1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
#ifndef EAP_I_H
#define EAP_I_H
#include "eap.h"
/* draft-ietf-eap-statemachine-05.pdf - Peer state machine */
typedef enum {
DECISION_FAIL, DECISION_COND_SUCC, DECISION_UNCOND_SUCC
} EapDecision;
typedef enum {
METHOD_NONE, METHOD_INIT, METHOD_CONT, METHOD_MAY_CONT, METHOD_DONE
} EapMethodState;
struct eap_method_ret {
Boolean ignore;
EapMethodState methodState;
EapDecision decision;
Boolean allowNotifications;
};
struct eap_method {
EapType method;
const char *name;
void * (*init)(struct eap_sm *sm);
void (*deinit)(struct eap_sm *sm, void *priv);
u8 * (*process)(struct eap_sm *sm, void *priv,
struct eap_method_ret *ret,
u8 *reqData, size_t reqDataLen,
size_t *respDataLen);
Boolean (*isKeyAvailable)(struct eap_sm *sm, void *priv);
u8 * (*getKey)(struct eap_sm *sm, void *priv, size_t *len);
int (*get_status)(struct eap_sm *sm, void *priv, char *buf,
size_t buflen, int verbose);
/* Optional handlers for fast re-authentication */
Boolean (*has_reauth_data)(struct eap_sm *sm, void *priv);
void (*deinit_for_reauth)(struct eap_sm *sm, void *priv);
void * (*init_for_reauth)(struct eap_sm *sm, void *priv);
const u8 * (*get_identity)(struct eap_sm *sm, void *priv, size_t *len);
};
struct eap_sm {
enum {
EAP_INITIALIZE, EAP_DISABLED, EAP_IDLE, EAP_RECEIVED,
EAP_GET_METHOD, EAP_METHOD, EAP_SEND_RESPONSE, EAP_DISCARD,
EAP_IDENTITY, EAP_NOTIFICATION, EAP_RETRANSMIT, EAP_SUCCESS,
EAP_FAILURE
} EAP_state;
/* Long-term local variables */
EapType selectedMethod;
EapMethodState methodState;
int lastId;
u8 *lastRespData;
size_t lastRespDataLen;
EapDecision decision;
/* Short-term local variables */
Boolean rxReq;
Boolean rxSuccess;
Boolean rxFailure;
int reqId;
EapType reqMethod;
Boolean ignore;
/* Constants */
int ClientTimeout;
/* Miscellaneous variables */
Boolean allowNotifications; /* peer state machine <-> methods */
u8 *eapRespData; /* peer to lower layer */
size_t eapRespDataLen; /* peer to lower layer */
Boolean eapKeyAvailable; /* peer to lower layer */
u8 *eapKeyData; /* peer to lower layer */
size_t eapKeyDataLen; /* peer to lower layer */
const struct eap_method *m; /* selected EAP method */
/* not defined in draft-ietf-eap-statemachine-02 */
Boolean changed;
void *eapol_ctx;
struct eapol_callbacks *eapol_cb;
void *eap_method_priv;
int init_phase2;
int fast_reauth;
Boolean rxResp /* LEAP only */;
Boolean leap_done;
Boolean peap_done;
u8 req_md5[16]; /* MD5() of the current EAP packet */
u8 last_md5[16]; /* MD5() of the previously received EAP packet; used
* in duplicate request detection. */
void *msg_ctx;
void *scard_ctx;
void *ssl_ctx;
unsigned int workaround;
/* Optional challenges generated in Phase 1 (EAP-FAST) */
u8 *peer_challenge, *auth_challenge;
int num_rounds;
};
#endif /* EAP_I_H */
|
