[thirdparty/hostap.git] / src / eap_peer / eap_tls_common.h

/*
 * EAP peer: EAP-TLS/PEAP/TTLS/FAST common functions
 * Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 *
 * Alternatively, this software may be distributed under the terms of BSD
 * license.
 *
 * See README and COPYING for more details.
 */

#ifndef EAP_TLS_COMMON_H
#define EAP_TLS_COMMON_H

/**
 * struct eap_ssl_data - TLS data for EAP methods
 */
struct eap_ssl_data {
	/**
	 * conn - TLS connection context data from tls_connection_init()
	 */
	struct tls_connection *conn;

	/**
	 * tls_out - TLS message to be sent out in fragments
	 */
	struct wpabuf *tls_out;

	/**
	 * tls_out_pos - The current position in the outgoing TLS message
	 */
	size_t tls_out_pos;

	/**
	 * tls_out_limit - Maximum fragment size for outgoing TLS messages
	 */
	size_t tls_out_limit;

	/**
	 * tls_in - Received TLS message buffer for re-assembly
	 */
	struct wpabuf *tls_in;

	/**
	 * tls_in_left - Number of remaining bytes in the incoming TLS message
	 */
	size_t tls_in_left;

	/**
	 * tls_in_total - Total number of bytes in the incoming TLS message
	 */
	size_t tls_in_total;

	/**
	 * phase2 - Whether this TLS connection is used in EAP phase 2 (tunnel)
	 */
	int phase2;

	/**
	 * include_tls_length - Whether the TLS length field is included even
	 * if the TLS data is not fragmented
	 */
	int include_tls_length;

	/**
	 * tls_ia - Whether TLS/IA is enabled for this TLS connection
	 */
	int tls_ia;

	/**
	 * eap - Pointer to EAP state machine allocated with eap_peer_sm_init()
	 */
	struct eap_sm *eap;
};


/* EAP TLS Flags */
#define EAP_TLS_FLAGS_LENGTH_INCLUDED 0x80
#define EAP_TLS_FLAGS_MORE_FRAGMENTS 0x40
#define EAP_TLS_FLAGS_START 0x20
#define EAP_PEAP_VERSION_MASK 0x07

 /* could be up to 128 bytes, but only the first 64 bytes are used */
#define EAP_TLS_KEY_LEN 64


int eap_peer_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
			  struct eap_peer_config *config);
void eap_peer_tls_ssl_deinit(struct eap_sm *sm, struct eap_ssl_data *data);
u8 * eap_peer_tls_derive_key(struct eap_sm *sm, struct eap_ssl_data *data,
			     const char *label, size_t len);
int eap_peer_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data,
				EapType eap_type, int peap_version,
				u8 id, const u8 *in_data, size_t in_len,
				struct wpabuf **out_data);
struct wpabuf * eap_peer_tls_build_ack(u8 id, EapType eap_type,
				       int peap_version);
int eap_peer_tls_reauth_init(struct eap_sm *sm, struct eap_ssl_data *data);
int eap_peer_tls_status(struct eap_sm *sm, struct eap_ssl_data *data,
			char *buf, size_t buflen, int verbose);
const u8 * eap_peer_tls_process_init(struct eap_sm *sm,
				     struct eap_ssl_data *data,
				     EapType eap_type,
				     struct eap_method_ret *ret,
				     const struct wpabuf *reqData,
				     size_t *len, u8 *flags);
void eap_peer_tls_reset_input(struct eap_ssl_data *data);
void eap_peer_tls_reset_output(struct eap_ssl_data *data);
int eap_peer_tls_decrypt(struct eap_sm *sm, struct eap_ssl_data *data,
			 const struct wpabuf *in_data,
			 struct wpabuf **in_decrypted);
int eap_peer_tls_encrypt(struct eap_sm *sm, struct eap_ssl_data *data,
			 EapType eap_type, int peap_version, u8 id,
			 const struct wpabuf *in_data,
			 struct wpabuf **out_data);
int eap_peer_select_phase2_methods(struct eap_peer_config *config,
				   const char *prefix,
				   struct eap_method_type **types,
				   size_t *num_types);
int eap_peer_tls_phase2_nak(struct eap_method_type *types, size_t num_types,
			    struct eap_hdr *hdr, struct wpabuf **resp);

#endif /* EAP_TLS_COMMON_H */
Commit	Line	Data
6fc6879b JM	1	/*
6fc6879b JM	2	* EAP peer: EAP-TLS/PEAP/TTLS/FAST common functions
81c85c06	3	* Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi>
6fc6879b JM	4	*
	5	* This program is free software; you can redistribute it and/or modify
	6	* it under the terms of the GNU General Public License version 2 as
	7	* published by the Free Software Foundation.
	8	*
	9	* Alternatively, this software may be distributed under the terms of BSD
	10	* license.
	11	*
	12	* See README and COPYING for more details.
	13	*/
	14
	15	#ifndef EAP_TLS_COMMON_H
	16	#define EAP_TLS_COMMON_H
	17
	18	/**
	19	* struct eap_ssl_data - TLS data for EAP methods
	20	*/
	21	struct eap_ssl_data {
	22	/**
	23	* conn - TLS connection context data from tls_connection_init()
	24	*/
	25	struct tls_connection *conn;
	26
	27	/**
	28	* tls_out - TLS message to be sent out in fragments
	29	*/
81c85c06	30	struct wpabuf *tls_out;
6fc6879b JM	31
	32	/**
	33	* tls_out_pos - The current position in the outgoing TLS message
	34	*/
	35	size_t tls_out_pos;
	36
	37	/**
	38	* tls_out_limit - Maximum fragment size for outgoing TLS messages
	39	*/
	40	size_t tls_out_limit;
	41
	42	/**
	43	* tls_in - Received TLS message buffer for re-assembly
	44	*/
81c85c06	45	struct wpabuf *tls_in;
6fc6879b JM	46
	47	/**
	48	* tls_in_left - Number of remaining bytes in the incoming TLS message
	49	*/
	50	size_t tls_in_left;
	51
	52	/**
	53	* tls_in_total - Total number of bytes in the incoming TLS message
	54	*/
	55	size_t tls_in_total;
	56
	57	/**
	58	* phase2 - Whether this TLS connection is used in EAP phase 2 (tunnel)
	59	*/
	60	int phase2;
	61
	62	/**
	63	* include_tls_length - Whether the TLS length field is included even
	64	* if the TLS data is not fragmented
	65	*/
	66	int include_tls_length;
	67
	68	/**
	69	* tls_ia - Whether TLS/IA is enabled for this TLS connection
	70	*/
	71	int tls_ia;
	72
	73	/**
	74	* eap - Pointer to EAP state machine allocated with eap_peer_sm_init()
	75	*/
	76	struct eap_sm *eap;
	77	};
	78
	79
	80	/* EAP TLS Flags */
	81	#define EAP_TLS_FLAGS_LENGTH_INCLUDED 0x80
	82	#define EAP_TLS_FLAGS_MORE_FRAGMENTS 0x40
	83	#define EAP_TLS_FLAGS_START 0x20
	84	#define EAP_PEAP_VERSION_MASK 0x07
	85
	86	/* could be up to 128 bytes, but only the first 64 bytes are used */
	87	#define EAP_TLS_KEY_LEN 64
	88
	89
	90	int eap_peer_tls_ssl_init(struct eap_sm sm, struct eap_ssl_data data,
	91	struct eap_peer_config *config);
	92	void eap_peer_tls_ssl_deinit(struct eap_sm sm, struct eap_ssl_data data);
	93	u8 * eap_peer_tls_derive_key(struct eap_sm sm, struct eap_ssl_data data,
	94	const char *label, size_t len);
6fc6879b JM	95	int eap_peer_tls_process_helper(struct eap_sm sm, struct eap_ssl_data data,
	96	EapType eap_type, int peap_version,
	97	u8 id, const u8 *in_data, size_t in_len,
	98	struct wpabuf **out_data);
	99	struct wpabuf * eap_peer_tls_build_ack(u8 id, EapType eap_type,
	100	int peap_version);
	101	int eap_peer_tls_reauth_init(struct eap_sm sm, struct eap_ssl_data data);
	102	int eap_peer_tls_status(struct eap_sm sm, struct eap_ssl_data data,
	103	char *buf, size_t buflen, int verbose);
	104	const u8 * eap_peer_tls_process_init(struct eap_sm *sm,
	105	struct eap_ssl_data *data,
	106	EapType eap_type,
	107	struct eap_method_ret *ret,
	108	const struct wpabuf *reqData,
	109	size_t len, u8 flags);
	110	void eap_peer_tls_reset_input(struct eap_ssl_data *data);
	111	void eap_peer_tls_reset_output(struct eap_ssl_data *data);
	112	int eap_peer_tls_decrypt(struct eap_sm sm, struct eap_ssl_data data,
	113	const struct wpabuf *in_data,
	114	struct wpabuf **in_decrypted);
	115	int eap_peer_tls_encrypt(struct eap_sm sm, struct eap_ssl_data data,
	116	EapType eap_type, int peap_version, u8 id,
	117	const struct wpabuf *in_data,
	118	struct wpabuf **out_data);
	119	int eap_peer_select_phase2_methods(struct eap_peer_config *config,
	120	const char *prefix,
	121	struct eap_method_type **types,
	122	size_t *num_types);
	123	int eap_peer_tls_phase2_nak(struct eap_method_type *types, size_t num_types,
	124	struct eap_hdr hdr, struct wpabuf *resp);
	125
	126	#endif /* EAP_TLS_COMMON_H */