Mistake on this page?
Report an issue in GitHub or email us
eap.h
1 /*
2  * eap.h - Extensible Authentication Protocol for PPP (RFC 2284)
3  *
4  * Copyright (c) 2001 by Sun Microsystems, Inc.
5  * All rights reserved.
6  *
7  * Non-exclusive rights to redistribute, modify, translate, and use
8  * this software in source and binary forms, in whole or in part, is
9  * hereby granted, provided that the above copyright notice is
10  * duplicated in any source form, and that neither the name of the
11  * copyright holder nor the author is used to endorse or promote
12  * products derived from this software.
13  *
14  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
15  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
16  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
17  *
18  * Original version by James Carlson
19  *
20  * $Id: eap.h,v 1.2 2003/06/11 23:56:26 paulus Exp $
21  */
22 
23 #include "ppp_opts.h"
24 #if PPP_SUPPORT && EAP_SUPPORT /* don't build if not configured for use in ppp_opts.h */
25 
26 #ifndef PPP_EAP_H
27 #define PPP_EAP_H
28 
29 #include "ppp.h"
30 
31 #ifdef __cplusplus
32 extern "C" {
33 #endif
34 
35 /*
36  * Packet header = Code, id, length.
37  */
38 #define EAP_HEADERLEN 4
39 
40 
41 /* EAP message codes. */
42 #define EAP_REQUEST 1
43 #define EAP_RESPONSE 2
44 #define EAP_SUCCESS 3
45 #define EAP_FAILURE 4
46 
47 /* EAP types */
48 #define EAPT_IDENTITY 1
49 #define EAPT_NOTIFICATION 2
50 #define EAPT_NAK 3 /* (response only) */
51 #define EAPT_MD5CHAP 4
52 #define EAPT_OTP 5 /* One-Time Password; RFC 1938 */
53 #define EAPT_TOKEN 6 /* Generic Token Card */
54 /* 7 and 8 are unassigned. */
55 #define EAPT_RSA 9 /* RSA Public Key Authentication */
56 #define EAPT_DSS 10 /* DSS Unilateral */
57 #define EAPT_KEA 11 /* KEA */
58 #define EAPT_KEA_VALIDATE 12 /* KEA-VALIDATE */
59 #define EAPT_TLS 13 /* EAP-TLS */
60 #define EAPT_DEFENDER 14 /* Defender Token (AXENT) */
61 #define EAPT_W2K 15 /* Windows 2000 EAP */
62 #define EAPT_ARCOT 16 /* Arcot Systems */
63 #define EAPT_CISCOWIRELESS 17 /* Cisco Wireless */
64 #define EAPT_NOKIACARD 18 /* Nokia IP smart card */
65 #define EAPT_SRP 19 /* Secure Remote Password */
66 /* 20 is deprecated */
67 
68 /* EAP SRP-SHA1 Subtypes */
69 #define EAPSRP_CHALLENGE 1 /* Request 1 - Challenge */
70 #define EAPSRP_CKEY 1 /* Response 1 - Client Key */
71 #define EAPSRP_SKEY 2 /* Request 2 - Server Key */
72 #define EAPSRP_CVALIDATOR 2 /* Response 2 - Client Validator */
73 #define EAPSRP_SVALIDATOR 3 /* Request 3 - Server Validator */
74 #define EAPSRP_ACK 3 /* Response 3 - final ack */
75 #define EAPSRP_LWRECHALLENGE 4 /* Req/resp 4 - Lightweight rechal */
76 
77 #define SRPVAL_EBIT 0x00000001 /* Use shared key for ECP */
78 
79 #define SRP_PSEUDO_ID "pseudo_"
80 #define SRP_PSEUDO_LEN 7
81 
82 #define MD5_SIGNATURE_SIZE 16
83 #define EAP_MIN_CHALLENGE_LENGTH 17
84 #define EAP_MAX_CHALLENGE_LENGTH 24
85 #define EAP_MIN_MAX_POWER_OF_TWO_CHALLENGE_LENGTH 3 /* 2^3-1 = 7, 17+7 = 24 */
86 
87 #define EAP_STATES \
88  "Initial", "Pending", "Closed", "Listen", "Identify", \
89  "SRP1", "SRP2", "SRP3", "MD5Chall", "Open", "SRP4", "BadAuth"
90 
91 #define eap_client_active(pcb) ((pcb)->eap.es_client.ea_state == eapListen)
92 #if PPP_SERVER
93 #define eap_server_active(pcb) \
94  ((pcb)->eap.es_server.ea_state >= eapIdentify && \
95  (pcb)->eap.es_server.ea_state <= eapMD5Chall)
96 #endif /* PPP_SERVER */
97 
98 /*
99  * Complete EAP state for one PPP session.
100  */
101 enum eap_state_code {
102  eapInitial = 0, /* No EAP authentication yet requested */
103  eapPending, /* Waiting for LCP (no timer) */
104  eapClosed, /* Authentication not in use */
105  eapListen, /* Client ready (and timer running) */
106  eapIdentify, /* EAP Identify sent */
107  eapSRP1, /* Sent EAP SRP-SHA1 Subtype 1 */
108  eapSRP2, /* Sent EAP SRP-SHA1 Subtype 2 */
109  eapSRP3, /* Sent EAP SRP-SHA1 Subtype 3 */
110  eapMD5Chall, /* Sent MD5-Challenge */
111  eapOpen, /* Completed authentication */
112  eapSRP4, /* Sent EAP SRP-SHA1 Subtype 4 */
113  eapBadAuth /* Failed authentication */
114 };
115 
116 struct eap_auth {
117  const char *ea_name; /* Our name */
118  char ea_peer[MAXNAMELEN +1]; /* Peer's name */
119  void *ea_session; /* Authentication library linkage */
120  u_char *ea_skey; /* Shared encryption key */
121  u_short ea_namelen; /* Length of our name */
122  u_short ea_peerlen; /* Length of peer's name */
123  enum eap_state_code ea_state;
124  u_char ea_id; /* Current id */
125  u_char ea_requests; /* Number of Requests sent/received */
126  u_char ea_responses; /* Number of Responses */
127  u_char ea_type; /* One of EAPT_* */
128  u32_t ea_keyflags; /* SRP shared key usage flags */
129 };
130 
131 #ifndef EAP_MAX_CHALLENGE_LENGTH
132 #define EAP_MAX_CHALLENGE_LENGTH 24
133 #endif
134 typedef struct eap_state {
135  struct eap_auth es_client; /* Client (authenticatee) data */
136 #if PPP_SERVER
137  struct eap_auth es_server; /* Server (authenticator) data */
138 #endif /* PPP_SERVER */
139  int es_savedtime; /* Saved timeout */
140  int es_rechallenge; /* EAP rechallenge interval */
141  int es_lwrechallenge; /* SRP lightweight rechallenge inter */
142  u8_t es_usepseudo; /* Use SRP Pseudonym if offered one */
143  int es_usedpseudo; /* Set if we already sent PN */
144  int es_challen; /* Length of challenge string */
145  u_char es_challenge[EAP_MAX_CHALLENGE_LENGTH];
146 } eap_state;
147 
148 /*
149  * Timeouts.
150  */
151 #if 0 /* moved to ppp_opts.h */
152 #define EAP_DEFTIMEOUT 3 /* Timeout (seconds) for rexmit */
153 #define EAP_DEFTRANSMITS 10 /* max # times to transmit */
154 #define EAP_DEFREQTIME 20 /* Time to wait for peer request */
155 #define EAP_DEFALLOWREQ 20 /* max # times to accept requests */
156 #endif /* moved to ppp_opts.h */
157 
158 void eap_authwithpeer(ppp_pcb *pcb, const char *localname);
159 void eap_authpeer(ppp_pcb *pcb, const char *localname);
160 
161 extern const struct protent eap_protent;
162 
163 #ifdef __cplusplus
164 }
165 #endif
166 
167 #endif /* PPP_EAP_H */
168 
169 #endif /* PPP_SUPPORT && EAP_SUPPORT */
Important Information for this Arm website

This site uses cookies to store information on your computer. By continuing to use our site, you consent to our cookies. If you are not happy with the use of these cookies, please review our Cookie Policy to learn how they can be disabled. By disabling cookies, some features of the site will not work.