src/eap_server/eap_tls_common.h

   1 /*
   2  * EAP-TLS/PEAP/TTLS/FAST server common functions
   3  * Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi>
   4  *
   5  * This software may be distributed under the terms of the BSD license.
   6  * See README for more details.
   7  */
   8
   9 #ifndef EAP_TLS_COMMON_H
  10 #define EAP_TLS_COMMON_H
  11
  12 /**
  13  * struct eap_ssl_data - TLS data for EAP methods
  14  */
  15 struct eap_ssl_data {
  16         /**
  17          * conn - TLS connection context data from tls_connection_init()
  18          */
  19         struct tls_connection *conn;
  20
  21         /**
  22          * tls_out - TLS message to be sent out in fragments
  23          */
  24         struct wpabuf *tls_out;
  25
  26         /**
  27          * tls_out_pos - The current position in the outgoing TLS message
  28          */
  29         size_t tls_out_pos;
  30
  31         /**
  32          * tls_out_limit - Maximum fragment size for outgoing TLS messages
  33          */
  34         size_t tls_out_limit;
  35
  36         /**
  37          * tls_in - Received TLS message buffer for re-assembly
  38          */
  39         struct wpabuf *tls_in;
  40
  41         /**
  42          * phase2 - Whether this TLS connection is used in EAP phase 2 (tunnel)
  43          */
  44         int phase2;
  45
  46         /**
  47          * eap - EAP state machine allocated with eap_server_sm_init()
  48          */
  49         struct eap_sm *eap;
  50
  51         enum { MSG, FRAG_ACK, WAIT_FRAG_ACK } state;
  52         struct wpabuf tmpbuf;
  53
  54         /**
  55          * tls_v13 - Whether TLS v1.3 or newer is used
  56          */
  57         int tls_v13;
  58 };
  59
  60
  61 /* EAP TLS Flags */
  62 #define EAP_TLS_FLAGS_LENGTH_INCLUDED 0x80
  63 #define EAP_TLS_FLAGS_MORE_FRAGMENTS 0x40
  64 #define EAP_TLS_FLAGS_START 0x20
  65 #define EAP_TLS_VERSION_MASK 0x07
  66
  67  /* could be up to 128 bytes, but only the first 64 bytes are used */
  68 #define EAP_TLS_KEY_LEN 64
  69
  70 /* dummy type used as a flag for UNAUTH-TLS */
  71 #define EAP_UNAUTH_TLS_TYPE 255
  72 #define EAP_WFA_UNAUTH_TLS_TYPE 254
  73
  74
  75 struct wpabuf * eap_tls_msg_alloc(EapType type, size_t payload_len,
  76                                   u8 code, u8 identifier);
  77 int eap_server_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
  78                             int verify_peer, int eap_type);
  79 void eap_server_tls_ssl_deinit(struct eap_sm *sm, struct eap_ssl_data *data);
  80 u8 * eap_server_tls_derive_key(struct eap_sm *sm, struct eap_ssl_data *data,
  81                                const char *label, size_t len);
  82 u8 * eap_server_tls_derive_session_id(struct eap_sm *sm,
  83                                       struct eap_ssl_data *data, u8 eap_type,
  84                                       size_t *len);
  85 struct wpabuf * eap_server_tls_build_msg(struct eap_ssl_data *data,
  86                                          int eap_type, int version, u8 id);
  87 struct wpabuf * eap_server_tls_build_ack(u8 id, int eap_type, int version);
  88 int eap_server_tls_phase1(struct eap_sm *sm, struct eap_ssl_data *data);
  89 struct wpabuf * eap_server_tls_encrypt(struct eap_sm *sm,
  90                                        struct eap_ssl_data *data,
  91                                        const struct wpabuf *plain);
  92 int eap_server_tls_process(struct eap_sm *sm, struct eap_ssl_data *data,
  93                            struct wpabuf *respData, void *priv, int eap_type,
  94                            int (*proc_version)(struct eap_sm *sm, void *priv,
  95                                                int peer_version),
  96                            void (*proc_msg)(struct eap_sm *sm, void *priv,
  97                                             const struct wpabuf *respData));
  98
  99 #endif /* EAP_TLS_COMMON_H */