Accueil Explorer Aide
S'inscrire Connexion
wareck
/
krackattacks
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Aborescence: 6418400db9
Branches Tags
krackattacks
/
src
/
eap_server
/
eap.h

eap.h 4.2 KB
Historique Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159 
  1. /*
    2. 

  2.  * hostapd / EAP Full Authenticator state machine (RFC 4137)
    3. 

  3.  * Copyright (c) 2004-2014, Jouni Malinen <j@w1.fi>
    4. 

  4.  *
    5. 

  5.  * This software may be distributed under the terms of the BSD license.
    6. 

  6.  * See README for more details.
    7. 

  7.  */
    8. 

  8. 

  9. #ifndef EAP_H
    10. 

  10. #define EAP_H
    11. 

  11. 

  12. #include "common/defs.h"
    13. 

  13. #include "utils/list.h"
    14. 

  14. #include "eap_common/eap_defs.h"
    15. 

  15. #include "eap_server/eap_methods.h"
    16. 

  16. #include "wpabuf.h"
    17. 

  17. 

  18. struct eap_sm;
    19. 

  19. 

  20. #define EAP_TTLS_AUTH_PAP 1
    21. 

  21. #define EAP_TTLS_AUTH_CHAP 2
    22. 

  22. #define EAP_TTLS_AUTH_MSCHAP 4
    23. 

  23. #define EAP_TTLS_AUTH_MSCHAPV2 8
    24. 

  24. 

  25. struct eap_user {
    26. 

  26. 	struct {
    27. 

  27. 		int vendor;
    28. 

  28. 		u32 method;
    29. 

  29. 	} methods[EAP_MAX_METHODS];
    30. 

  30. 	u8 *password;
    31. 

  31. 	size_t password_len;
    32. 

  32. 	int password_hash; /* whether password is hashed with
    33. 

  33. 			    * nt_password_hash() */
    34. 

  34. 	int phase2;
    35. 

  35. 	int force_version;
    36. 

  36. 	unsigned int remediation:1;
    37. 

  37. 	unsigned int macacl:1;
    38. 

  38. 	int ttls_auth; /* bitfield of
    39. 

  39. 			* EAP_TTLS_AUTH_{PAP,CHAP,MSCHAP,MSCHAPV2} */
    40. 

  40. 	struct hostapd_radius_attr *accept_attr;
    41. 

  41. };
    42. 

  42. 

  43. struct eap_eapol_interface {
    44. 

  44. 	/* Lower layer to full authenticator variables */
    45. 

  45. 	Boolean eapResp; /* shared with EAPOL Backend Authentication */
    46. 

  46. 	struct wpabuf *eapRespData;
    47. 

  47. 	Boolean portEnabled;
    48. 

  48. 	int retransWhile;
    49. 

  49. 	Boolean eapRestart; /* shared with EAPOL Authenticator PAE */
    50. 

  50. 	int eapSRTT;
    51. 

  51. 	int eapRTTVAR;
    52. 

  52. 

  53. 	/* Full authenticator to lower layer variables */
    54. 

  54. 	Boolean eapReq; /* shared with EAPOL Backend Authentication */
    55. 

  55. 	Boolean eapNoReq; /* shared with EAPOL Backend Authentication */
    56. 

  56. 	Boolean eapSuccess;
    57. 

  57. 	Boolean eapFail;
    58. 

  58. 	Boolean eapTimeout;
    59. 

  59. 	struct wpabuf *eapReqData;
    60. 

  60. 	u8 *eapKeyData;
    61. 

  61. 	size_t eapKeyDataLen;
    62. 

  62. 	u8 *eapSessionId;
    63. 

  63. 	size_t eapSessionIdLen;
    64. 

  64. 	Boolean eapKeyAvailable; /* called keyAvailable in IEEE 802.1X-2004 */
    65. 

  65. 

  66. 	/* AAA interface to full authenticator variables */
    67. 

  67. 	Boolean aaaEapReq;
    68. 

  68. 	Boolean aaaEapNoReq;
    69. 

  69. 	Boolean aaaSuccess;
    70. 

  70. 	Boolean aaaFail;
    71. 

  71. 	struct wpabuf *aaaEapReqData;
    72. 

  72. 	u8 *aaaEapKeyData;
    73. 

  73. 	size_t aaaEapKeyDataLen;
    74. 

  74. 	Boolean aaaEapKeyAvailable;
    75. 

  75. 	int aaaMethodTimeout;
    76. 

  76. 

  77. 	/* Full authenticator to AAA interface variables */
    78. 

  78. 	Boolean aaaEapResp;
    79. 

  79. 	struct wpabuf *aaaEapRespData;
    80. 

  80. 	/* aaaIdentity -> eap_get_identity() */
    81. 

  81. 	Boolean aaaTimeout;
    82. 

  82. };
    83. 

  83. 

  84. struct eap_server_erp_key {
    85. 

  85. 	struct dl_list list;
    86. 

  86. 	size_t rRK_len;
    87. 

  87. 	size_t rIK_len;
    88. 

  88. 	u8 rRK[ERP_MAX_KEY_LEN];
    89. 

  89. 	u8 rIK[ERP_MAX_KEY_LEN];
    90. 

  90. 	u32 recv_seq;
    91. 

  91. 	u8 cryptosuite;
    92. 

  92. 	char keyname_nai[];
    93. 

  93. };
    94. 

  94. 

  95. struct eapol_callbacks {
    96. 

  96. 	int (*get_eap_user)(void *ctx, const u8 *identity, size_t identity_len,
    97. 

  97. 			    int phase2, struct eap_user *user);
    98. 

  98. 	const char * (*get_eap_req_id_text)(void *ctx, size_t *len);
    99. 

  99. 	void (*log_msg)(void *ctx, const char *msg);
    100. 

  100. 	int (*get_erp_send_reauth_start)(void *ctx);
    101. 

  101. 	const char * (*get_erp_domain)(void *ctx);
    102. 

  102. 	struct eap_server_erp_key * (*erp_get_key)(void *ctx,
    103. 

  103. 						   const char *keyname);
    104. 

  104. 	int (*erp_add_key)(void *ctx, struct eap_server_erp_key *erp);
    105. 

  105. };
    106. 

  106. 

  107. struct eap_config {
    108. 

  108. 	void *ssl_ctx;
    109. 

  109. 	void *msg_ctx;
    110. 

  110. 	void *eap_sim_db_priv;
    111. 

  111. 	Boolean backend_auth;
    112. 

  112. 	int eap_server;
    113. 

  113. 	u16 pwd_group;
    114. 

  114. 	u8 *pac_opaque_encr_key;
    115. 

  115. 	u8 *eap_fast_a_id;
    116. 

  116. 	size_t eap_fast_a_id_len;
    117. 

  117. 	char *eap_fast_a_id_info;
    118. 

  118. 	int eap_fast_prov;
    119. 

  119. 	int pac_key_lifetime;
    120. 

  120. 	int pac_key_refresh_time;
    121. 

  121. 	int eap_sim_aka_result_ind;
    122. 

  122. 	int tnc;
    123. 

  123. 	struct wps_context *wps;
    124. 

  124. 	const struct wpabuf *assoc_wps_ie;
    125. 

  125. 	const struct wpabuf *assoc_p2p_ie;
    126. 

  126. 	const u8 *peer_addr;
    127. 

  127. 	int fragment_size;
    128. 

  128. 

  129. 	int pbc_in_m1;
    130. 

  130. 

  131. 	const u8 *server_id;
    132. 

  132. 	size_t server_id_len;
    133. 

  133. 	int erp;
    134. 

  134. 	unsigned int tls_session_lifetime;
    135. 

  135. 	unsigned int tls_flags;
    136. 

  136. 

  137. #ifdef CONFIG_TESTING_OPTIONS
    138. 

  138. 	u32 tls_test_flags;
    139. 

  139. #endif /* CONFIG_TESTING_OPTIONS */
    140. 

  140. };
    141. 

  141. 

  142. 

  143. struct eap_sm * eap_server_sm_init(void *eapol_ctx,
    144. 

  144. 				   const struct eapol_callbacks *eapol_cb,
    145. 

  145. 				   struct eap_config *eap_conf);
    146. 

  146. void eap_server_sm_deinit(struct eap_sm *sm);
    147. 

  147. int eap_server_sm_step(struct eap_sm *sm);
    148. 

  148. void eap_sm_notify_cached(struct eap_sm *sm);
    149. 

  149. void eap_sm_pending_cb(struct eap_sm *sm);
    150. 

  150. int eap_sm_method_pending(struct eap_sm *sm);
    151. 

  151. const u8 * eap_get_identity(struct eap_sm *sm, size_t *len);
    152. 

  152. struct eap_eapol_interface * eap_get_interface(struct eap_sm *sm);
    153. 

  153. void eap_server_clear_identity(struct eap_sm *sm);
    154. 

  154. void eap_server_mschap_rx_callback(struct eap_sm *sm, const char *source,
    155. 

  155. 				   const u8 *username, size_t username_len,
    156. 

  156. 				   const u8 *challenge, const u8 *response);
    157. 

  157. void eap_erp_update_identity(struct eap_sm *sm, const u8 *eap, size_t len);
    158. 

  158. 

  159. #endif /* EAP_H */
    160.