5496644e8651) 
1*5d5fbe79SDavid van Moolenbroek /*
2*5d5fbe79SDavid van Moolenbroek  * eap.h - Extensible Authentication Protocol for PPP (RFC 2284)
3*5d5fbe79SDavid van Moolenbroek  *
4*5d5fbe79SDavid van Moolenbroek  * Copyright (c) 2001 by Sun Microsystems, Inc.
5*5d5fbe79SDavid van Moolenbroek  * All rights reserved.
6*5d5fbe79SDavid van Moolenbroek  *
7*5d5fbe79SDavid van Moolenbroek  * Non-exclusive rights to redistribute, modify, translate, and use
8*5d5fbe79SDavid van Moolenbroek  * this software in source and binary forms, in whole or in part, is
9*5d5fbe79SDavid van Moolenbroek  * hereby granted, provided that the above copyright notice is
10*5d5fbe79SDavid van Moolenbroek  * duplicated in any source form, and that neither the name of the
11*5d5fbe79SDavid van Moolenbroek  * copyright holder nor the author is used to endorse or promote
12*5d5fbe79SDavid van Moolenbroek  * products derived from this software.
13*5d5fbe79SDavid van Moolenbroek  *
14*5d5fbe79SDavid van Moolenbroek  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
15*5d5fbe79SDavid van Moolenbroek  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
16*5d5fbe79SDavid van Moolenbroek  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
17*5d5fbe79SDavid van Moolenbroek  *
18*5d5fbe79SDavid van Moolenbroek  * Original version by James Carlson
19*5d5fbe79SDavid van Moolenbroek  *
20*5d5fbe79SDavid van Moolenbroek  * $Id: eap.h,v 1.2 2003/06/11 23:56:26 paulus Exp $
21*5d5fbe79SDavid van Moolenbroek  */
22*5d5fbe79SDavid van Moolenbroek 
23*5d5fbe79SDavid van Moolenbroek #include "netif/ppp/ppp_opts.h"
24*5d5fbe79SDavid van Moolenbroek #if PPP_SUPPORT && EAP_SUPPORT  /* don't build if not configured for use in lwipopts.h */
25*5d5fbe79SDavid van Moolenbroek 
26*5d5fbe79SDavid van Moolenbroek #ifndef PPP_EAP_H
27*5d5fbe79SDavid van Moolenbroek #define	PPP_EAP_H
28*5d5fbe79SDavid van Moolenbroek 
29*5d5fbe79SDavid van Moolenbroek #include "ppp.h"
30*5d5fbe79SDavid van Moolenbroek 
31*5d5fbe79SDavid van Moolenbroek #ifdef	__cplusplus
32*5d5fbe79SDavid van Moolenbroek extern "C" {
33*5d5fbe79SDavid van Moolenbroek #endif
34*5d5fbe79SDavid van Moolenbroek 
35*5d5fbe79SDavid van Moolenbroek /*
36*5d5fbe79SDavid van Moolenbroek  * Packet header = Code, id, length.
37*5d5fbe79SDavid van Moolenbroek  */
38*5d5fbe79SDavid van Moolenbroek #define	EAP_HEADERLEN	4
39*5d5fbe79SDavid van Moolenbroek 
40*5d5fbe79SDavid van Moolenbroek 
41*5d5fbe79SDavid van Moolenbroek /* EAP message codes. */
42*5d5fbe79SDavid van Moolenbroek #define	EAP_REQUEST	1
43*5d5fbe79SDavid van Moolenbroek #define	EAP_RESPONSE	2
44*5d5fbe79SDavid van Moolenbroek #define	EAP_SUCCESS	3
45*5d5fbe79SDavid van Moolenbroek #define	EAP_FAILURE	4
46*5d5fbe79SDavid van Moolenbroek 
47*5d5fbe79SDavid van Moolenbroek /* EAP types */
48*5d5fbe79SDavid van Moolenbroek #define	EAPT_IDENTITY		1
49*5d5fbe79SDavid van Moolenbroek #define	EAPT_NOTIFICATION	2
50*5d5fbe79SDavid van Moolenbroek #define	EAPT_NAK		3	/* (response only) */
51*5d5fbe79SDavid van Moolenbroek #define	EAPT_MD5CHAP		4
52*5d5fbe79SDavid van Moolenbroek #define	EAPT_OTP		5	/* One-Time Password; RFC 1938 */
53*5d5fbe79SDavid van Moolenbroek #define	EAPT_TOKEN		6	/* Generic Token Card */
54*5d5fbe79SDavid van Moolenbroek /* 7 and 8 are unassigned. */
55*5d5fbe79SDavid van Moolenbroek #define	EAPT_RSA		9	/* RSA Public Key Authentication */
56*5d5fbe79SDavid van Moolenbroek #define	EAPT_DSS		10	/* DSS Unilateral */
57*5d5fbe79SDavid van Moolenbroek #define	EAPT_KEA		11	/* KEA */
58*5d5fbe79SDavid van Moolenbroek #define	EAPT_KEA_VALIDATE	12	/* KEA-VALIDATE	*/
59*5d5fbe79SDavid van Moolenbroek #define	EAPT_TLS		13	/* EAP-TLS */
60*5d5fbe79SDavid van Moolenbroek #define	EAPT_DEFENDER		14	/* Defender Token (AXENT) */
61*5d5fbe79SDavid van Moolenbroek #define	EAPT_W2K		15	/* Windows 2000 EAP */
62*5d5fbe79SDavid van Moolenbroek #define	EAPT_ARCOT		16	/* Arcot Systems */
63*5d5fbe79SDavid van Moolenbroek #define	EAPT_CISCOWIRELESS	17	/* Cisco Wireless */
64*5d5fbe79SDavid van Moolenbroek #define	EAPT_NOKIACARD		18	/* Nokia IP smart card */
65*5d5fbe79SDavid van Moolenbroek #define	EAPT_SRP		19	/* Secure Remote Password */
66*5d5fbe79SDavid van Moolenbroek /* 20 is deprecated */
67*5d5fbe79SDavid van Moolenbroek 
68*5d5fbe79SDavid van Moolenbroek /* EAP SRP-SHA1 Subtypes */
69*5d5fbe79SDavid van Moolenbroek #define	EAPSRP_CHALLENGE	1	/* Request 1 - Challenge */
70*5d5fbe79SDavid van Moolenbroek #define	EAPSRP_CKEY		1	/* Response 1 - Client Key */
71*5d5fbe79SDavid van Moolenbroek #define	EAPSRP_SKEY		2	/* Request 2 - Server Key */
72*5d5fbe79SDavid van Moolenbroek #define	EAPSRP_CVALIDATOR	2	/* Response 2 - Client Validator */
73*5d5fbe79SDavid van Moolenbroek #define	EAPSRP_SVALIDATOR	3	/* Request 3 - Server Validator */
74*5d5fbe79SDavid van Moolenbroek #define	EAPSRP_ACK		3	/* Response 3 - final ack */
75*5d5fbe79SDavid van Moolenbroek #define	EAPSRP_LWRECHALLENGE	4	/* Req/resp 4 - Lightweight rechal */
76*5d5fbe79SDavid van Moolenbroek 
77*5d5fbe79SDavid van Moolenbroek #define	SRPVAL_EBIT	0x00000001	/* Use shared key for ECP */
78*5d5fbe79SDavid van Moolenbroek 
79*5d5fbe79SDavid van Moolenbroek #define	SRP_PSEUDO_ID	"pseudo_"
80*5d5fbe79SDavid van Moolenbroek #define	SRP_PSEUDO_LEN	7
81*5d5fbe79SDavid van Moolenbroek 
82*5d5fbe79SDavid van Moolenbroek #define MD5_SIGNATURE_SIZE	16
83*5d5fbe79SDavid van Moolenbroek #define EAP_MIN_CHALLENGE_LENGTH	17
84*5d5fbe79SDavid van Moolenbroek #define EAP_MAX_CHALLENGE_LENGTH	24
85*5d5fbe79SDavid van Moolenbroek #define EAP_MIN_MAX_POWER_OF_TWO_CHALLENGE_LENGTH     3   /* 2^3-1 = 7, 17+7 = 24 */
86*5d5fbe79SDavid van Moolenbroek 
87*5d5fbe79SDavid van Moolenbroek #define	EAP_STATES	\
88*5d5fbe79SDavid van Moolenbroek 	"Initial", "Pending", "Closed", "Listen", "Identify", \
89*5d5fbe79SDavid van Moolenbroek 	"SRP1", "SRP2", "SRP3", "MD5Chall", "Open", "SRP4", "BadAuth"
90*5d5fbe79SDavid van Moolenbroek 
91*5d5fbe79SDavid van Moolenbroek #define	eap_client_active(pcb)	((pcb)->eap.es_client.ea_state == eapListen)
92*5d5fbe79SDavid van Moolenbroek #if PPP_SERVER
93*5d5fbe79SDavid van Moolenbroek #define	eap_server_active(pcb)	\
94*5d5fbe79SDavid van Moolenbroek 	((pcb)->eap.es_server.ea_state >= eapIdentify && \
95*5d5fbe79SDavid van Moolenbroek 	 (pcb)->eap.es_server.ea_state <= eapMD5Chall)
96*5d5fbe79SDavid van Moolenbroek #endif /* PPP_SERVER */
97*5d5fbe79SDavid van Moolenbroek 
98*5d5fbe79SDavid van Moolenbroek /*
99*5d5fbe79SDavid van Moolenbroek  * Complete EAP state for one PPP session.
100*5d5fbe79SDavid van Moolenbroek  */
101*5d5fbe79SDavid van Moolenbroek enum eap_state_code {
102*5d5fbe79SDavid van Moolenbroek 	eapInitial = 0,	/* No EAP authentication yet requested */
103*5d5fbe79SDavid van Moolenbroek 	eapPending,	/* Waiting for LCP (no timer) */
104*5d5fbe79SDavid van Moolenbroek 	eapClosed,	/* Authentication not in use */
105*5d5fbe79SDavid van Moolenbroek 	eapListen,	/* Client ready (and timer running) */
106*5d5fbe79SDavid van Moolenbroek 	eapIdentify,	/* EAP Identify sent */
107*5d5fbe79SDavid van Moolenbroek 	eapSRP1,	/* Sent EAP SRP-SHA1 Subtype 1 */
108*5d5fbe79SDavid van Moolenbroek 	eapSRP2,	/* Sent EAP SRP-SHA1 Subtype 2 */
109*5d5fbe79SDavid van Moolenbroek 	eapSRP3,	/* Sent EAP SRP-SHA1 Subtype 3 */
110*5d5fbe79SDavid van Moolenbroek 	eapMD5Chall,	/* Sent MD5-Challenge */
111*5d5fbe79SDavid van Moolenbroek 	eapOpen,	/* Completed authentication */
112*5d5fbe79SDavid van Moolenbroek 	eapSRP4,	/* Sent EAP SRP-SHA1 Subtype 4 */
113*5d5fbe79SDavid van Moolenbroek 	eapBadAuth	/* Failed authentication */
114*5d5fbe79SDavid van Moolenbroek };
115*5d5fbe79SDavid van Moolenbroek 
116*5d5fbe79SDavid van Moolenbroek struct eap_auth {
117*5d5fbe79SDavid van Moolenbroek 	const char *ea_name;	/* Our name */
118*5d5fbe79SDavid van Moolenbroek 	char ea_peer[MAXNAMELEN +1];	/* Peer's name */
119*5d5fbe79SDavid van Moolenbroek 	void *ea_session;	/* Authentication library linkage */
120*5d5fbe79SDavid van Moolenbroek 	u_char *ea_skey;	/* Shared encryption key */
121*5d5fbe79SDavid van Moolenbroek 	u_short ea_namelen;	/* Length of our name */
122*5d5fbe79SDavid van Moolenbroek 	u_short ea_peerlen;	/* Length of peer's name */
123*5d5fbe79SDavid van Moolenbroek 	enum eap_state_code ea_state;
124*5d5fbe79SDavid van Moolenbroek 	u_char ea_id;		/* Current id */
125*5d5fbe79SDavid van Moolenbroek 	u_char ea_requests;	/* Number of Requests sent/received */
126*5d5fbe79SDavid van Moolenbroek 	u_char ea_responses;	/* Number of Responses */
127*5d5fbe79SDavid van Moolenbroek 	u_char ea_type;		/* One of EAPT_* */
128*5d5fbe79SDavid van Moolenbroek 	u32_t ea_keyflags;	/* SRP shared key usage flags */
129*5d5fbe79SDavid van Moolenbroek };
130*5d5fbe79SDavid van Moolenbroek 
131*5d5fbe79SDavid van Moolenbroek #ifndef EAP_MAX_CHALLENGE_LENGTH
132*5d5fbe79SDavid van Moolenbroek #define EAP_MAX_CHALLENGE_LENGTH	24
133*5d5fbe79SDavid van Moolenbroek #endif
134*5d5fbe79SDavid van Moolenbroek typedef struct eap_state {
135*5d5fbe79SDavid van Moolenbroek 	struct eap_auth es_client;	/* Client (authenticatee) data */
136*5d5fbe79SDavid van Moolenbroek #if PPP_SERVER
137*5d5fbe79SDavid van Moolenbroek 	struct eap_auth es_server;	/* Server (authenticator) data */
138*5d5fbe79SDavid van Moolenbroek #endif /* PPP_SERVER */
139*5d5fbe79SDavid van Moolenbroek 	int es_savedtime;		/* Saved timeout */
140*5d5fbe79SDavid van Moolenbroek 	int es_rechallenge;		/* EAP rechallenge interval */
141*5d5fbe79SDavid van Moolenbroek 	int es_lwrechallenge;		/* SRP lightweight rechallenge inter */
142*5d5fbe79SDavid van Moolenbroek 	u8_t es_usepseudo;		/* Use SRP Pseudonym if offered one */
143*5d5fbe79SDavid van Moolenbroek 	int es_usedpseudo;		/* Set if we already sent PN */
144*5d5fbe79SDavid van Moolenbroek 	int es_challen;			/* Length of challenge string */
145*5d5fbe79SDavid van Moolenbroek 	u_char es_challenge[EAP_MAX_CHALLENGE_LENGTH];
146*5d5fbe79SDavid van Moolenbroek } eap_state;
147*5d5fbe79SDavid van Moolenbroek 
148*5d5fbe79SDavid van Moolenbroek /*
149*5d5fbe79SDavid van Moolenbroek  * Timeouts.
150*5d5fbe79SDavid van Moolenbroek  */
151*5d5fbe79SDavid van Moolenbroek #if 0 /* moved to ppp_opts.h */
152*5d5fbe79SDavid van Moolenbroek #define	EAP_DEFTIMEOUT		3	/* Timeout (seconds) for rexmit */
153*5d5fbe79SDavid van Moolenbroek #define	EAP_DEFTRANSMITS	10	/* max # times to transmit */
154*5d5fbe79SDavid van Moolenbroek #define	EAP_DEFREQTIME		20	/* Time to wait for peer request */
155*5d5fbe79SDavid van Moolenbroek #define	EAP_DEFALLOWREQ		20	/* max # times to accept requests */
156*5d5fbe79SDavid van Moolenbroek #endif /* moved to ppp_opts.h */
157*5d5fbe79SDavid van Moolenbroek 
158*5d5fbe79SDavid van Moolenbroek void eap_authwithpeer(ppp_pcb *pcb, const char *localname);
159*5d5fbe79SDavid van Moolenbroek void eap_authpeer(ppp_pcb *pcb, const char *localname);
160*5d5fbe79SDavid van Moolenbroek 
161*5d5fbe79SDavid van Moolenbroek extern const struct protent eap_protent;
162*5d5fbe79SDavid van Moolenbroek 
163*5d5fbe79SDavid van Moolenbroek #ifdef	__cplusplus
164*5d5fbe79SDavid van Moolenbroek }
165*5d5fbe79SDavid van Moolenbroek #endif
166*5d5fbe79SDavid van Moolenbroek 
167*5d5fbe79SDavid van Moolenbroek #endif /* PPP_EAP_H */
168*5d5fbe79SDavid van Moolenbroek 
169*5d5fbe79SDavid van Moolenbroek #endif /* PPP_SUPPORT && EAP_SUPPORT */
170