X-Git-Url: http://git.ozlabs.org/?a=blobdiff_plain;f=pppd%2Feap.h;h=56bef136d75590a7f9b6073d9ab93c7adb2f2c98;hb=75870d7b55e36af526a0786fff94912989c73fd1;hp=cf5adace7c1c103ae160fbbcc80b86a522ef913e;hpb=d741a3b912f17d84dc8dc87474e0b989c775de50;p=ppp.git diff --git a/pppd/eap.h b/pppd/eap.h index cf5adac..56bef13 100644 --- a/pppd/eap.h +++ b/pppd/eap.h @@ -17,7 +17,7 @@ * * Original version by James Carlson * - * $Id: eap.h,v 1.1 2002/11/02 19:48:12 carlsonj Exp $ + * $Id: eap.h,v 1.2 2003/06/11 23:56:26 paulus Exp $ */ #ifndef PPP_EAP_H @@ -74,12 +74,26 @@ extern "C" { #define SRP_PSEUDO_ID "pseudo_" #define SRP_PSEUDO_LEN 7 +#define MD5_SIGNATURE_SIZE 16 +#define MIN_CHALLENGE_LENGTH 16 +#define MAX_CHALLENGE_LENGTH 24 + enum eap_state_code { eapInitial = 0, /* No EAP authentication yet requested */ eapPending, /* Waiting for LCP (no timer) */ eapClosed, /* Authentication not in use */ eapListen, /* Client ready (and timer running) */ eapIdentify, /* EAP Identify sent */ + eapTlsStart, /* Send EAP-TLS start packet */ + eapTlsRecv, /* Receive EAP-TLS tls data */ + eapTlsSendAck, /* Send EAP-TLS ack */ + eapTlsSend, /* Send EAP-TLS tls data */ + eapTlsRecvAck, /* Receive EAP-TLS ack */ + eapTlsRecvClient, /* Receive EAP-TLS auth response from client*/ + eapTlsSendAlert, /* Send EAP-TLS tls alert (server)*/ + eapTlsRecvAlertAck, /* Receive EAP-TLS ack after sending alert */ + eapTlsRecvSuccess, /* Receive EAP success */ + eapTlsRecvFailure, /* Receive EAP failure */ eapSRP1, /* Sent EAP SRP-SHA1 Subtype 1 */ eapSRP2, /* Sent EAP SRP-SHA1 Subtype 2 */ eapSRP3, /* Sent EAP SRP-SHA1 Subtype 3 */ @@ -91,9 +105,18 @@ enum eap_state_code { #define EAP_STATES \ "Initial", "Pending", "Closed", "Listen", "Identify", \ + "TlsStart", "TlsRecv", "TlsSendAck", "TlsSend", "TlsRecvAck", "TlsRecvClient",\ + "TlsSendAlert", "TlsRecvAlertAck" , "TlsRecvSuccess", "TlsRecvFailure", \ "SRP1", "SRP2", "SRP3", "MD5Chall", "Open", "SRP4", "BadAuth" -#define eap_client_active(esp) ((esp)->es_client.ea_state == eapListen) +#ifdef USE_EAPTLS +#define eap_client_active(esp) ((esp)->es_client.ea_state != eapInitial &&\ + (esp)->es_client.ea_state != eapPending &&\ + (esp)->es_client.ea_state != eapClosed) +#else +#define eap_client_active(esp) ((esp)->es_client.ea_state == eapListen) +#endif /* USE_EAPTLS */ + #define eap_server_active(esp) \ ((esp)->es_server.ea_state >= eapIdentify && \ (esp)->es_server.ea_state <= eapMD5Chall) @@ -108,11 +131,17 @@ struct eap_auth { u_short ea_namelen; /* Length of our name */ u_short ea_peerlen; /* Length of peer's name */ enum eap_state_code ea_state; +#ifdef USE_EAPTLS + enum eap_state_code ea_prev_state; +#endif u_char ea_id; /* Current id */ u_char ea_requests; /* Number of Requests sent/received */ u_char ea_responses; /* Number of Responses */ u_char ea_type; /* One of EAPT_* */ u_int32_t ea_keyflags; /* SRP shared key usage flags */ +#ifdef USE_EAPTLS + bool ea_using_eaptls; +#endif }; /* @@ -135,14 +164,19 @@ typedef struct eap_state { * Timeouts. */ #define EAP_DEFTIMEOUT 3 /* Timeout (seconds) for rexmit */ +#ifdef USE_EAPTLS +#define EAP_DEFTRANSMITS 30 /* max # times to transmit */ + /* certificates can be long ... */ +#else #define EAP_DEFTRANSMITS 10 /* max # times to transmit */ +#endif /* USE_EAPTLS */ #define EAP_DEFREQTIME 20 /* Time to wait for peer request */ #define EAP_DEFALLOWREQ 20 /* max # times to accept requests */ extern eap_state eap_states[]; -void eap_authwithpeer __P((int unit, char *localname)); -void eap_authpeer __P((int unit, char *localname)); +void eap_authwithpeer (int unit, char *localname); +void eap_authpeer (int unit, char *localname); extern struct protent eap_protent;