3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-12-04 02:19:30 +01:00
iwd/src/eap.h

104 lines
3.2 KiB
C
Raw Normal View History

/*
*
* Wireless daemon for Linux
*
* Copyright (C) 2013-2019 Intel Corporation. All rights reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
*/
#include <stdint.h>
#include <stdbool.h>
#include <asm/byteorder.h>
#include <linux/types.h>
struct eap_state;
enum eap_result {
EAP_RESULT_SUCCESS,
EAP_RESULT_FAIL,
EAP_RESULT_TIMEOUT,
};
eap: Validate settings, report passwords needed With the goal of requesting the required passwords/passphrases, such as the TLS private key passphrase, from the agent, add a static method eap_check_settings to validate the settings and calculate what passwords are needed for those settings, if any. This is separate from eap_load_settings because that can only be called later, once we've got an eap state machine object. We need to get all the needed EAP credentials from the user before we even start connecting. While we do this, we also validate the settings and output any error messages through l_error (this could be changed so the messages go somewhere else in the future), so I removed the error messages from eap_load_settings and that method now assumes that eap_check_settings has been called before. eap_check_settings calls the appropriate method's .check_settings method if the settings are complete enough to contain the method name. The policy is that any data can be provided inside the l_settings object (from the network provisioning/config file), but some of the more sensitive fields, like private key passwords, can be optionally omitted and then the UI will ask for them and iwd will be careful with caching them. Within struct eap_secret_info, "id" is mainly for the EAP method to locate the info in the list. "value" is the actual value returned by agent. "parameter" is an optional string to be passed to the agent. For a private key passphrase it may be the path to the key file, for a password it may be the username for which the password is requested.
2018-04-18 07:03:22 +02:00
enum eap_secret_type {
EAP_SECRET_LOCAL_PKEY_PASSPHRASE,
EAP_SECRET_REMOTE_PASSWORD,
EAP_SECRET_REMOTE_USER_PASSWORD,
};
enum eap_secret_cache_policy {
EAP_CACHE_NEVER,
EAP_CACHE_TEMPORARY,
};
eap: Validate settings, report passwords needed With the goal of requesting the required passwords/passphrases, such as the TLS private key passphrase, from the agent, add a static method eap_check_settings to validate the settings and calculate what passwords are needed for those settings, if any. This is separate from eap_load_settings because that can only be called later, once we've got an eap state machine object. We need to get all the needed EAP credentials from the user before we even start connecting. While we do this, we also validate the settings and output any error messages through l_error (this could be changed so the messages go somewhere else in the future), so I removed the error messages from eap_load_settings and that method now assumes that eap_check_settings has been called before. eap_check_settings calls the appropriate method's .check_settings method if the settings are complete enough to contain the method name. The policy is that any data can be provided inside the l_settings object (from the network provisioning/config file), but some of the more sensitive fields, like private key passwords, can be optionally omitted and then the UI will ask for them and iwd will be careful with caching them. Within struct eap_secret_info, "id" is mainly for the EAP method to locate the info in the list. "value" is the actual value returned by agent. "parameter" is an optional string to be passed to the agent. For a private key passphrase it may be the path to the key file, for a password it may be the username for which the password is requested.
2018-04-18 07:03:22 +02:00
struct eap_secret_info {
char *id;
char *id2;
eap: Validate settings, report passwords needed With the goal of requesting the required passwords/passphrases, such as the TLS private key passphrase, from the agent, add a static method eap_check_settings to validate the settings and calculate what passwords are needed for those settings, if any. This is separate from eap_load_settings because that can only be called later, once we've got an eap state machine object. We need to get all the needed EAP credentials from the user before we even start connecting. While we do this, we also validate the settings and output any error messages through l_error (this could be changed so the messages go somewhere else in the future), so I removed the error messages from eap_load_settings and that method now assumes that eap_check_settings has been called before. eap_check_settings calls the appropriate method's .check_settings method if the settings are complete enough to contain the method name. The policy is that any data can be provided inside the l_settings object (from the network provisioning/config file), but some of the more sensitive fields, like private key passwords, can be optionally omitted and then the UI will ask for them and iwd will be careful with caching them. Within struct eap_secret_info, "id" is mainly for the EAP method to locate the info in the list. "value" is the actual value returned by agent. "parameter" is an optional string to be passed to the agent. For a private key passphrase it may be the path to the key file, for a password it may be the username for which the password is requested.
2018-04-18 07:03:22 +02:00
enum eap_secret_type type;
char *parameter;
char *value;
enum eap_secret_cache_policy cache_policy;
eap: Validate settings, report passwords needed With the goal of requesting the required passwords/passphrases, such as the TLS private key passphrase, from the agent, add a static method eap_check_settings to validate the settings and calculate what passwords are needed for those settings, if any. This is separate from eap_load_settings because that can only be called later, once we've got an eap state machine object. We need to get all the needed EAP credentials from the user before we even start connecting. While we do this, we also validate the settings and output any error messages through l_error (this could be changed so the messages go somewhere else in the future), so I removed the error messages from eap_load_settings and that method now assumes that eap_check_settings has been called before. eap_check_settings calls the appropriate method's .check_settings method if the settings are complete enough to contain the method name. The policy is that any data can be provided inside the l_settings object (from the network provisioning/config file), but some of the more sensitive fields, like private key passwords, can be optionally omitted and then the UI will ask for them and iwd will be careful with caching them. Within struct eap_secret_info, "id" is mainly for the EAP method to locate the info in the list. "value" is the actual value returned by agent. "parameter" is an optional string to be passed to the agent. For a private key passphrase it may be the path to the key file, for a password it may be the username for which the password is requested.
2018-04-18 07:03:22 +02:00
};
typedef void (*eap_tx_packet_func_t)(const uint8_t *eap_data, size_t len,
void *user_data);
typedef void (*eap_key_material_func_t)(const uint8_t *msk_data, size_t msk_len,
const uint8_t *emsk_data, size_t emsk_len,
const uint8_t *iv, size_t iv_len,
const uint8_t *session_id, size_t session_len,
void *user_data);
typedef void (*eap_complete_func_t)(enum eap_result result, void *user_data);
typedef void (*eap_event_func_t)(unsigned int event, const void *event_data,
void *user_data);
bool eap_secret_info_match(const void *a, const void *b);
void eap_secret_info_free(void *data);
struct eap_state *eap_new(eap_tx_packet_func_t tx_packet,
eap_complete_func_t complete, void *user_data);
void eap_free(struct eap_state *eap);
eap: Validate settings, report passwords needed With the goal of requesting the required passwords/passphrases, such as the TLS private key passphrase, from the agent, add a static method eap_check_settings to validate the settings and calculate what passwords are needed for those settings, if any. This is separate from eap_load_settings because that can only be called later, once we've got an eap state machine object. We need to get all the needed EAP credentials from the user before we even start connecting. While we do this, we also validate the settings and output any error messages through l_error (this could be changed so the messages go somewhere else in the future), so I removed the error messages from eap_load_settings and that method now assumes that eap_check_settings has been called before. eap_check_settings calls the appropriate method's .check_settings method if the settings are complete enough to contain the method name. The policy is that any data can be provided inside the l_settings object (from the network provisioning/config file), but some of the more sensitive fields, like private key passwords, can be optionally omitted and then the UI will ask for them and iwd will be careful with caching them. Within struct eap_secret_info, "id" is mainly for the EAP method to locate the info in the list. "value" is the actual value returned by agent. "parameter" is an optional string to be passed to the agent. For a private key passphrase it may be the path to the key file, for a password it may be the username for which the password is requested.
2018-04-18 07:03:22 +02:00
void eap_append_secret(struct l_queue **out_missing, enum eap_secret_type type,
const char *id, const char *id2, const char *parameter,
enum eap_secret_cache_policy cache_policy);
eap: Validate settings, report passwords needed With the goal of requesting the required passwords/passphrases, such as the TLS private key passphrase, from the agent, add a static method eap_check_settings to validate the settings and calculate what passwords are needed for those settings, if any. This is separate from eap_load_settings because that can only be called later, once we've got an eap state machine object. We need to get all the needed EAP credentials from the user before we even start connecting. While we do this, we also validate the settings and output any error messages through l_error (this could be changed so the messages go somewhere else in the future), so I removed the error messages from eap_load_settings and that method now assumes that eap_check_settings has been called before. eap_check_settings calls the appropriate method's .check_settings method if the settings are complete enough to contain the method name. The policy is that any data can be provided inside the l_settings object (from the network provisioning/config file), but some of the more sensitive fields, like private key passwords, can be optionally omitted and then the UI will ask for them and iwd will be careful with caching them. Within struct eap_secret_info, "id" is mainly for the EAP method to locate the info in the list. "value" is the actual value returned by agent. "parameter" is an optional string to be passed to the agent. For a private key passphrase it may be the path to the key file, for a password it may be the username for which the password is requested.
2018-04-18 07:03:22 +02:00
int eap_check_settings(struct l_settings *settings, struct l_queue *secrets,
eap: Validate settings, report passwords needed With the goal of requesting the required passwords/passphrases, such as the TLS private key passphrase, from the agent, add a static method eap_check_settings to validate the settings and calculate what passwords are needed for those settings, if any. This is separate from eap_load_settings because that can only be called later, once we've got an eap state machine object. We need to get all the needed EAP credentials from the user before we even start connecting. While we do this, we also validate the settings and output any error messages through l_error (this could be changed so the messages go somewhere else in the future), so I removed the error messages from eap_load_settings and that method now assumes that eap_check_settings has been called before. eap_check_settings calls the appropriate method's .check_settings method if the settings are complete enough to contain the method name. The policy is that any data can be provided inside the l_settings object (from the network provisioning/config file), but some of the more sensitive fields, like private key passwords, can be optionally omitted and then the UI will ask for them and iwd will be careful with caching them. Within struct eap_secret_info, "id" is mainly for the EAP method to locate the info in the list. "value" is the actual value returned by agent. "parameter" is an optional string to be passed to the agent. For a private key passphrase it may be the path to the key file, for a password it may be the username for which the password is requested.
2018-04-18 07:03:22 +02:00
const char *prefix, bool set_key_material,
struct l_queue **out_missing);
bool eap_load_settings(struct eap_state *eap, struct l_settings *settings,
const char *prefix);
bool eap_reset(struct eap_state *eap);
void eap_start(struct eap_state *eap);
void eap_set_key_material_func(struct eap_state *eap,
eap_key_material_func_t func);
void eap_set_event_func(struct eap_state *eap, eap_event_func_t func);
void eap_set_mtu(struct eap_state *eap, size_t mtu);
size_t eap_get_mtu(struct eap_state *eap);
2019-04-10 23:52:31 +02:00
const char *eap_get_identity(struct eap_state *eap);
void eap_rx_packet(struct eap_state *eap, const uint8_t *pkt, size_t len);
void eap_set_peer_id(struct eap_state *eap, const char *id);
const char *eap_get_peer_id(struct eap_state *eap);
void __eap_set_config(struct l_settings *config);
int eap_init(void);
void eap_exit(void);