eap_tls_common.h revision 189251 
1189251Ssam/*
2189251Ssam * EAP peer: EAP-TLS/PEAP/TTLS/FAST common functions
3189251Ssam * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
4189251Ssam *
5189251Ssam * This program is free software; you can redistribute it and/or modify
6189251Ssam * it under the terms of the GNU General Public License version 2 as
7189251Ssam * published by the Free Software Foundation.
8189251Ssam *
9189251Ssam * Alternatively, this software may be distributed under the terms of BSD
10189251Ssam * license.
11189251Ssam *
12189251Ssam * See README and COPYING for more details.
13189251Ssam */
14189251Ssam
15189251Ssam#ifndef EAP_TLS_COMMON_H
16189251Ssam#define EAP_TLS_COMMON_H
17189251Ssam
18189251Ssam/**
19189251Ssam * struct eap_ssl_data - TLS data for EAP methods
20189251Ssam */
21189251Ssamstruct eap_ssl_data {
22189251Ssam	/**
23189251Ssam	 * conn - TLS connection context data from tls_connection_init()
24189251Ssam	 */
25189251Ssam	struct tls_connection *conn;
26189251Ssam
27189251Ssam	/**
28189251Ssam	 * tls_out - TLS message to be sent out in fragments
29189251Ssam	 */
30189251Ssam	u8 *tls_out;
31189251Ssam
32189251Ssam	/**
33189251Ssam	 * tls_out_len - Total length of the outgoing TLS message
34189251Ssam	 */
35189251Ssam	size_t tls_out_len;
36189251Ssam
37189251Ssam	/**
38189251Ssam	 * tls_out_pos - The current position in the outgoing TLS message
39189251Ssam	 */
40189251Ssam	size_t tls_out_pos;
41189251Ssam
42189251Ssam	/**
43189251Ssam	 * tls_out_limit - Maximum fragment size for outgoing TLS messages
44189251Ssam	 */
45189251Ssam	size_t tls_out_limit;
46189251Ssam
47189251Ssam	/**
48189251Ssam	 * tls_in - Received TLS message buffer for re-assembly
49189251Ssam	 */
50189251Ssam	u8 *tls_in;
51189251Ssam
52189251Ssam	/**
53189251Ssam	 * tls_in_len - Number of bytes of the received TLS message in tls_in
54189251Ssam	 */
55189251Ssam	size_t tls_in_len;
56189251Ssam
57189251Ssam	/**
58189251Ssam	 * tls_in_left - Number of remaining bytes in the incoming TLS message
59189251Ssam	 */
60189251Ssam	size_t tls_in_left;
61189251Ssam
62189251Ssam	/**
63189251Ssam	 * tls_in_total - Total number of bytes in the incoming TLS message
64189251Ssam	 */
65189251Ssam	size_t tls_in_total;
66189251Ssam
67189251Ssam	/**
68189251Ssam	 * phase2 - Whether this TLS connection is used in EAP phase 2 (tunnel)
69189251Ssam	 */
70189251Ssam	int phase2;
71189251Ssam
72189251Ssam	/**
73189251Ssam	 * include_tls_length - Whether the TLS length field is included even
74189251Ssam	 * if the TLS data is not fragmented
75189251Ssam	 */
76189251Ssam	int include_tls_length;
77189251Ssam
78189251Ssam	/**
79189251Ssam	 * tls_ia - Whether TLS/IA is enabled for this TLS connection
80189251Ssam	 */
81189251Ssam	int tls_ia;
82189251Ssam
83189251Ssam	/**
84189251Ssam	 * eap - Pointer to EAP state machine allocated with eap_peer_sm_init()
85189251Ssam	 */
86189251Ssam	struct eap_sm *eap;
87189251Ssam};
88189251Ssam
89189251Ssam
90189251Ssam/* EAP TLS Flags */
91189251Ssam#define EAP_TLS_FLAGS_LENGTH_INCLUDED 0x80
92189251Ssam#define EAP_TLS_FLAGS_MORE_FRAGMENTS 0x40
93189251Ssam#define EAP_TLS_FLAGS_START 0x20
94189251Ssam#define EAP_PEAP_VERSION_MASK 0x07
95189251Ssam
96189251Ssam /* could be up to 128 bytes, but only the first 64 bytes are used */
97189251Ssam#define EAP_TLS_KEY_LEN 64
98189251Ssam
99189251Ssam
100189251Ssamint eap_peer_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
101189251Ssam			  struct eap_peer_config *config);
102189251Ssamvoid eap_peer_tls_ssl_deinit(struct eap_sm *sm, struct eap_ssl_data *data);
103189251Ssamu8 * eap_peer_tls_derive_key(struct eap_sm *sm, struct eap_ssl_data *data,
104189251Ssam			     const char *label, size_t len);
105189251Ssamconst u8 * eap_peer_tls_data_reassemble(
106189251Ssam	struct eap_ssl_data *data, const u8 *in_data, size_t in_len,
107189251Ssam	size_t *out_len, int *need_more_input);
108189251Ssamint eap_peer_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data,
109189251Ssam				EapType eap_type, int peap_version,
110189251Ssam				u8 id, const u8 *in_data, size_t in_len,
111189251Ssam				struct wpabuf **out_data);
112189251Ssamstruct wpabuf * eap_peer_tls_build_ack(u8 id, EapType eap_type,
113189251Ssam				       int peap_version);
114189251Ssamint eap_peer_tls_reauth_init(struct eap_sm *sm, struct eap_ssl_data *data);
115189251Ssamint eap_peer_tls_status(struct eap_sm *sm, struct eap_ssl_data *data,
116189251Ssam			char *buf, size_t buflen, int verbose);
117189251Ssamconst u8 * eap_peer_tls_process_init(struct eap_sm *sm,
118189251Ssam				     struct eap_ssl_data *data,
119189251Ssam				     EapType eap_type,
120189251Ssam				     struct eap_method_ret *ret,
121189251Ssam				     const struct wpabuf *reqData,
122189251Ssam				     size_t *len, u8 *flags);
123189251Ssamvoid eap_peer_tls_reset_input(struct eap_ssl_data *data);
124189251Ssamvoid eap_peer_tls_reset_output(struct eap_ssl_data *data);
125189251Ssamint eap_peer_tls_decrypt(struct eap_sm *sm, struct eap_ssl_data *data,
126189251Ssam			 const struct wpabuf *in_data,
127189251Ssam			 struct wpabuf **in_decrypted);
128189251Ssamint eap_peer_tls_encrypt(struct eap_sm *sm, struct eap_ssl_data *data,
129189251Ssam			 EapType eap_type, int peap_version, u8 id,
130189251Ssam			 const struct wpabuf *in_data,
131189251Ssam			 struct wpabuf **out_data);
132189251Ssamint eap_peer_select_phase2_methods(struct eap_peer_config *config,
133189251Ssam				   const char *prefix,
134189251Ssam				   struct eap_method_type **types,
135189251Ssam				   size_t *num_types);
136189251Ssamint eap_peer_tls_phase2_nak(struct eap_method_type *types, size_t num_types,
137189251Ssam			    struct eap_hdr *hdr, struct wpabuf **resp);
138189251Ssam
139189251Ssam#endif /* EAP_TLS_COMMON_H */
140