eap_tls_common.h revision 214734
154359Sroberto/* 2182007Sroberto * EAP peer: EAP-TLS/PEAP/TTLS/FAST common functions 3285612Sdelphij * Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi> 4182007Sroberto * 554359Sroberto * This program is free software; you can redistribute it and/or modify 654359Sroberto * it under the terms of the GNU General Public License version 2 as 754359Sroberto * published by the Free Software Foundation. 8285612Sdelphij * 9285612Sdelphij * Alternatively, this software may be distributed under the terms of BSD 1054359Sroberto * license. 11182007Sroberto * 12182007Sroberto * See README and COPYING for more details. 13182007Sroberto */ 14182007Sroberto 15182007Sroberto#ifndef EAP_TLS_COMMON_H 16182007Sroberto#define EAP_TLS_COMMON_H 17182007Sroberto 18182007Sroberto/** 19182007Sroberto * struct eap_ssl_data - TLS data for EAP methods 20182007Sroberto */ 21182007Srobertostruct eap_ssl_data { 22182007Sroberto /** 23182007Sroberto * conn - TLS connection context data from tls_connection_init() 24182007Sroberto */ 25182007Sroberto struct tls_connection *conn; 26182007Sroberto 27182007Sroberto /** 28182007Sroberto * tls_out - TLS message to be sent out in fragments 29182007Sroberto */ 30182007Sroberto struct wpabuf *tls_out; 31182007Sroberto 32182007Sroberto /** 33182007Sroberto * tls_out_pos - The current position in the outgoing TLS message 34182007Sroberto */ 3554359Sroberto size_t tls_out_pos; 3654359Sroberto 3754359Sroberto /** 3854359Sroberto * tls_out_limit - Maximum fragment size for outgoing TLS messages 3954359Sroberto */ 4054359Sroberto size_t tls_out_limit; 4154359Sroberto 4254359Sroberto /** 4354359Sroberto * tls_in - Received TLS message buffer for re-assembly 4454359Sroberto */ 4554359Sroberto struct wpabuf *tls_in; 4654359Sroberto 4754359Sroberto /** 4854359Sroberto * tls_in_left - Number of remaining bytes in the incoming TLS message 4954359Sroberto */ 5054359Sroberto size_t tls_in_left; 5154359Sroberto 5254359Sroberto /** 5354359Sroberto * tls_in_total - Total number of bytes in the incoming TLS message 5454359Sroberto */ 5554359Sroberto size_t tls_in_total; 5654359Sroberto 5754359Sroberto /** 5854359Sroberto * phase2 - Whether this TLS connection is used in EAP phase 2 (tunnel) 5954359Sroberto */ 6054359Sroberto int phase2; 6154359Sroberto 6254359Sroberto /** 6354359Sroberto * include_tls_length - Whether the TLS length field is included even 6454359Sroberto * if the TLS data is not fragmented 6554359Sroberto */ 6654359Sroberto int include_tls_length; 6754359Sroberto 68285612Sdelphij /** 6954359Sroberto * tls_ia - Whether TLS/IA is enabled for this TLS connection 7054359Sroberto */ 7154359Sroberto int tls_ia; 7254359Sroberto 7354359Sroberto /** 7454359Sroberto * eap - EAP state machine allocated with eap_peer_sm_init() 7554359Sroberto */ 7654359Sroberto struct eap_sm *eap; 7754359Sroberto}; 7854359Sroberto 7954359Sroberto 8054359Sroberto/* EAP TLS Flags */ 8154359Sroberto#define EAP_TLS_FLAGS_LENGTH_INCLUDED 0x80 8254359Sroberto#define EAP_TLS_FLAGS_MORE_FRAGMENTS 0x40 8354359Sroberto#define EAP_TLS_FLAGS_START 0x20 8454359Sroberto#define EAP_TLS_VERSION_MASK 0x07 8554359Sroberto 8654359Sroberto /* could be up to 128 bytes, but only the first 64 bytes are used */ 8754359Sroberto#define EAP_TLS_KEY_LEN 64 8854359Sroberto 8954359Sroberto 9054359Srobertoint eap_peer_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data, 9154359Sroberto struct eap_peer_config *config); 9254359Srobertovoid eap_peer_tls_ssl_deinit(struct eap_sm *sm, struct eap_ssl_data *data); 9354359Srobertou8 * eap_peer_tls_derive_key(struct eap_sm *sm, struct eap_ssl_data *data, 9454359Sroberto const char *label, size_t len); 9554359Srobertoint eap_peer_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data, 9654359Sroberto EapType eap_type, int peap_version, 9754359Sroberto u8 id, const u8 *in_data, size_t in_len, 9854359Sroberto struct wpabuf **out_data); 9954359Srobertostruct wpabuf * eap_peer_tls_build_ack(u8 id, EapType eap_type, 10054359Sroberto int peap_version); 10154359Srobertoint eap_peer_tls_reauth_init(struct eap_sm *sm, struct eap_ssl_data *data); 10254359Srobertoint eap_peer_tls_status(struct eap_sm *sm, struct eap_ssl_data *data, 10354359Sroberto char *buf, size_t buflen, int verbose); 10454359Srobertoconst u8 * eap_peer_tls_process_init(struct eap_sm *sm, 10554359Sroberto struct eap_ssl_data *data, 10654359Sroberto EapType eap_type, 10754359Sroberto struct eap_method_ret *ret, 108285612Sdelphij const struct wpabuf *reqData, 109285612Sdelphij size_t *len, u8 *flags); 11054359Srobertovoid eap_peer_tls_reset_input(struct eap_ssl_data *data); 111285612Sdelphijvoid eap_peer_tls_reset_output(struct eap_ssl_data *data); 11254359Srobertoint eap_peer_tls_decrypt(struct eap_sm *sm, struct eap_ssl_data *data, 113285612Sdelphij const struct wpabuf *in_data, 11454359Sroberto struct wpabuf **in_decrypted); 115285612Sdelphijint eap_peer_tls_encrypt(struct eap_sm *sm, struct eap_ssl_data *data, 11654359Sroberto EapType eap_type, int peap_version, u8 id, 11754359Sroberto const struct wpabuf *in_data, 11854359Sroberto struct wpabuf **out_data); 11954359Srobertoint eap_peer_select_phase2_methods(struct eap_peer_config *config, 12054359Sroberto const char *prefix, 12154359Sroberto struct eap_method_type **types, 12254359Sroberto size_t *num_types); 123285612Sdelphijint eap_peer_tls_phase2_nak(struct eap_method_type *types, size_t num_types, 12454359Sroberto struct eap_hdr *hdr, struct wpabuf **resp); 12554359Sroberto 12654359Sroberto#endif /* EAP_TLS_COMMON_H */ 12754359Sroberto