]>
Commit | Line | Data |
---|---|---|
6fc6879b JM |
1 | /* |
2 | * EAP peer: EAP-TLS/PEAP/TTLS/FAST common functions | |
81c85c06 | 3 | * Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi> |
6fc6879b JM |
4 | * |
5 | * This program is free software; you can redistribute it and/or modify | |
6 | * it under the terms of the GNU General Public License version 2 as | |
7 | * published by the Free Software Foundation. | |
8 | * | |
9 | * Alternatively, this software may be distributed under the terms of BSD | |
10 | * license. | |
11 | * | |
12 | * See README and COPYING for more details. | |
13 | */ | |
14 | ||
15 | #ifndef EAP_TLS_COMMON_H | |
16 | #define EAP_TLS_COMMON_H | |
17 | ||
18 | /** | |
19 | * struct eap_ssl_data - TLS data for EAP methods | |
20 | */ | |
21 | struct eap_ssl_data { | |
22 | /** | |
23 | * conn - TLS connection context data from tls_connection_init() | |
24 | */ | |
25 | struct tls_connection *conn; | |
26 | ||
27 | /** | |
28 | * tls_out - TLS message to be sent out in fragments | |
29 | */ | |
81c85c06 | 30 | struct wpabuf *tls_out; |
6fc6879b JM |
31 | |
32 | /** | |
33 | * tls_out_pos - The current position in the outgoing TLS message | |
34 | */ | |
35 | size_t tls_out_pos; | |
36 | ||
37 | /** | |
38 | * tls_out_limit - Maximum fragment size for outgoing TLS messages | |
39 | */ | |
40 | size_t tls_out_limit; | |
41 | ||
42 | /** | |
43 | * tls_in - Received TLS message buffer for re-assembly | |
44 | */ | |
81c85c06 | 45 | struct wpabuf *tls_in; |
6fc6879b JM |
46 | |
47 | /** | |
48 | * tls_in_left - Number of remaining bytes in the incoming TLS message | |
49 | */ | |
50 | size_t tls_in_left; | |
51 | ||
52 | /** | |
53 | * tls_in_total - Total number of bytes in the incoming TLS message | |
54 | */ | |
55 | size_t tls_in_total; | |
56 | ||
57 | /** | |
58 | * phase2 - Whether this TLS connection is used in EAP phase 2 (tunnel) | |
59 | */ | |
60 | int phase2; | |
61 | ||
62 | /** | |
63 | * include_tls_length - Whether the TLS length field is included even | |
64 | * if the TLS data is not fragmented | |
65 | */ | |
66 | int include_tls_length; | |
67 | ||
68 | /** | |
69 | * tls_ia - Whether TLS/IA is enabled for this TLS connection | |
70 | */ | |
71 | int tls_ia; | |
72 | ||
73 | /** | |
74 | * eap - Pointer to EAP state machine allocated with eap_peer_sm_init() | |
75 | */ | |
76 | struct eap_sm *eap; | |
77 | }; | |
78 | ||
79 | ||
80 | /* EAP TLS Flags */ | |
81 | #define EAP_TLS_FLAGS_LENGTH_INCLUDED 0x80 | |
82 | #define EAP_TLS_FLAGS_MORE_FRAGMENTS 0x40 | |
83 | #define EAP_TLS_FLAGS_START 0x20 | |
84 | #define EAP_PEAP_VERSION_MASK 0x07 | |
85 | ||
86 | /* could be up to 128 bytes, but only the first 64 bytes are used */ | |
87 | #define EAP_TLS_KEY_LEN 64 | |
88 | ||
89 | ||
90 | int eap_peer_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data, | |
91 | struct eap_peer_config *config); | |
92 | void eap_peer_tls_ssl_deinit(struct eap_sm *sm, struct eap_ssl_data *data); | |
93 | u8 * eap_peer_tls_derive_key(struct eap_sm *sm, struct eap_ssl_data *data, | |
94 | const char *label, size_t len); | |
6fc6879b JM |
95 | int eap_peer_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data, |
96 | EapType eap_type, int peap_version, | |
97 | u8 id, const u8 *in_data, size_t in_len, | |
98 | struct wpabuf **out_data); | |
99 | struct wpabuf * eap_peer_tls_build_ack(u8 id, EapType eap_type, | |
100 | int peap_version); | |
101 | int eap_peer_tls_reauth_init(struct eap_sm *sm, struct eap_ssl_data *data); | |
102 | int eap_peer_tls_status(struct eap_sm *sm, struct eap_ssl_data *data, | |
103 | char *buf, size_t buflen, int verbose); | |
104 | const u8 * eap_peer_tls_process_init(struct eap_sm *sm, | |
105 | struct eap_ssl_data *data, | |
106 | EapType eap_type, | |
107 | struct eap_method_ret *ret, | |
108 | const struct wpabuf *reqData, | |
109 | size_t *len, u8 *flags); | |
110 | void eap_peer_tls_reset_input(struct eap_ssl_data *data); | |
111 | void eap_peer_tls_reset_output(struct eap_ssl_data *data); | |
112 | int eap_peer_tls_decrypt(struct eap_sm *sm, struct eap_ssl_data *data, | |
113 | const struct wpabuf *in_data, | |
114 | struct wpabuf **in_decrypted); | |
115 | int eap_peer_tls_encrypt(struct eap_sm *sm, struct eap_ssl_data *data, | |
116 | EapType eap_type, int peap_version, u8 id, | |
117 | const struct wpabuf *in_data, | |
118 | struct wpabuf **out_data); | |
119 | int eap_peer_select_phase2_methods(struct eap_peer_config *config, | |
120 | const char *prefix, | |
121 | struct eap_method_type **types, | |
122 | size_t *num_types); | |
123 | int eap_peer_tls_phase2_nak(struct eap_method_type *types, size_t num_types, | |
124 | struct eap_hdr *hdr, struct wpabuf **resp); | |
125 | ||
126 | #endif /* EAP_TLS_COMMON_H */ |