Context Navigation

source: rtems-libbsd/freebsd/contrib/wpa/src/eap_peer/eap.h @ 9c9d11b

55-freebsd-126-freebsd-12

Last change on this file since 9c9d11b was 9c9d11b, checked in by Sichen Zhao <1473996754@…>, on 08/01/17 at 12:43:41
Import wpa from FreeBSD
Property mode set to `100644`
File size: 10.8 KB

Line
1	/*
2	* EAP peer state machine functions (RFC 4137)
3	* Copyright (c) 2004-2012, Jouni Malinen <j@w1.fi>
4	*
5	* This software may be distributed under the terms of the BSD license.
6	* See README for more details.
7	*/
8
9	#ifndef EAP_H
10	#define EAP_H
11
12	#include "common/defs.h"
13	#include "eap_common/eap_defs.h"
14	#include "eap_peer/eap_methods.h"
15
16	struct eap_sm;
17	struct wpa_config_blob;
18	struct wpabuf;
19
20	struct eap_method_type {
21	int vendor;
22	u32 method;
23	};
24
25	#ifdef IEEE8021X_EAPOL
26
27	/**
28	* enum eapol_bool_var - EAPOL boolean state variables for EAP state machine
29	*
30	* These variables are used in the interface between EAP peer state machine and
31	* lower layer. These are defined in RFC 4137, Sect. 4.1. Lower layer code is
32	* expected to maintain these variables and register a callback functions for
33	* EAP state machine to get and set the variables.
34	*/
35	enum eapol_bool_var {
36	/**
37	* EAPOL_eapSuccess - EAP SUCCESS state reached
38	*
39	* EAP state machine reads and writes this value.
40	*/
41	EAPOL_eapSuccess,
42
43	/**
44	* EAPOL_eapRestart - Lower layer request to restart authentication
45	*
46	* Set to TRUE in lower layer, FALSE in EAP state machine.
47	*/
48	EAPOL_eapRestart,
49
50	/**
51	* EAPOL_eapFail - EAP FAILURE state reached
52	*
53	* EAP state machine writes this value.
54	*/
55	EAPOL_eapFail,
56
57	/**
58	* EAPOL_eapResp - Response to send
59	*
60	* Set to TRUE in EAP state machine, FALSE in lower layer.
61	*/
62	EAPOL_eapResp,
63
64	/**
65	* EAPOL_eapNoResp - Request has been process; no response to send
66	*
67	* Set to TRUE in EAP state machine, FALSE in lower layer.
68	*/
69	EAPOL_eapNoResp,
70
71	/**
72	* EAPOL_eapReq - EAP request available from lower layer
73	*
74	* Set to TRUE in lower layer, FALSE in EAP state machine.
75	*/
76	EAPOL_eapReq,
77
78	/**
79	* EAPOL_portEnabled - Lower layer is ready for communication
80	*
81	* EAP state machines reads this value.
82	*/
83	EAPOL_portEnabled,
84
85	/**
86	* EAPOL_altAccept - Alternate indication of success (RFC3748)
87	*
88	* EAP state machines reads this value.
89	*/
90	EAPOL_altAccept,
91
92	/**
93	* EAPOL_altReject - Alternate indication of failure (RFC3748)
94	*
95	* EAP state machines reads this value.
96	*/
97	EAPOL_altReject,
98
99	/**
100	* EAPOL_eapTriggerStart - EAP-based trigger to send EAPOL-Start
101	*
102	* EAP state machine writes this value.
103	*/
104	EAPOL_eapTriggerStart
105	};
106
107	/**
108	* enum eapol_int_var - EAPOL integer state variables for EAP state machine
109	*
110	* These variables are used in the interface between EAP peer state machine and
111	* lower layer. These are defined in RFC 4137, Sect. 4.1. Lower layer code is
112	* expected to maintain these variables and register a callback functions for
113	* EAP state machine to get and set the variables.
114	*/
115	enum eapol_int_var {
116	/**
117	* EAPOL_idleWhile - Outside time for EAP peer timeout
118	*
119	* This integer variable is used to provide an outside timer that the
120	* external (to EAP state machine) code must decrement by one every
121	* second until the value reaches zero. This is used in the same way as
122	* EAPOL state machine timers. EAP state machine reads and writes this
123	* value.
124	*/
125	EAPOL_idleWhile
126	};
127
128	/**
129	* struct eapol_callbacks - Callback functions from EAP to lower layer
130	*
131	* This structure defines the callback functions that EAP state machine
132	* requires from the lower layer (usually EAPOL state machine) for updating
133	* state variables and requesting information. eapol_ctx from
134	* eap_peer_sm_init() call will be used as the ctx parameter for these
135	* callback functions.
136	*/
137	struct eapol_callbacks {
138	/**
139	* get_config - Get pointer to the current network configuration
140	* @ctx: eapol_ctx from eap_peer_sm_init() call
141	*/
142	struct eap_peer_config * (get_config)(void ctx);
143
144	/**
145	* get_bool - Get a boolean EAPOL state variable
146	* @variable: EAPOL boolean variable to get
147	* Returns: Value of the EAPOL variable
148	*/
149	Boolean (get_bool)(void ctx, enum eapol_bool_var variable);
150
151	/**
152	* set_bool - Set a boolean EAPOL state variable
153	* @ctx: eapol_ctx from eap_peer_sm_init() call
154	* @variable: EAPOL boolean variable to set
155	* @value: Value for the EAPOL variable
156	*/
157	void (set_bool)(void ctx, enum eapol_bool_var variable,
158	Boolean value);
159
160	/**
161	* get_int - Get an integer EAPOL state variable
162	* @ctx: eapol_ctx from eap_peer_sm_init() call
163	* @variable: EAPOL integer variable to get
164	* Returns: Value of the EAPOL variable
165	*/
166	unsigned int (get_int)(void ctx, enum eapol_int_var variable);
167
168	/**
169	* set_int - Set an integer EAPOL state variable
170	* @ctx: eapol_ctx from eap_peer_sm_init() call
171	* @variable: EAPOL integer variable to set
172	* @value: Value for the EAPOL variable
173	*/
174	void (set_int)(void ctx, enum eapol_int_var variable,
175	unsigned int value);
176
177	/**
178	* get_eapReqData - Get EAP-Request data
179	* @ctx: eapol_ctx from eap_peer_sm_init() call
180	* @len: Pointer to variable that will be set to eapReqDataLen
181	* Returns: Reference to eapReqData (EAP state machine will not free
182	* this) or %NULL if eapReqData not available.
183	*/
184	struct wpabuf * (get_eapReqData)(void ctx);
185
186	/**
187	* set_config_blob - Set named configuration blob
188	* @ctx: eapol_ctx from eap_peer_sm_init() call
189	* @blob: New value for the blob
190	*
191	* Adds a new configuration blob or replaces the current value of an
192	* existing blob.
193	*/
194	void (set_config_blob)(void ctx, struct wpa_config_blob *blob);
195
196	/**
197	* get_config_blob - Get a named configuration blob
198	* @ctx: eapol_ctx from eap_peer_sm_init() call
199	* @name: Name of the blob
200	* Returns: Pointer to blob data or %NULL if not found
201	*/
202	const struct wpa_config_blob * (get_config_blob)(void ctx,
203	const char *name);
204
205	/**
206	* notify_pending - Notify that a pending request can be retried
207	* @ctx: eapol_ctx from eap_peer_sm_init() call
208	*
209	* An EAP method can perform a pending operation (e.g., to get a
210	* response from an external process). Once the response is available,
211	* this callback function can be used to request EAPOL state machine to
212	* retry delivering the previously received (and still unanswered) EAP
213	* request to EAP state machine.
214	*/
215	void (notify_pending)(void ctx);
216
217	/**
218	* eap_param_needed - Notify that EAP parameter is needed
219	* @ctx: eapol_ctx from eap_peer_sm_init() call
220	* @field: Field indicator (e.g., WPA_CTRL_REQ_EAP_IDENTITY)
221	* @txt: User readable text describing the required parameter
222	*/
223	void (eap_param_needed)(void ctx, enum wpa_ctrl_req_type field,
224	const char *txt);
225
226	/**
227	* notify_cert - Notification of a peer certificate
228	* @ctx: eapol_ctx from eap_peer_sm_init() call
229	* @depth: Depth in certificate chain (0 = server)
230	* @subject: Subject of the peer certificate
231	* @altsubject: Select fields from AltSubject of the peer certificate
232	* @num_altsubject: Number of altsubject values
233	* @cert_hash: SHA-256 hash of the certificate
234	* @cert: Peer certificate
235	*/
236	void (notify_cert)(void ctx, int depth, const char *subject,
237	const char *altsubject[], int num_altsubject,
238	const char cert_hash, const struct wpabuf cert);
239
240	/**
241	* notify_status - Notification of the current EAP state
242	* @ctx: eapol_ctx from eap_peer_sm_init() call
243	* @status: Step in the process of EAP authentication
244	* @parameter: Step-specific parameter, e.g., EAP method name
245	*/
246	void (notify_status)(void ctx, const char *status,
247	const char *parameter);
248
249	#ifdef CONFIG_EAP_PROXY
250	/**
251	* eap_proxy_cb - Callback signifying any updates from eap_proxy
252	* @ctx: eapol_ctx from eap_peer_sm_init() call
253	*/
254	void (eap_proxy_cb)(void ctx);
255	#endif /* CONFIG_EAP_PROXY */
256
257	/**
258	* set_anon_id - Set or add anonymous identity
259	* @ctx: eapol_ctx from eap_peer_sm_init() call
260	* @id: Anonymous identity (e.g., EAP-SIM pseudonym) or %NULL to clear
261	* @len: Length of anonymous identity in octets
262	*/
263	void (set_anon_id)(void ctx, const u8 *id, size_t len);
264	};
265
266	/**
267	* struct eap_config - Configuration for EAP state machine
268	*/
269	struct eap_config {
270	/**
271	* opensc_engine_path - OpenSC engine for OpenSSL engine support
272	*
273	* Usually, path to engine_opensc.so.
274	*/
275	const char *opensc_engine_path;
276	/**
277	* pkcs11_engine_path - PKCS#11 engine for OpenSSL engine support
278	*
279	* Usually, path to engine_pkcs11.so.
280	*/
281	const char *pkcs11_engine_path;
282	/**
283	* pkcs11_module_path - OpenSC PKCS#11 module for OpenSSL engine
284	*
285	* Usually, path to opensc-pkcs11.so.
286	*/
287	const char *pkcs11_module_path;
288	/**
289	* openssl_ciphers - OpenSSL cipher string
290	*
291	* This is an OpenSSL specific configuration option for configuring the
292	* default ciphers. If not set, "DEFAULT:!EXP:!LOW" is used as the
293	* default.
294	*/
295	const char *openssl_ciphers;
296	/**
297	* wps - WPS context data
298	*
299	* This is only used by EAP-WSC and can be left %NULL if not available.
300	*/
301	struct wps_context *wps;
302
303	/**
304	* cert_in_cb - Include server certificates in callback
305	*/
306	int cert_in_cb;
307	};
308
309	struct eap_sm * eap_peer_sm_init(void *eapol_ctx,
310	const struct eapol_callbacks *eapol_cb,
311	void msg_ctx, struct eap_config conf);
312	void eap_peer_sm_deinit(struct eap_sm *sm);
313	int eap_peer_sm_step(struct eap_sm *sm);
314	void eap_sm_abort(struct eap_sm *sm);
315	int eap_sm_get_status(struct eap_sm sm, char buf, size_t buflen,
316	int verbose);
317	const char * eap_sm_get_method_name(struct eap_sm *sm);
318	struct wpabuf * eap_sm_buildIdentity(struct eap_sm *sm, int id, int encrypted);
319	void eap_sm_request_identity(struct eap_sm *sm);
320	void eap_sm_request_password(struct eap_sm *sm);
321	void eap_sm_request_new_password(struct eap_sm *sm);
322	void eap_sm_request_pin(struct eap_sm *sm);
323	void eap_sm_request_otp(struct eap_sm sm, const char msg, size_t msg_len);
324	void eap_sm_request_passphrase(struct eap_sm *sm);
325	void eap_sm_request_sim(struct eap_sm sm, const char req);
326	void eap_sm_notify_ctrl_attached(struct eap_sm *sm);
327	u32 eap_get_phase2_type(const char name, int vendor);
328	struct eap_method_type * eap_get_phase2_types(struct eap_peer_config *config,
329	size_t *count);
330	void eap_set_fast_reauth(struct eap_sm *sm, int enabled);
331	void eap_set_workaround(struct eap_sm *sm, unsigned int workaround);
332	void eap_set_force_disabled(struct eap_sm *sm, int disabled);
333	void eap_set_external_sim(struct eap_sm *sm, int external_sim);
334	int eap_key_available(struct eap_sm *sm);
335	void eap_notify_success(struct eap_sm *sm);
336	void eap_notify_lower_layer_success(struct eap_sm *sm);
337	const u8 * eap_get_eapSessionId(struct eap_sm sm, size_t len);
338	const u8 * eap_get_eapKeyData(struct eap_sm sm, size_t len);
339	struct wpabuf * eap_get_eapRespData(struct eap_sm *sm);
340	void eap_register_scard_ctx(struct eap_sm sm, void ctx);
341	void eap_invalidate_cached_session(struct eap_sm *sm);
342
343	int eap_is_wps_pbc_enrollee(struct eap_peer_config *conf);
344	int eap_is_wps_pin_enrollee(struct eap_peer_config *conf);
345
346	struct ext_password_data;
347	void eap_sm_set_ext_pw_ctx(struct eap_sm sm, struct ext_password_data ext);
348	void eap_set_anon_id(struct eap_sm sm, const u8 id, size_t len);
349	int eap_peer_was_failure_expected(struct eap_sm *sm);
350	void eap_peer_erp_free_keys(struct eap_sm *sm);
351
352	#endif /* IEEE8021X_EAPOL */
353
354	#endif /* EAP_H */

Note: See TracBrowser for help on using the repository browser.

Download in other formats: