1 /* librist. Copyright © 2020 SipRadius LLC. All right reserved.
2  * Author: Gijs Peskens <gijs@in2ip.nl>
3  * Author: Sergio Ammirata, Ph.D. <sergio@ammirata.net>
4  *
5  * SPDX-License-Identifier: BSD-2-Clause
6  */
7 
8 #ifndef _EAP_H_
9 #define _EAP_H_
10 
11 #include "common/attributes.h"
12 
13 #include "srp.h"
14 #include "librist/librist_srp.h"
15 #include <stdint.h>
16 #include <stddef.h>
17 #include <stdbool.h>
18 
19 //802.1X-2010 Section 11
20 #define EAPOL_TYPE_EAP 0
21 #define EAPOL_TYPE_START 1
22 #define EAPOL_TYPE_LOGOFF 2
23 
24 RIST_PACKED_STRUCT(eapol_hdr, {
25 	uint8_t eapversion;
26 	uint8_t eaptype;
27 	uint16_t length;
28 })
29 
30 //https://tools.ietf.org/html/rfc3748
31 #define EAP_CODE_REQUEST 1
32 #define EAP_CODE_RESPONSE 2
33 #define EAP_CODE_SUCCESS 3
34 #define EAP_CODE_FAILURE 4
35 
36 RIST_PACKED_STRUCT(eap_hdr, {
37 	uint8_t code;
38 	uint8_t identifier;
39 	uint16_t length;
40 })
41 
42 #define EAPOL_EAP_HDRS_OFFSET sizeof(struct rist_gre_hdr) + sizeof(struct eapol_hdr) + sizeof(struct eap_hdr)
43 
44 #define EAP_TYPE_IDENTITY 1
45 #define EAP_TYPE_NOTIFICATION 2
46 #define EAP_TYPE_NAK 3
47 #define EAP_TYPE_MD5_CHALLENGE 4
48 
49 //https://tools.ietf.org/html/draft-ietf-pppext-eap-srp-03
50 #define EAP_TYPE_SRP_SHA1 19
51 
52 //requests
53 #define EAP_SRP_SUBTYPE_CHALLENGE 1
54 #define EAP_SRP_SUBTYPE_SERVER_KEY 2
55 
56 //responses
57 #define EAP_SRP_SUBTYPE_CLIENT_KEY 1
58 #define EAP_SRP_SYPTYPE_CLIENT_VALIDATOR 2
59 
60 //either
61 #define EAP_SRP_SUBTYPE_SERVER_VALIDATOR 3
62 #define EAP_SRP_SUBTYPE_LWRECHALLENGE 4
63 
64 RIST_PACKED_STRUCT(eap_srp_hdr, {
65 	uint8_t type;
66 	uint8_t subtype;
67 })
68 
69 #define EAP_ROLE_AUTHENTICATEE 0
70 #define EAP_ROLE_AUTHENTICATOR 1
71 
72 #define EAP_AUTH_STATE_FAILED -1
73 #define EAP_AUTH_STATE_UNAUTH 0
74 #define EAP_AUTH_STATE_SUCCESS 1
75 #define EAP_AUTH_STATE_REAUTH 2
76 
77 struct eapsrp_ctx
78 {
79 	uint_fast8_t role;
80 	uint8_t last_identifier;
81 	int authentication_state;
82 	uint8_t tries;
83 
84 	uint8_t *last_pkt;
85 	size_t last_pkt_size;
86 	uint8_t timeout_retries;
87 	uint64_t last_timestamp;
88 	uint64_t last_auth_timestamp;
89 
90 	char username[256];
91 	char password[256];
92 
93 	char *salt;
94 	size_t salt_len;
95 	char *verifier;
96 	size_t verifier_len;
97 	bool default_2048_ng;
98 	char *ascii_n;
99 	char *ascii_g;
100 
101 	user_verifier_lookup_t lookup_func;
102 	void *lookup_func_userdata;
103 	struct SRPSession *srp_session;
104 	struct SRPUser *srp_user;
105 	struct SRPVerifier *srp_verifier;
106 	struct rist_peer *peer;
107 	char ip_string[46];
108 	struct rist_logging_settings *logging_settings;
109 
110 	// authenticator data (single user mode)
111 	char authenticator_username[256];
112 	size_t authenticator_len_verifier;
113 	char *authenticator_bytes_verifier;
114 	size_t authenticator_len_salt;
115 	char *authenticator_bytes_salt;
116 };
117 
118 #define EAP_LENERR -1
119 #define EAP_WRONGIDENTIFIER -2
120 #define EAP_UNEXPECTEDRESPONSE -3
121 #define EAP_UNEXPECTEDREQUEST -4
122 #define EAP_SRP_WRONGSUBTYPE -4
123 
124 RIST_PRIV int eap_process_eapol(struct eapsrp_ctx* ctx, uint8_t pkt[], size_t len);
125 RIST_PRIV int eap_request_identity(struct eapsrp_ctx *ctx);
126 RIST_PRIV int eap_start(struct eapsrp_ctx *ctx);
127 RIST_PRIV void eap_periodic(struct eapsrp_ctx *ctx);
128 RIST_PRIV bool eap_is_authenticated(struct eapsrp_ctx *ctx);
129 RIST_PRIV void eap_delete_ctx(struct eapsrp_ctx **in);
130 RIST_PRIV int eap_clone_ctx(struct eapsrp_ctx *in, struct rist_peer *peer);
131 RIST_PRIV void eap_set_ip_string(struct eapsrp_ctx *ctx, char ip_string[]);
132 #endif
133