eap_tls_common.h revision 214734
1317017Sdim/* 2317017Sdim * EAP-TLS/PEAP/TTLS/FAST server common functions 3353358Sdim * Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi> 4353358Sdim * 5353358Sdim * This program is free software; you can redistribute it and/or modify 6317017Sdim * it under the terms of the GNU General Public License version 2 as 7317017Sdim * published by the Free Software Foundation. 8317017Sdim * 9317017Sdim * Alternatively, this software may be distributed under the terms of BSD 10317017Sdim * license. 11317017Sdim * 12317017Sdim * See README and COPYING for more details. 13317017Sdim */ 14317017Sdim 15317017Sdim#ifndef EAP_TLS_COMMON_H 16317017Sdim#define EAP_TLS_COMMON_H 17317017Sdim 18344779Sdim/** 19344779Sdim * struct eap_ssl_data - TLS data for EAP methods 20317017Sdim */ 21344779Sdimstruct eap_ssl_data { 22344779Sdim /** 23344779Sdim * conn - TLS connection context data from tls_connection_init() 24317017Sdim */ 25344779Sdim struct tls_connection *conn; 26317017Sdim 27317017Sdim /** 28317017Sdim * tls_out - TLS message to be sent out in fragments 29317017Sdim */ 30317017Sdim struct wpabuf *tls_out; 31317017Sdim 32321238Sdim /** 33317017Sdim * tls_out_pos - The current position in the outgoing TLS message 34317017Sdim */ 35317017Sdim size_t tls_out_pos; 36317017Sdim 37317017Sdim /** 38317017Sdim * tls_out_limit - Maximum fragment size for outgoing TLS messages 39317017Sdim */ 40317017Sdim size_t tls_out_limit; 41 42 /** 43 * tls_in - Received TLS message buffer for re-assembly 44 */ 45 struct wpabuf *tls_in; 46 47 /** 48 * phase2 - Whether this TLS connection is used in EAP phase 2 (tunnel) 49 */ 50 int phase2; 51 52 /** 53 * eap - EAP state machine allocated with eap_server_sm_init() 54 */ 55 struct eap_sm *eap; 56 57 enum { MSG, FRAG_ACK, WAIT_FRAG_ACK } state; 58 struct wpabuf tmpbuf; 59}; 60 61 62/* EAP TLS Flags */ 63#define EAP_TLS_FLAGS_LENGTH_INCLUDED 0x80 64#define EAP_TLS_FLAGS_MORE_FRAGMENTS 0x40 65#define EAP_TLS_FLAGS_START 0x20 66#define EAP_TLS_VERSION_MASK 0x07 67 68 /* could be up to 128 bytes, but only the first 64 bytes are used */ 69#define EAP_TLS_KEY_LEN 64 70 71 72int eap_server_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data, 73 int verify_peer); 74void eap_server_tls_ssl_deinit(struct eap_sm *sm, struct eap_ssl_data *data); 75u8 * eap_server_tls_derive_key(struct eap_sm *sm, struct eap_ssl_data *data, 76 char *label, size_t len); 77struct wpabuf * eap_server_tls_build_msg(struct eap_ssl_data *data, 78 int eap_type, int version, u8 id); 79struct wpabuf * eap_server_tls_build_ack(u8 id, int eap_type, int version); 80int eap_server_tls_phase1(struct eap_sm *sm, struct eap_ssl_data *data); 81struct wpabuf * eap_server_tls_encrypt(struct eap_sm *sm, 82 struct eap_ssl_data *data, 83 const struct wpabuf *plain); 84int eap_server_tls_process(struct eap_sm *sm, struct eap_ssl_data *data, 85 struct wpabuf *respData, void *priv, int eap_type, 86 int (*proc_version)(struct eap_sm *sm, void *priv, 87 int peer_version), 88 void (*proc_msg)(struct eap_sm *sm, void *priv, 89 const struct wpabuf *respData)); 90 91#endif /* EAP_TLS_COMMON_H */ 92