1189251Ssam/* 2214734Srpaulo * EAP-TLS/PEAP/TTLS/FAST server common functions 3214734Srpaulo * Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi> 4189251Ssam * 5252726Srpaulo * This software may be distributed under the terms of the BSD license. 6252726Srpaulo * See README for more details. 7189251Ssam */ 8189251Ssam 9189251Ssam#ifndef EAP_TLS_COMMON_H 10189251Ssam#define EAP_TLS_COMMON_H 11189251Ssam 12214734Srpaulo/** 13214734Srpaulo * struct eap_ssl_data - TLS data for EAP methods 14214734Srpaulo */ 15189251Ssamstruct eap_ssl_data { 16214734Srpaulo /** 17214734Srpaulo * conn - TLS connection context data from tls_connection_init() 18214734Srpaulo */ 19189251Ssam struct tls_connection *conn; 20189251Ssam 21214734Srpaulo /** 22214734Srpaulo * tls_out - TLS message to be sent out in fragments 23214734Srpaulo */ 24214734Srpaulo struct wpabuf *tls_out; 25214734Srpaulo 26214734Srpaulo /** 27214734Srpaulo * tls_out_pos - The current position in the outgoing TLS message 28214734Srpaulo */ 29214734Srpaulo size_t tls_out_pos; 30214734Srpaulo 31214734Srpaulo /** 32214734Srpaulo * tls_out_limit - Maximum fragment size for outgoing TLS messages 33214734Srpaulo */ 34189251Ssam size_t tls_out_limit; 35189251Ssam 36214734Srpaulo /** 37214734Srpaulo * tls_in - Received TLS message buffer for re-assembly 38214734Srpaulo */ 39214734Srpaulo struct wpabuf *tls_in; 40214734Srpaulo 41214734Srpaulo /** 42214734Srpaulo * phase2 - Whether this TLS connection is used in EAP phase 2 (tunnel) 43214734Srpaulo */ 44189251Ssam int phase2; 45189251Ssam 46214734Srpaulo /** 47214734Srpaulo * eap - EAP state machine allocated with eap_server_sm_init() 48214734Srpaulo */ 49189251Ssam struct eap_sm *eap; 50189251Ssam 51189251Ssam enum { MSG, FRAG_ACK, WAIT_FRAG_ACK } state; 52189251Ssam struct wpabuf tmpbuf; 53346981Scy 54346981Scy /** 55346981Scy * tls_v13 - Whether TLS v1.3 or newer is used 56346981Scy */ 57346981Scy int tls_v13; 58189251Ssam}; 59189251Ssam 60189251Ssam 61189251Ssam/* EAP TLS Flags */ 62189251Ssam#define EAP_TLS_FLAGS_LENGTH_INCLUDED 0x80 63189251Ssam#define EAP_TLS_FLAGS_MORE_FRAGMENTS 0x40 64189251Ssam#define EAP_TLS_FLAGS_START 0x20 65351611Scy#define EAP_TEAP_FLAGS_OUTER_TLV_LEN 0x10 66189251Ssam#define EAP_TLS_VERSION_MASK 0x07 67189251Ssam 68189251Ssam /* could be up to 128 bytes, but only the first 64 bytes are used */ 69189251Ssam#define EAP_TLS_KEY_LEN 64 70189251Ssam 71252726Srpaulo/* dummy type used as a flag for UNAUTH-TLS */ 72252726Srpaulo#define EAP_UNAUTH_TLS_TYPE 255 73281806Srpaulo#define EAP_WFA_UNAUTH_TLS_TYPE 254 74189251Ssam 75252726Srpaulo 76252726Srpaulostruct wpabuf * eap_tls_msg_alloc(EapType type, size_t payload_len, 77252726Srpaulo u8 code, u8 identifier); 78189251Ssamint eap_server_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data, 79289549Srpaulo int verify_peer, int eap_type); 80189251Ssamvoid eap_server_tls_ssl_deinit(struct eap_sm *sm, struct eap_ssl_data *data); 81189251Ssamu8 * eap_server_tls_derive_key(struct eap_sm *sm, struct eap_ssl_data *data, 82346981Scy const char *label, const u8 *context, 83346981Scy size_t context_len, size_t len); 84281806Srpaulou8 * eap_server_tls_derive_session_id(struct eap_sm *sm, 85281806Srpaulo struct eap_ssl_data *data, u8 eap_type, 86281806Srpaulo size_t *len); 87189251Ssamstruct wpabuf * eap_server_tls_build_msg(struct eap_ssl_data *data, 88189251Ssam int eap_type, int version, u8 id); 89189251Ssamstruct wpabuf * eap_server_tls_build_ack(u8 id, int eap_type, int version); 90189251Ssamint eap_server_tls_phase1(struct eap_sm *sm, struct eap_ssl_data *data); 91189251Ssamstruct wpabuf * eap_server_tls_encrypt(struct eap_sm *sm, 92189251Ssam struct eap_ssl_data *data, 93214734Srpaulo const struct wpabuf *plain); 94189251Ssamint eap_server_tls_process(struct eap_sm *sm, struct eap_ssl_data *data, 95189251Ssam struct wpabuf *respData, void *priv, int eap_type, 96189251Ssam int (*proc_version)(struct eap_sm *sm, void *priv, 97189251Ssam int peer_version), 98189251Ssam void (*proc_msg)(struct eap_sm *sm, void *priv, 99189251Ssam const struct wpabuf *respData)); 100189251Ssam 101189251Ssam#endif /* EAP_TLS_COMMON_H */ 102