2
* EAP peer state machine functions (RFC 4137)
3
* Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
5
* This program is free software; you can redistribute it and/or modify
6
* it under the terms of the GNU General Public License version 2 as
7
* published by the Free Software Foundation.
9
* Alternatively, this software may be distributed under the terms of BSD
12
* See README and COPYING for more details.
19
#include "eap_common/eap_defs.h"
20
#include "eap_peer/eap_methods.h"
24
struct wpa_config_blob;
26
struct eap_method_type {
31
#ifdef IEEE8021X_EAPOL
34
* enum eapol_bool_var - EAPOL boolean state variables for EAP state machine
36
* These variables are used in the interface between EAP peer state machine and
37
* lower layer. These are defined in RFC 4137, Sect. 4.1. Lower layer code is
38
* expected to maintain these variables and register a callback functions for
39
* EAP state machine to get and set the variables.
43
* EAPOL_eapSuccess - EAP SUCCESS state reached
45
* EAP state machine reads and writes this value.
50
* EAPOL_eapRestart - Lower layer request to restart authentication
52
* Set to TRUE in lower layer, FALSE in EAP state machine.
57
* EAPOL_eapFail - EAP FAILURE state reached
59
* EAP state machine writes this value.
64
* EAPOL_eapResp - Response to send
66
* Set to TRUE in EAP state machine, FALSE in lower layer.
71
* EAPOL_eapNoResp - Request has been process; no response to send
73
* Set to TRUE in EAP state machine, FALSE in lower layer.
78
* EAPOL_eapReq - EAP request available from lower layer
80
* Set to TRUE in lower layer, FALSE in EAP state machine.
85
* EAPOL_portEnabled - Lower layer is ready for communication
87
* EAP state machines reads this value.
92
* EAPOL_altAccept - Alternate indication of success (RFC3748)
94
* EAP state machines reads this value.
99
* EAPOL_altReject - Alternate indication of failure (RFC3748)
101
* EAP state machines reads this value.
107
* enum eapol_int_var - EAPOL integer state variables for EAP state machine
109
* These variables are used in the interface between EAP peer state machine and
110
* lower layer. These are defined in RFC 4137, Sect. 4.1. Lower layer code is
111
* expected to maintain these variables and register a callback functions for
112
* EAP state machine to get and set the variables.
116
* EAPOL_idleWhile - Outside time for EAP peer timeout
118
* This integer variable is used to provide an outside timer that the
119
* external (to EAP state machine) code must decrement by one every
120
* second until the value reaches zero. This is used in the same way as
121
* EAPOL state machine timers. EAP state machine reads and writes this
128
* struct eapol_callbacks - Callback functions from EAP to lower layer
130
* This structure defines the callback functions that EAP state machine
131
* requires from the lower layer (usually EAPOL state machine) for updating
132
* state variables and requesting information. eapol_ctx from
133
* eap_peer_sm_init() call will be used as the ctx parameter for these
134
* callback functions.
136
struct eapol_callbacks {
138
* get_config - Get pointer to the current network configuration
139
* @ctx: eapol_ctx from eap_peer_sm_init() call
141
struct wpa_ssid * (*get_config)(void *ctx);
144
* get_bool - Get a boolean EAPOL state variable
145
* @variable: EAPOL boolean variable to get
146
* Returns: Value of the EAPOL variable
148
Boolean (*get_bool)(void *ctx, enum eapol_bool_var variable);
151
* set_bool - Set a boolean EAPOL state variable
152
* @ctx: eapol_ctx from eap_peer_sm_init() call
153
* @variable: EAPOL boolean variable to set
154
* @value: Value for the EAPOL variable
156
void (*set_bool)(void *ctx, enum eapol_bool_var variable,
160
* get_int - Get an integer EAPOL state variable
161
* @ctx: eapol_ctx from eap_peer_sm_init() call
162
* @variable: EAPOL integer variable to get
163
* Returns: Value of the EAPOL variable
165
unsigned int (*get_int)(void *ctx, enum eapol_int_var variable);
168
* set_int - Set an integer EAPOL state variable
169
* @ctx: eapol_ctx from eap_peer_sm_init() call
170
* @variable: EAPOL integer variable to set
171
* @value: Value for the EAPOL variable
173
void (*set_int)(void *ctx, enum eapol_int_var variable,
177
* get_eapReqData - Get EAP-Request data
178
* @ctx: eapol_ctx from eap_peer_sm_init() call
179
* @len: Pointer to variable that will be set to eapReqDataLen
180
* Returns: Reference to eapReqData (EAP state machine will not free
181
* this) or %NULL if eapReqData not available.
183
u8 * (*get_eapReqData)(void *ctx, size_t *len);
186
* set_config_blob - Set named configuration blob
187
* @ctx: eapol_ctx from eap_peer_sm_init() call
188
* @blob: New value for the blob
190
* Adds a new configuration blob or replaces the current value of an
193
void (*set_config_blob)(void *ctx, struct wpa_config_blob *blob);
196
* get_config_blob - Get a named configuration blob
197
* @ctx: eapol_ctx from eap_peer_sm_init() call
198
* @name: Name of the blob
199
* Returns: Pointer to blob data or %NULL if not found
201
const struct wpa_config_blob * (*get_config_blob)(void *ctx,
205
* notify_pending - Notify that a pending request can be retried
206
* @ctx: eapol_ctx from eap_peer_sm_init() call
208
* An EAP method can perform a pending operation (e.g., to get a
209
* response from an external process). Once the response is available,
210
* this callback function can be used to request EAPOL state machine to
211
* retry delivering the previously received (and still unanswered) EAP
212
* request to EAP state machine.
214
void (*notify_pending)(void *ctx);
218
* struct eap_config - Configuration for EAP state machine
222
* opensc_engine_path - OpenSC engine for OpenSSL engine support
224
* Usually, path to engine_opensc.so.
226
const char *opensc_engine_path;
228
* pkcs11_engine_path - PKCS#11 engine for OpenSSL engine support
230
* Usually, path to engine_pkcs11.so.
232
const char *pkcs11_engine_path;
234
* pkcs11_module_path - OpenSC PKCS#11 module for OpenSSL engine
236
* Usually, path to opensc-pkcs11.so.
238
const char *pkcs11_module_path;
241
struct eap_sm * eap_peer_sm_init(void *eapol_ctx,
242
struct eapol_callbacks *eapol_cb,
243
void *msg_ctx, struct eap_config *conf);
244
void eap_peer_sm_deinit(struct eap_sm *sm);
245
int eap_peer_sm_step(struct eap_sm *sm);
246
void eap_sm_abort(struct eap_sm *sm);
247
int eap_sm_get_status(struct eap_sm *sm, char *buf, size_t buflen,
249
u8 * eap_sm_buildIdentity(struct eap_sm *sm, int id, size_t *len,
251
void eap_sm_request_identity(struct eap_sm *sm);
252
void eap_sm_request_password(struct eap_sm *sm);
253
void eap_sm_request_new_password(struct eap_sm *sm);
254
void eap_sm_request_pin(struct eap_sm *sm);
255
void eap_sm_request_otp(struct eap_sm *sm, const char *msg, size_t msg_len);
256
void eap_sm_request_passphrase(struct eap_sm *sm);
257
void eap_sm_notify_ctrl_attached(struct eap_sm *sm);
258
u32 eap_get_phase2_type(const char *name, int *vendor);
259
struct eap_method_type * eap_get_phase2_types(struct wpa_ssid *config,
261
void eap_set_fast_reauth(struct eap_sm *sm, int enabled);
262
void eap_set_workaround(struct eap_sm *sm, unsigned int workaround);
263
void eap_set_force_disabled(struct eap_sm *sm, int disabled);
264
int eap_key_available(struct eap_sm *sm);
265
void eap_notify_success(struct eap_sm *sm);
266
void eap_notify_lower_layer_success(struct eap_sm *sm);
267
const u8 * eap_get_eapKeyData(struct eap_sm *sm, size_t *len);
268
u8 * eap_get_eapRespData(struct eap_sm *sm, size_t *len);
269
void eap_register_scard_ctx(struct eap_sm *sm, void *ctx);
270
void eap_invalidate_cached_session(struct eap_sm *sm);
272
#endif /* IEEE8021X_EAPOL */