src/eap_server/eap_tls_common.h

189251Ssam/*
214734Srpaulo * EAP-TLS/PEAP/TTLS/FAST server common functions
214734Srpaulo * Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi>
189251Ssam *
252726Srpaulo * This software may be distributed under the terms of the BSD license.
252726Srpaulo * See README for more details.
189251Ssam */
189251Ssam
189251Ssam#ifndef EAP_TLS_COMMON_H
189251Ssam#define EAP_TLS_COMMON_H
189251Ssam
214734Srpaulo/**
214734Srpaulo * struct eap_ssl_data - TLS data for EAP methods
214734Srpaulo */
189251Ssamstruct eap_ssl_data {
214734Srpaulo	/**
214734Srpaulo	 * conn - TLS connection context data from tls_connection_init()
214734Srpaulo	 */
189251Ssam	struct tls_connection *conn;
189251Ssam
214734Srpaulo	/**
214734Srpaulo	 * tls_out - TLS message to be sent out in fragments
214734Srpaulo	 */
214734Srpaulo	struct wpabuf *tls_out;
214734Srpaulo
214734Srpaulo	/**
214734Srpaulo	 * tls_out_pos - The current position in the outgoing TLS message
214734Srpaulo	 */
214734Srpaulo	size_t tls_out_pos;
214734Srpaulo
214734Srpaulo	/**
214734Srpaulo	 * tls_out_limit - Maximum fragment size for outgoing TLS messages
214734Srpaulo	 */
189251Ssam	size_t tls_out_limit;
189251Ssam
214734Srpaulo	/**
214734Srpaulo	 * tls_in - Received TLS message buffer for re-assembly
214734Srpaulo	 */
214734Srpaulo	struct wpabuf *tls_in;
214734Srpaulo
214734Srpaulo	/**
214734Srpaulo	 * phase2 - Whether this TLS connection is used in EAP phase 2 (tunnel)
214734Srpaulo	 */
189251Ssam	int phase2;
189251Ssam
214734Srpaulo	/**
214734Srpaulo	 * eap - EAP state machine allocated with eap_server_sm_init()
214734Srpaulo	 */
189251Ssam	struct eap_sm *eap;
189251Ssam
189251Ssam	enum { MSG, FRAG_ACK, WAIT_FRAG_ACK } state;
189251Ssam	struct wpabuf tmpbuf;
346981Scy
346981Scy	/**
346981Scy	 * tls_v13 - Whether TLS v1.3 or newer is used
346981Scy	 */
346981Scy	int tls_v13;
189251Ssam};
189251Ssam
189251Ssam
189251Ssam/* EAP TLS Flags */
189251Ssam#define EAP_TLS_FLAGS_LENGTH_INCLUDED 0x80
189251Ssam#define EAP_TLS_FLAGS_MORE_FRAGMENTS 0x40
189251Ssam#define EAP_TLS_FLAGS_START 0x20
351611Scy#define EAP_TEAP_FLAGS_OUTER_TLV_LEN 0x10
189251Ssam#define EAP_TLS_VERSION_MASK 0x07
189251Ssam
189251Ssam /* could be up to 128 bytes, but only the first 64 bytes are used */
189251Ssam#define EAP_TLS_KEY_LEN 64
189251Ssam
252726Srpaulo/* dummy type used as a flag for UNAUTH-TLS */
252726Srpaulo#define EAP_UNAUTH_TLS_TYPE 255
281806Srpaulo#define EAP_WFA_UNAUTH_TLS_TYPE 254
189251Ssam
252726Srpaulo
252726Srpaulostruct wpabuf * eap_tls_msg_alloc(EapType type, size_t payload_len,
252726Srpaulo				  u8 code, u8 identifier);
189251Ssamint eap_server_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
289549Srpaulo			    int verify_peer, int eap_type);
189251Ssamvoid eap_server_tls_ssl_deinit(struct eap_sm *sm, struct eap_ssl_data *data);
189251Ssamu8 * eap_server_tls_derive_key(struct eap_sm *sm, struct eap_ssl_data *data,
346981Scy			       const char *label, const u8 *context,
346981Scy			       size_t context_len, size_t len);
281806Srpaulou8 * eap_server_tls_derive_session_id(struct eap_sm *sm,
281806Srpaulo				      struct eap_ssl_data *data, u8 eap_type,
281806Srpaulo				      size_t *len);
189251Ssamstruct wpabuf * eap_server_tls_build_msg(struct eap_ssl_data *data,
189251Ssam					 int eap_type, int version, u8 id);
189251Ssamstruct wpabuf * eap_server_tls_build_ack(u8 id, int eap_type, int version);
189251Ssamint eap_server_tls_phase1(struct eap_sm *sm, struct eap_ssl_data *data);
189251Ssamstruct wpabuf * eap_server_tls_encrypt(struct eap_sm *sm,
189251Ssam				       struct eap_ssl_data *data,
214734Srpaulo				       const struct wpabuf *plain);
189251Ssamint eap_server_tls_process(struct eap_sm *sm, struct eap_ssl_data *data,
189251Ssam			   struct wpabuf *respData, void *priv, int eap_type,
189251Ssam			   int (*proc_version)(struct eap_sm *sm, void *priv,
189251Ssam					       int peer_version),
189251Ssam			   void (*proc_msg)(struct eap_sm *sm, void *priv,
189251Ssam					    const struct wpabuf *respData));
189251Ssam
189251Ssam#endif /* EAP_TLS_COMMON_H */