1526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt/* 2526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt * hostapd / EAP-TLS/PEAP/TTLS/FAST common functions 3526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi> 4526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt * 5526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt * This program is free software; you can redistribute it and/or modify 6526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt * it under the terms of the GNU General Public License version 2 as 7526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt * published by the Free Software Foundation. 8526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt * 9526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt * Alternatively, this software may be distributed under the terms of BSD 10526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt * license. 11526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt * 12526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt * See README and COPYING for more details. 13526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt */ 14526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt 15526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#ifndef EAP_TLS_COMMON_H 16526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define EAP_TLS_COMMON_H 17526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt 18526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidtstruct eap_ssl_data { 19526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt struct tls_connection *conn; 20526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt 21526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt size_t tls_out_limit; 22526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt 23526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt int phase2; 24526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt 25526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt struct eap_sm *eap; 26526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt 27526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt enum { MSG, FRAG_ACK, WAIT_FRAG_ACK } state; 28526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt struct wpabuf *in_buf; 29526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt struct wpabuf *out_buf; 30526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt size_t out_used; 31526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt struct wpabuf tmpbuf; 32526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt}; 33526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt 34526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt 35526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt/* EAP TLS Flags */ 36526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define EAP_TLS_FLAGS_LENGTH_INCLUDED 0x80 37526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define EAP_TLS_FLAGS_MORE_FRAGMENTS 0x40 38526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define EAP_TLS_FLAGS_START 0x20 39526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define EAP_TLS_VERSION_MASK 0x07 40526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt 41526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt /* could be up to 128 bytes, but only the first 64 bytes are used */ 42526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define EAP_TLS_KEY_LEN 64 43526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt 44526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt 45526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidtint eap_server_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data, 46526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt int verify_peer); 47526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidtvoid eap_server_tls_ssl_deinit(struct eap_sm *sm, struct eap_ssl_data *data); 48526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidtu8 * eap_server_tls_derive_key(struct eap_sm *sm, struct eap_ssl_data *data, 49526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt char *label, size_t len); 50526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidtstruct wpabuf * eap_server_tls_build_msg(struct eap_ssl_data *data, 51526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt int eap_type, int version, u8 id); 52526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidtstruct wpabuf * eap_server_tls_build_ack(u8 id, int eap_type, int version); 53526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidtint eap_server_tls_phase1(struct eap_sm *sm, struct eap_ssl_data *data); 54526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidtstruct wpabuf * eap_server_tls_encrypt(struct eap_sm *sm, 55526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt struct eap_ssl_data *data, 56526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt const u8 *plain, size_t plain_len); 57526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidtint eap_server_tls_process(struct eap_sm *sm, struct eap_ssl_data *data, 58526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt struct wpabuf *respData, void *priv, int eap_type, 59526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt int (*proc_version)(struct eap_sm *sm, void *priv, 60526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt int peer_version), 61526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt void (*proc_msg)(struct eap_sm *sm, void *priv, 62526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt const struct wpabuf *respData)); 63526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt 64526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#endif /* EAP_TLS_COMMON_H */ 65