eap_tls_common.h revision 289549
11590Srgrimes/* 21590Srgrimes * EAP-TLS/PEAP/TTLS/FAST server common functions 31590Srgrimes * Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi> 41590Srgrimes * 51590Srgrimes * This software may be distributed under the terms of the BSD license. 61590Srgrimes * See README for more details. 71590Srgrimes */ 81590Srgrimes 91590Srgrimes#ifndef EAP_TLS_COMMON_H 101590Srgrimes#define EAP_TLS_COMMON_H 111590Srgrimes 121590Srgrimes/** 131590Srgrimes * struct eap_ssl_data - TLS data for EAP methods 141590Srgrimes */ 151590Srgrimesstruct eap_ssl_data { 161590Srgrimes /** 171590Srgrimes * conn - TLS connection context data from tls_connection_init() 181590Srgrimes */ 191590Srgrimes struct tls_connection *conn; 201590Srgrimes 211590Srgrimes /** 221590Srgrimes * tls_out - TLS message to be sent out in fragments 231590Srgrimes */ 241590Srgrimes struct wpabuf *tls_out; 251590Srgrimes 261590Srgrimes /** 271590Srgrimes * tls_out_pos - The current position in the outgoing TLS message 281590Srgrimes */ 291590Srgrimes size_t tls_out_pos; 301590Srgrimes 311590Srgrimes /** 321590Srgrimes * tls_out_limit - Maximum fragment size for outgoing TLS messages 331590Srgrimes */ 341590Srgrimes size_t tls_out_limit; 351590Srgrimes 361590Srgrimes /** 371590Srgrimes * tls_in - Received TLS message buffer for re-assembly 381590Srgrimes */ 391590Srgrimes struct wpabuf *tls_in; 401590Srgrimes 411590Srgrimes /** 421590Srgrimes * phase2 - Whether this TLS connection is used in EAP phase 2 (tunnel) 431590Srgrimes */ 441590Srgrimes int phase2; 451590Srgrimes 461590Srgrimes /** 471590Srgrimes * eap - EAP state machine allocated with eap_server_sm_init() 481590Srgrimes */ 491590Srgrimes struct eap_sm *eap; 501590Srgrimes 511590Srgrimes enum { MSG, FRAG_ACK, WAIT_FRAG_ACK } state; 521590Srgrimes struct wpabuf tmpbuf; 531590Srgrimes}; 542513Sbde 555190Swollman 565190Swollman/* EAP TLS Flags */ 571590Srgrimes#define EAP_TLS_FLAGS_LENGTH_INCLUDED 0x80 581590Srgrimes#define EAP_TLS_FLAGS_MORE_FRAGMENTS 0x40 591590Srgrimes#define EAP_TLS_FLAGS_START 0x20 601590Srgrimes#define EAP_TLS_VERSION_MASK 0x07 611590Srgrimes 621590Srgrimes /* could be up to 128 bytes, but only the first 64 bytes are used */ 631590Srgrimes#define EAP_TLS_KEY_LEN 64 641590Srgrimes 651590Srgrimes/* dummy type used as a flag for UNAUTH-TLS */ 661590Srgrimes#define EAP_UNAUTH_TLS_TYPE 255 671590Srgrimes#define EAP_WFA_UNAUTH_TLS_TYPE 254 681590Srgrimes 691590Srgrimes 701590Srgrimesstruct wpabuf * eap_tls_msg_alloc(EapType type, size_t payload_len, 711590Srgrimes u8 code, u8 identifier); 721590Srgrimesint eap_server_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data, 731590Srgrimes int verify_peer, int eap_type); 741590Srgrimesvoid eap_server_tls_ssl_deinit(struct eap_sm *sm, struct eap_ssl_data *data); 751590Srgrimesu8 * eap_server_tls_derive_key(struct eap_sm *sm, struct eap_ssl_data *data, 761590Srgrimes char *label, size_t len); 771590Srgrimesu8 * eap_server_tls_derive_session_id(struct eap_sm *sm, 781590Srgrimes struct eap_ssl_data *data, u8 eap_type, 791590Srgrimes size_t *len); 801590Srgrimesstruct wpabuf * eap_server_tls_build_msg(struct eap_ssl_data *data, 811590Srgrimes int eap_type, int version, u8 id); 821590Srgrimesstruct wpabuf * eap_server_tls_build_ack(u8 id, int eap_type, int version); 831590Srgrimesint eap_server_tls_phase1(struct eap_sm *sm, struct eap_ssl_data *data); 841590Srgrimesstruct wpabuf * eap_server_tls_encrypt(struct eap_sm *sm, 851590Srgrimes struct eap_ssl_data *data, 861590Srgrimes const struct wpabuf *plain); 871590Srgrimesint eap_server_tls_process(struct eap_sm *sm, struct eap_ssl_data *data, 881590Srgrimes struct wpabuf *respData, void *priv, int eap_type, 891590Srgrimes int (*proc_version)(struct eap_sm *sm, void *priv, 901590Srgrimes int peer_version), 911590Srgrimes void (*proc_msg)(struct eap_sm *sm, void *priv, 921590Srgrimes const struct wpabuf *respData)); 931590Srgrimes 941590Srgrimes#endif /* EAP_TLS_COMMON_H */ 951590Srgrimes