1526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt/*
2526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt * hostapd / EAP-TLS/PEAP/TTLS/FAST common functions
3526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
4526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt *
5526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt * This program is free software; you can redistribute it and/or modify
6526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt * it under the terms of the GNU General Public License version 2 as
7526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt * published by the Free Software Foundation.
8526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt *
9526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt * Alternatively, this software may be distributed under the terms of BSD
10526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt * license.
11526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt *
12526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt * See README and COPYING for more details.
13526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt */
14526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt
15526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#ifndef EAP_TLS_COMMON_H
16526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define EAP_TLS_COMMON_H
17526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt
18526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidtstruct eap_ssl_data {
19526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt	struct tls_connection *conn;
20526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt
21526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt	size_t tls_out_limit;
22526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt
23526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt	int phase2;
24526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt
25526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt	struct eap_sm *eap;
26526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt
27526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt	enum { MSG, FRAG_ACK, WAIT_FRAG_ACK } state;
28526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt	struct wpabuf *in_buf;
29526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt	struct wpabuf *out_buf;
30526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt	size_t out_used;
31526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt	struct wpabuf tmpbuf;
32526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt};
33526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt
34526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt
35526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt/* EAP TLS Flags */
36526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define EAP_TLS_FLAGS_LENGTH_INCLUDED 0x80
37526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define EAP_TLS_FLAGS_MORE_FRAGMENTS 0x40
38526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define EAP_TLS_FLAGS_START 0x20
39526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define EAP_TLS_VERSION_MASK 0x07
40526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt
41526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt /* could be up to 128 bytes, but only the first 64 bytes are used */
42526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define EAP_TLS_KEY_LEN 64
43526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt
44526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt
45526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidtint eap_server_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
46526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt			    int verify_peer);
47526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidtvoid eap_server_tls_ssl_deinit(struct eap_sm *sm, struct eap_ssl_data *data);
48526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidtu8 * eap_server_tls_derive_key(struct eap_sm *sm, struct eap_ssl_data *data,
49526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt			       char *label, size_t len);
50526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidtstruct wpabuf * eap_server_tls_build_msg(struct eap_ssl_data *data,
51526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt					 int eap_type, int version, u8 id);
52526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidtstruct wpabuf * eap_server_tls_build_ack(u8 id, int eap_type, int version);
53526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidtint eap_server_tls_phase1(struct eap_sm *sm, struct eap_ssl_data *data);
54526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidtstruct wpabuf * eap_server_tls_encrypt(struct eap_sm *sm,
55526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt				       struct eap_ssl_data *data,
56526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt				       const u8 *plain, size_t plain_len);
57526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidtint eap_server_tls_process(struct eap_sm *sm, struct eap_ssl_data *data,
58526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt			   struct wpabuf *respData, void *priv, int eap_type,
59526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt			   int (*proc_version)(struct eap_sm *sm, void *priv,
60526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt					       int peer_version),
61526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt			   void (*proc_msg)(struct eap_sm *sm, void *priv,
62526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt					    const struct wpabuf *respData));
63526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt
64526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#endif /* EAP_TLS_COMMON_H */
65