eap_tls_common.h revision 214734 
154359Sroberto/*
2182007Sroberto * EAP peer: EAP-TLS/PEAP/TTLS/FAST common functions
3285612Sdelphij * Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi>
4182007Sroberto *
554359Sroberto * This program is free software; you can redistribute it and/or modify
654359Sroberto * it under the terms of the GNU General Public License version 2 as
754359Sroberto * published by the Free Software Foundation.
8285612Sdelphij *
9285612Sdelphij * Alternatively, this software may be distributed under the terms of BSD
1054359Sroberto * license.
11182007Sroberto *
12182007Sroberto * See README and COPYING for more details.
13182007Sroberto */
14182007Sroberto
15182007Sroberto#ifndef EAP_TLS_COMMON_H
16182007Sroberto#define EAP_TLS_COMMON_H
17182007Sroberto
18182007Sroberto/**
19182007Sroberto * struct eap_ssl_data - TLS data for EAP methods
20182007Sroberto */
21182007Srobertostruct eap_ssl_data {
22182007Sroberto	/**
23182007Sroberto	 * conn - TLS connection context data from tls_connection_init()
24182007Sroberto	 */
25182007Sroberto	struct tls_connection *conn;
26182007Sroberto
27182007Sroberto	/**
28182007Sroberto	 * tls_out - TLS message to be sent out in fragments
29182007Sroberto	 */
30182007Sroberto	struct wpabuf *tls_out;
31182007Sroberto
32182007Sroberto	/**
33182007Sroberto	 * tls_out_pos - The current position in the outgoing TLS message
34182007Sroberto	 */
3554359Sroberto	size_t tls_out_pos;
3654359Sroberto
3754359Sroberto	/**
3854359Sroberto	 * tls_out_limit - Maximum fragment size for outgoing TLS messages
3954359Sroberto	 */
4054359Sroberto	size_t tls_out_limit;
4154359Sroberto
4254359Sroberto	/**
4354359Sroberto	 * tls_in - Received TLS message buffer for re-assembly
4454359Sroberto	 */
4554359Sroberto	struct wpabuf *tls_in;
4654359Sroberto
4754359Sroberto	/**
4854359Sroberto	 * tls_in_left - Number of remaining bytes in the incoming TLS message
4954359Sroberto	 */
5054359Sroberto	size_t tls_in_left;
5154359Sroberto
5254359Sroberto	/**
5354359Sroberto	 * tls_in_total - Total number of bytes in the incoming TLS message
5454359Sroberto	 */
5554359Sroberto	size_t tls_in_total;
5654359Sroberto
5754359Sroberto	/**
5854359Sroberto	 * phase2 - Whether this TLS connection is used in EAP phase 2 (tunnel)
5954359Sroberto	 */
6054359Sroberto	int phase2;
6154359Sroberto
6254359Sroberto	/**
6354359Sroberto	 * include_tls_length - Whether the TLS length field is included even
6454359Sroberto	 * if the TLS data is not fragmented
6554359Sroberto	 */
6654359Sroberto	int include_tls_length;
6754359Sroberto
68285612Sdelphij	/**
6954359Sroberto	 * tls_ia - Whether TLS/IA is enabled for this TLS connection
7054359Sroberto	 */
7154359Sroberto	int tls_ia;
7254359Sroberto
7354359Sroberto	/**
7454359Sroberto	 * eap - EAP state machine allocated with eap_peer_sm_init()
7554359Sroberto	 */
7654359Sroberto	struct eap_sm *eap;
7754359Sroberto};
7854359Sroberto
7954359Sroberto
8054359Sroberto/* EAP TLS Flags */
8154359Sroberto#define EAP_TLS_FLAGS_LENGTH_INCLUDED 0x80
8254359Sroberto#define EAP_TLS_FLAGS_MORE_FRAGMENTS 0x40
8354359Sroberto#define EAP_TLS_FLAGS_START 0x20
8454359Sroberto#define EAP_TLS_VERSION_MASK 0x07
8554359Sroberto
8654359Sroberto /* could be up to 128 bytes, but only the first 64 bytes are used */
8754359Sroberto#define EAP_TLS_KEY_LEN 64
8854359Sroberto
8954359Sroberto
9054359Srobertoint eap_peer_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
9154359Sroberto			  struct eap_peer_config *config);
9254359Srobertovoid eap_peer_tls_ssl_deinit(struct eap_sm *sm, struct eap_ssl_data *data);
9354359Srobertou8 * eap_peer_tls_derive_key(struct eap_sm *sm, struct eap_ssl_data *data,
9454359Sroberto			     const char *label, size_t len);
9554359Srobertoint eap_peer_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data,
9654359Sroberto				EapType eap_type, int peap_version,
9754359Sroberto				u8 id, const u8 *in_data, size_t in_len,
9854359Sroberto				struct wpabuf **out_data);
9954359Srobertostruct wpabuf * eap_peer_tls_build_ack(u8 id, EapType eap_type,
10054359Sroberto				       int peap_version);
10154359Srobertoint eap_peer_tls_reauth_init(struct eap_sm *sm, struct eap_ssl_data *data);
10254359Srobertoint eap_peer_tls_status(struct eap_sm *sm, struct eap_ssl_data *data,
10354359Sroberto			char *buf, size_t buflen, int verbose);
10454359Srobertoconst u8 * eap_peer_tls_process_init(struct eap_sm *sm,
10554359Sroberto				     struct eap_ssl_data *data,
10654359Sroberto				     EapType eap_type,
10754359Sroberto				     struct eap_method_ret *ret,
108285612Sdelphij				     const struct wpabuf *reqData,
109285612Sdelphij				     size_t *len, u8 *flags);
11054359Srobertovoid eap_peer_tls_reset_input(struct eap_ssl_data *data);
111285612Sdelphijvoid eap_peer_tls_reset_output(struct eap_ssl_data *data);
11254359Srobertoint eap_peer_tls_decrypt(struct eap_sm *sm, struct eap_ssl_data *data,
113285612Sdelphij			 const struct wpabuf *in_data,
11454359Sroberto			 struct wpabuf **in_decrypted);
115285612Sdelphijint eap_peer_tls_encrypt(struct eap_sm *sm, struct eap_ssl_data *data,
11654359Sroberto			 EapType eap_type, int peap_version, u8 id,
11754359Sroberto			 const struct wpabuf *in_data,
11854359Sroberto			 struct wpabuf **out_data);
11954359Srobertoint eap_peer_select_phase2_methods(struct eap_peer_config *config,
12054359Sroberto				   const char *prefix,
12154359Sroberto				   struct eap_method_type **types,
12254359Sroberto				   size_t *num_types);
123285612Sdelphijint eap_peer_tls_phase2_nak(struct eap_method_type *types, size_t num_types,
12454359Sroberto			    struct eap_hdr *hdr, struct wpabuf **resp);
12554359Sroberto
12654359Sroberto#endif /* EAP_TLS_COMMON_H */
12754359Sroberto