src/libtls/tls_eap.h

   1 /*
   2  * Copyright (C) 2010 Martin Willi
   3  * Copyright (C) 2010 revosec AG
   4  *
   5  * This program is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License as published by the
   7  * Free Software Foundation; either version 2 of the License, or (at your
   8  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
   9  *
  10  * This program is distributed in the hope that it will be useful, but
  11  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  12  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  13  * for more details.
  14  */
  15
  16 /**
  17  * @defgroup tls_eap tls_eap
  18  * @{ @ingroup libtls
  19  */
  20
  21 #ifndef TLS_EAP_H_
  22 #define TLS_EAP_H_
  23
  24 typedef struct tls_eap_t tls_eap_t;
  25
  26 #include <eap/eap.h>
  27
  28 #include "tls.h"
  29
  30 /**
  31  * TLS over EAP helper, as used by EAP-TLS and EAP-TTLS.
  32  */
  33 struct tls_eap_t {
  34
  35         /**
  36          * Initiate TLS/TTLS/TNC over EAP exchange (as client).
  37          *
  38          * @param out                   allocated EAP packet data to send
  39          * @return
  40          *                                              - NEED_MORE if more exchanges required
  41          *                                              - FAILED if initiation failed
  42          */
  43         status_t (*initiate)(tls_eap_t *this, chunk_t *out);
  44
  45         /**
  46          * Process a received EAP-TLS/TTLS/TNC packet, create response.
  47          *
  48          * @param in                    EAP packet data to process
  49          * @param out                   allocated EAP packet data to send
  50          * @return
  51          *                                              - SUCCESS if TLS negotiation completed
  52          *                                              - FAILED if TLS negotiation failed
  53          *                                              - NEED_MORE if more exchanges required
  54          */
  55         status_t (*process)(tls_eap_t *this, chunk_t in, chunk_t *out);
  56
  57         /**
  58          * Get the EAP-MSK.
  59          *
  60          * @return                              MSK
  61          */
  62         chunk_t (*get_msk)(tls_eap_t *this);
  63
  64         /**
  65          * Get the current EAP identifier.
  66          *
  67          * @return                              identifier
  68          */
  69         uint8_t (*get_identifier)(tls_eap_t *this);
  70
  71         /**
  72          * Set the EAP identifier to a deterministic value, overwriting
  73          * the randomly initialized default value.
  74          *
  75          * @param identifier    EAP identifier
  76          */
  77         void (*set_identifier) (tls_eap_t *this, uint8_t identifier);
  78
  79         /**
  80          * Get the authentication details after completing the handshake.
  81          *
  82          * @return                              authentication details, internal data
  83          */
  84         auth_cfg_t* (*get_auth)(tls_eap_t *this);
  85
  86         /**
  87          * Destroy a tls_eap_t.
  88          */
  89         void (*destroy)(tls_eap_t *this);
  90 };
  91
  92 /**
  93  * Create a tls_eap instance.
  94  *
  95  * @param type                          EAP type, EAP-TLS or EAP-TTLS
  96  * @param tls                           TLS implementation
  97  * @param frag_size                     maximum size of a TLS fragment we send
  98  * @param max_msg_count         maximum number of processed messages
  99  * @param include_length        if TRUE include length in non-fragmented packets
 100  */
 101 tls_eap_t *tls_eap_create(eap_type_t type, tls_t *tls, size_t frag_size,
 102                                                   int max_msg_count, bool include_length);
 103
 104 #endif /** TLS_EAP_H_ @}*/