eapClosed, /* Authentication not in use */
eapListen, /* Client ready (and timer running) */
eapIdentify, /* EAP Identify sent */
+ eapTlsStart, /* Send EAP-TLS start packet */
+ eapTlsRecv, /* Receive EAP-TLS tls data */
+ eapTlsSendAck, /* Send EAP-TLS ack */
+ eapTlsSend, /* Send EAP-TLS tls data */
+ eapTlsRecvAck, /* Receive EAP-TLS ack */
+ eapTlsRecvClient, /* Receive EAP-TLS auth response from client*/
+ eapTlsSendAlert, /* Send EAP-TLS tls alert (server)*/
+ eapTlsRecvAlertAck, /* Receive EAP-TLS ack after sending alert */
+ eapTlsRecvSuccess, /* Receive EAP success */
+ eapTlsRecvFailure, /* Receive EAP failure */
eapSRP1, /* Sent EAP SRP-SHA1 Subtype 1 */
eapSRP2, /* Sent EAP SRP-SHA1 Subtype 2 */
eapSRP3, /* Sent EAP SRP-SHA1 Subtype 3 */
#define EAP_STATES \
"Initial", "Pending", "Closed", "Listen", "Identify", \
+ "TlsStart", "TlsRecv", "TlsSendAck", "TlsSend", "TlsRecvAck", "TlsRecvClient",\
+ "TlsSendAlert", "TlsRecvAlertAck" , "TlsRecvSuccess", "TlsRecvFailure", \
"SRP1", "SRP2", "SRP3", "MD5Chall", "Open", "SRP4", "BadAuth"
-#define eap_client_active(esp) ((esp)->es_client.ea_state == eapListen)
+#ifdef USE_EAPTLS
+#define eap_client_active(esp) ((esp)->es_client.ea_state != eapInitial &&\
+ (esp)->es_client.ea_state != eapPending &&\
+ (esp)->es_client.ea_state != eapClosed)
+#else
+#define eap_client_active(esp) ((esp)->es_client.ea_state == eapListen)
+#endif /* USE_EAPTLS */
+
#define eap_server_active(esp) \
((esp)->es_server.ea_state >= eapIdentify && \
(esp)->es_server.ea_state <= eapMD5Chall)
u_short ea_namelen; /* Length of our name */
u_short ea_peerlen; /* Length of peer's name */
enum eap_state_code ea_state;
+#ifdef USE_EAPTLS
+ enum eap_state_code ea_prev_state;
+#endif
u_char ea_id; /* Current id */
u_char ea_requests; /* Number of Requests sent/received */
u_char ea_responses; /* Number of Responses */
u_char ea_type; /* One of EAPT_* */
u_int32_t ea_keyflags; /* SRP shared key usage flags */
+#ifdef USE_EAPTLS
+ bool ea_using_eaptls;
+#endif
};
/*
* Timeouts.
*/
#define EAP_DEFTIMEOUT 3 /* Timeout (seconds) for rexmit */
+#ifdef USE_EAPTLS
+#define EAP_DEFTRANSMITS 30 /* max # times to transmit */
+ /* certificates can be long ... */
+#else
#define EAP_DEFTRANSMITS 10 /* max # times to transmit */
+#endif /* USE_EAPTLS */
#define EAP_DEFREQTIME 20 /* Time to wait for peer request */
#define EAP_DEFALLOWREQ 20 /* max # times to accept requests */