eap_tls_common.h revision 189251
1189251Ssam/* 2189251Ssam * EAP peer: EAP-TLS/PEAP/TTLS/FAST common functions 3189251Ssam * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi> 4189251Ssam * 5189251Ssam * This program is free software; you can redistribute it and/or modify 6189251Ssam * it under the terms of the GNU General Public License version 2 as 7189251Ssam * published by the Free Software Foundation. 8189251Ssam * 9189251Ssam * Alternatively, this software may be distributed under the terms of BSD 10189251Ssam * license. 11189251Ssam * 12189251Ssam * See README and COPYING for more details. 13189251Ssam */ 14189251Ssam 15189251Ssam#ifndef EAP_TLS_COMMON_H 16189251Ssam#define EAP_TLS_COMMON_H 17189251Ssam 18189251Ssam/** 19189251Ssam * struct eap_ssl_data - TLS data for EAP methods 20189251Ssam */ 21189251Ssamstruct eap_ssl_data { 22189251Ssam /** 23189251Ssam * conn - TLS connection context data from tls_connection_init() 24189251Ssam */ 25189251Ssam struct tls_connection *conn; 26189251Ssam 27189251Ssam /** 28189251Ssam * tls_out - TLS message to be sent out in fragments 29189251Ssam */ 30189251Ssam u8 *tls_out; 31189251Ssam 32189251Ssam /** 33189251Ssam * tls_out_len - Total length of the outgoing TLS message 34189251Ssam */ 35189251Ssam size_t tls_out_len; 36189251Ssam 37189251Ssam /** 38189251Ssam * tls_out_pos - The current position in the outgoing TLS message 39189251Ssam */ 40189251Ssam size_t tls_out_pos; 41189251Ssam 42189251Ssam /** 43189251Ssam * tls_out_limit - Maximum fragment size for outgoing TLS messages 44189251Ssam */ 45189251Ssam size_t tls_out_limit; 46189251Ssam 47189251Ssam /** 48189251Ssam * tls_in - Received TLS message buffer for re-assembly 49189251Ssam */ 50189251Ssam u8 *tls_in; 51189251Ssam 52189251Ssam /** 53189251Ssam * tls_in_len - Number of bytes of the received TLS message in tls_in 54189251Ssam */ 55189251Ssam size_t tls_in_len; 56189251Ssam 57189251Ssam /** 58189251Ssam * tls_in_left - Number of remaining bytes in the incoming TLS message 59189251Ssam */ 60189251Ssam size_t tls_in_left; 61189251Ssam 62189251Ssam /** 63189251Ssam * tls_in_total - Total number of bytes in the incoming TLS message 64189251Ssam */ 65189251Ssam size_t tls_in_total; 66189251Ssam 67189251Ssam /** 68189251Ssam * phase2 - Whether this TLS connection is used in EAP phase 2 (tunnel) 69189251Ssam */ 70189251Ssam int phase2; 71189251Ssam 72189251Ssam /** 73189251Ssam * include_tls_length - Whether the TLS length field is included even 74189251Ssam * if the TLS data is not fragmented 75189251Ssam */ 76189251Ssam int include_tls_length; 77189251Ssam 78189251Ssam /** 79189251Ssam * tls_ia - Whether TLS/IA is enabled for this TLS connection 80189251Ssam */ 81189251Ssam int tls_ia; 82189251Ssam 83189251Ssam /** 84189251Ssam * eap - Pointer to EAP state machine allocated with eap_peer_sm_init() 85189251Ssam */ 86189251Ssam struct eap_sm *eap; 87189251Ssam}; 88189251Ssam 89189251Ssam 90189251Ssam/* EAP TLS Flags */ 91189251Ssam#define EAP_TLS_FLAGS_LENGTH_INCLUDED 0x80 92189251Ssam#define EAP_TLS_FLAGS_MORE_FRAGMENTS 0x40 93189251Ssam#define EAP_TLS_FLAGS_START 0x20 94189251Ssam#define EAP_PEAP_VERSION_MASK 0x07 95189251Ssam 96189251Ssam /* could be up to 128 bytes, but only the first 64 bytes are used */ 97189251Ssam#define EAP_TLS_KEY_LEN 64 98189251Ssam 99189251Ssam 100189251Ssamint eap_peer_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data, 101189251Ssam struct eap_peer_config *config); 102189251Ssamvoid eap_peer_tls_ssl_deinit(struct eap_sm *sm, struct eap_ssl_data *data); 103189251Ssamu8 * eap_peer_tls_derive_key(struct eap_sm *sm, struct eap_ssl_data *data, 104189251Ssam const char *label, size_t len); 105189251Ssamconst u8 * eap_peer_tls_data_reassemble( 106189251Ssam struct eap_ssl_data *data, const u8 *in_data, size_t in_len, 107189251Ssam size_t *out_len, int *need_more_input); 108189251Ssamint eap_peer_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data, 109189251Ssam EapType eap_type, int peap_version, 110189251Ssam u8 id, const u8 *in_data, size_t in_len, 111189251Ssam struct wpabuf **out_data); 112189251Ssamstruct wpabuf * eap_peer_tls_build_ack(u8 id, EapType eap_type, 113189251Ssam int peap_version); 114189251Ssamint eap_peer_tls_reauth_init(struct eap_sm *sm, struct eap_ssl_data *data); 115189251Ssamint eap_peer_tls_status(struct eap_sm *sm, struct eap_ssl_data *data, 116189251Ssam char *buf, size_t buflen, int verbose); 117189251Ssamconst u8 * eap_peer_tls_process_init(struct eap_sm *sm, 118189251Ssam struct eap_ssl_data *data, 119189251Ssam EapType eap_type, 120189251Ssam struct eap_method_ret *ret, 121189251Ssam const struct wpabuf *reqData, 122189251Ssam size_t *len, u8 *flags); 123189251Ssamvoid eap_peer_tls_reset_input(struct eap_ssl_data *data); 124189251Ssamvoid eap_peer_tls_reset_output(struct eap_ssl_data *data); 125189251Ssamint eap_peer_tls_decrypt(struct eap_sm *sm, struct eap_ssl_data *data, 126189251Ssam const struct wpabuf *in_data, 127189251Ssam struct wpabuf **in_decrypted); 128189251Ssamint eap_peer_tls_encrypt(struct eap_sm *sm, struct eap_ssl_data *data, 129189251Ssam EapType eap_type, int peap_version, u8 id, 130189251Ssam const struct wpabuf *in_data, 131189251Ssam struct wpabuf **out_data); 132189251Ssamint eap_peer_select_phase2_methods(struct eap_peer_config *config, 133189251Ssam const char *prefix, 134189251Ssam struct eap_method_type **types, 135189251Ssam size_t *num_types); 136189251Ssamint eap_peer_tls_phase2_nak(struct eap_method_type *types, size_t num_types, 137189251Ssam struct eap_hdr *hdr, struct wpabuf **resp); 138189251Ssam 139189251Ssam#endif /* EAP_TLS_COMMON_H */ 140