1 /* librist. Copyright © 2020 SipRadius LLC. All right reserved. 2 * Author: Gijs Peskens <gijs@in2ip.nl> 3 * Author: Sergio Ammirata, Ph.D. <sergio@ammirata.net> 4 * 5 * SPDX-License-Identifier: BSD-2-Clause 6 */ 7 8 #ifndef _EAP_H_ 9 #define _EAP_H_ 10 11 #include "common/attributes.h" 12 13 #include "srp.h" 14 #include "librist/librist_srp.h" 15 #include <stdint.h> 16 #include <stddef.h> 17 #include <stdbool.h> 18 19 //802.1X-2010 Section 11 20 #define EAPOL_TYPE_EAP 0 21 #define EAPOL_TYPE_START 1 22 #define EAPOL_TYPE_LOGOFF 2 23 24 RIST_PACKED_STRUCT(eapol_hdr, { 25 uint8_t eapversion; 26 uint8_t eaptype; 27 uint16_t length; 28 }) 29 30 //https://tools.ietf.org/html/rfc3748 31 #define EAP_CODE_REQUEST 1 32 #define EAP_CODE_RESPONSE 2 33 #define EAP_CODE_SUCCESS 3 34 #define EAP_CODE_FAILURE 4 35 36 RIST_PACKED_STRUCT(eap_hdr, { 37 uint8_t code; 38 uint8_t identifier; 39 uint16_t length; 40 }) 41 42 #define EAPOL_EAP_HDRS_OFFSET sizeof(struct rist_gre_hdr) + sizeof(struct eapol_hdr) + sizeof(struct eap_hdr) 43 44 #define EAP_TYPE_IDENTITY 1 45 #define EAP_TYPE_NOTIFICATION 2 46 #define EAP_TYPE_NAK 3 47 #define EAP_TYPE_MD5_CHALLENGE 4 48 49 //https://tools.ietf.org/html/draft-ietf-pppext-eap-srp-03 50 #define EAP_TYPE_SRP_SHA1 19 51 52 //requests 53 #define EAP_SRP_SUBTYPE_CHALLENGE 1 54 #define EAP_SRP_SUBTYPE_SERVER_KEY 2 55 56 //responses 57 #define EAP_SRP_SUBTYPE_CLIENT_KEY 1 58 #define EAP_SRP_SYPTYPE_CLIENT_VALIDATOR 2 59 60 //either 61 #define EAP_SRP_SUBTYPE_SERVER_VALIDATOR 3 62 #define EAP_SRP_SUBTYPE_LWRECHALLENGE 4 63 64 RIST_PACKED_STRUCT(eap_srp_hdr, { 65 uint8_t type; 66 uint8_t subtype; 67 }) 68 69 #define EAP_ROLE_AUTHENTICATEE 0 70 #define EAP_ROLE_AUTHENTICATOR 1 71 72 #define EAP_AUTH_STATE_FAILED -1 73 #define EAP_AUTH_STATE_UNAUTH 0 74 #define EAP_AUTH_STATE_SUCCESS 1 75 #define EAP_AUTH_STATE_REAUTH 2 76 77 struct eapsrp_ctx 78 { 79 uint_fast8_t role; 80 uint8_t last_identifier; 81 int authentication_state; 82 uint8_t tries; 83 84 uint8_t *last_pkt; 85 size_t last_pkt_size; 86 uint8_t timeout_retries; 87 uint64_t last_timestamp; 88 uint64_t last_auth_timestamp; 89 90 char username[256]; 91 char password[256]; 92 93 char *salt; 94 size_t salt_len; 95 char *verifier; 96 size_t verifier_len; 97 bool default_2048_ng; 98 char *ascii_n; 99 char *ascii_g; 100 101 user_verifier_lookup_t lookup_func; 102 void *lookup_func_userdata; 103 struct SRPSession *srp_session; 104 struct SRPUser *srp_user; 105 struct SRPVerifier *srp_verifier; 106 struct rist_peer *peer; 107 char ip_string[46]; 108 struct rist_logging_settings *logging_settings; 109 110 // authenticator data (single user mode) 111 char authenticator_username[256]; 112 size_t authenticator_len_verifier; 113 char *authenticator_bytes_verifier; 114 size_t authenticator_len_salt; 115 char *authenticator_bytes_salt; 116 }; 117 118 #define EAP_LENERR -1 119 #define EAP_WRONGIDENTIFIER -2 120 #define EAP_UNEXPECTEDRESPONSE -3 121 #define EAP_UNEXPECTEDREQUEST -4 122 #define EAP_SRP_WRONGSUBTYPE -4 123 124 RIST_PRIV int eap_process_eapol(struct eapsrp_ctx* ctx, uint8_t pkt[], size_t len); 125 RIST_PRIV int eap_request_identity(struct eapsrp_ctx *ctx); 126 RIST_PRIV int eap_start(struct eapsrp_ctx *ctx); 127 RIST_PRIV void eap_periodic(struct eapsrp_ctx *ctx); 128 RIST_PRIV bool eap_is_authenticated(struct eapsrp_ctx *ctx); 129 RIST_PRIV void eap_delete_ctx(struct eapsrp_ctx **in); 130 RIST_PRIV int eap_clone_ctx(struct eapsrp_ctx *in, struct rist_peer *peer); 131 RIST_PRIV void eap_set_ip_string(struct eapsrp_ctx *ctx, char ip_string[]); 132 #endif 133