src/eapol_auth/eapol_auth_sm_i.h

   1 /*
   2  * IEEE 802.1X-2004 Authenticator - EAPOL state machine (internal definitions)
   3  * Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi>
   4  *
   5  * This program is free software; you can redistribute it and/or modify
   6  * it under the terms of the GNU General Public License version 2 as
   7  * published by the Free Software Foundation.
   8  *
   9  * Alternatively, this software may be distributed under the terms of BSD
  10  * license.
  11  *
  12  * See README and COPYING for more details.
  13  */
  14
  15 #ifndef EAPOL_AUTH_SM_I_H
  16 #define EAPOL_AUTH_SM_I_H
  17
  18 #include "common/defs.h"
  19 #include "radius/radius.h"
  20
  21 /* IEEE Std 802.1X-2004, Ch. 8.2 */
  22
  23 typedef enum { ForceUnauthorized = 1, ForceAuthorized = 3, Auto = 2 }
  24         PortTypes;
  25 typedef enum { Unauthorized = 2, Authorized = 1 } PortState;
  26 typedef enum { Both = 0, In = 1 } ControlledDirection;
  27 typedef unsigned int Counter;
  28
  29
  30 /**
  31  * struct eapol_authenticator - Global EAPOL authenticator data
  32  */
  33 struct eapol_authenticator {
  34         struct eapol_auth_config conf;
  35         struct eapol_auth_cb cb;
  36
  37         u8 *default_wep_key;
  38         u8 default_wep_key_idx;
  39 };
  40
  41
  42 /**
  43  * struct eapol_state_machine - Per-Supplicant Authenticator state machines
  44  */
  45 struct eapol_state_machine {
  46         /* timers */
  47         int aWhile;
  48         int quietWhile;
  49         int reAuthWhen;
  50
  51         /* global variables */
  52         Boolean authAbort;
  53         Boolean authFail;
  54         PortState authPortStatus;
  55         Boolean authStart;
  56         Boolean authTimeout;
  57         Boolean authSuccess;
  58         Boolean eapolEap;
  59         Boolean initialize;
  60         Boolean keyDone;
  61         Boolean keyRun;
  62         Boolean keyTxEnabled;
  63         PortTypes portControl;
  64         Boolean portValid;
  65         Boolean reAuthenticate;
  66
  67         /* Port Timers state machine */
  68         /* 'Boolean tick' implicitly handled as registered timeout */
  69
  70         /* Authenticator PAE state machine */
  71         enum { AUTH_PAE_INITIALIZE, AUTH_PAE_DISCONNECTED, AUTH_PAE_CONNECTING,
  72                AUTH_PAE_AUTHENTICATING, AUTH_PAE_AUTHENTICATED,
  73                AUTH_PAE_ABORTING, AUTH_PAE_HELD, AUTH_PAE_FORCE_AUTH,
  74                AUTH_PAE_FORCE_UNAUTH, AUTH_PAE_RESTART } auth_pae_state;
  75         /* variables */
  76         Boolean eapolLogoff;
  77         Boolean eapolStart;
  78         PortTypes portMode;
  79         unsigned int reAuthCount;
  80         /* constants */
  81         unsigned int quietPeriod; /* default 60; 0..65535 */
  82 #define AUTH_PAE_DEFAULT_quietPeriod 60
  83         unsigned int reAuthMax; /* default 2 */
  84 #define AUTH_PAE_DEFAULT_reAuthMax 2
  85         /* counters */
  86         Counter authEntersConnecting;
  87         Counter authEapLogoffsWhileConnecting;
  88         Counter authEntersAuthenticating;
  89         Counter authAuthSuccessesWhileAuthenticating;
  90         Counter authAuthTimeoutsWhileAuthenticating;
  91         Counter authAuthFailWhileAuthenticating;
  92         Counter authAuthEapStartsWhileAuthenticating;
  93         Counter authAuthEapLogoffWhileAuthenticating;
  94         Counter authAuthReauthsWhileAuthenticated;
  95         Counter authAuthEapStartsWhileAuthenticated;
  96         Counter authAuthEapLogoffWhileAuthenticated;
  97
  98         /* Backend Authentication state machine */
  99         enum { BE_AUTH_REQUEST, BE_AUTH_RESPONSE, BE_AUTH_SUCCESS,
 100                BE_AUTH_FAIL, BE_AUTH_TIMEOUT, BE_AUTH_IDLE, BE_AUTH_INITIALIZE,
 101                BE_AUTH_IGNORE
 102         } be_auth_state;
 103         /* constants */
 104         unsigned int serverTimeout; /* default 30; 1..X */
 105 #define BE_AUTH_DEFAULT_serverTimeout 30
 106         /* counters */
 107         Counter backendResponses;
 108         Counter backendAccessChallenges;
 109         Counter backendOtherRequestsToSupplicant;
 110         Counter backendAuthSuccesses;
 111         Counter backendAuthFails;
 112
 113         /* Reauthentication Timer state machine */
 114         enum { REAUTH_TIMER_INITIALIZE, REAUTH_TIMER_REAUTHENTICATE
 115         } reauth_timer_state;
 116         /* constants */
 117         unsigned int reAuthPeriod; /* default 3600 s */
 118         Boolean reAuthEnabled;
 119
 120         /* Authenticator Key Transmit state machine */
 121         enum { AUTH_KEY_TX_NO_KEY_TRANSMIT, AUTH_KEY_TX_KEY_TRANSMIT
 122         } auth_key_tx_state;
 123
 124         /* Key Receive state machine */
 125         enum { KEY_RX_NO_KEY_RECEIVE, KEY_RX_KEY_RECEIVE } key_rx_state;
 126         /* variables */
 127         Boolean rxKey;
 128
 129         /* Controlled Directions state machine */
 130         enum { CTRL_DIR_FORCE_BOTH, CTRL_DIR_IN_OR_BOTH } ctrl_dir_state;
 131         /* variables */
 132         ControlledDirection adminControlledDirections;
 133         ControlledDirection operControlledDirections;
 134         Boolean operEdge;
 135
 136         /* Authenticator Statistics Table */
 137         Counter dot1xAuthEapolFramesRx;
 138         Counter dot1xAuthEapolFramesTx;
 139         Counter dot1xAuthEapolStartFramesRx;
 140         Counter dot1xAuthEapolLogoffFramesRx;
 141         Counter dot1xAuthEapolRespIdFramesRx;
 142         Counter dot1xAuthEapolRespFramesRx;
 143         Counter dot1xAuthEapolReqIdFramesTx;
 144         Counter dot1xAuthEapolReqFramesTx;
 145         Counter dot1xAuthInvalidEapolFramesRx;
 146         Counter dot1xAuthEapLengthErrorFramesRx;
 147         Counter dot1xAuthLastEapolFrameVersion;
 148
 149         /* Other variables - not defined in IEEE 802.1X */
 150         u8 addr[ETH_ALEN]; /* Supplicant address */
 151         int flags; /* EAPOL_SM_* */
 152
 153         /* EAPOL/AAA <-> EAP full authenticator interface */
 154         struct eap_eapol_interface *eap_if;
 155
 156         int radius_identifier;
 157         /* TODO: check when the last messages can be released */
 158         struct radius_msg *last_recv_radius;
 159         u8 last_eap_id; /* last used EAP Identifier */
 160         u8 *identity;
 161         size_t identity_len;
 162         u8 eap_type_authsrv; /* EAP type of the last EAP packet from
 163                               * Authentication server */
 164         u8 eap_type_supp; /* EAP type of the last EAP packet from Supplicant */
 165         struct radius_class_data radius_class;
 166
 167         /* Keys for encrypting and signing EAPOL-Key frames */
 168         u8 *eapol_key_sign;
 169         size_t eapol_key_sign_len;
 170         u8 *eapol_key_crypt;
 171         size_t eapol_key_crypt_len;
 172
 173         struct eap_sm *eap;
 174
 175         Boolean initializing; /* in process of initializing state machines */
 176         Boolean changed;
 177
 178         struct eapol_authenticator *eapol;
 179
 180         void *sta; /* station context pointer to use in callbacks */
 181 };
 182
 183 #endif /* EAPOL_AUTH_SM_I_H */