eap_tls_common.h revision 04949598a23f501be6eec21697465fd46a28840a 
1/*
2 * EAP peer: EAP-TLS/PEAP/TTLS/FAST common functions
3 * Copyright (c) 2004-2009, 2012, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9#ifndef EAP_TLS_COMMON_H
10#define EAP_TLS_COMMON_H
11
12/**
13 * struct eap_ssl_data - TLS data for EAP methods
14 */
15struct eap_ssl_data {
16	/**
17	 * conn - TLS connection context data from tls_connection_init()
18	 */
19	struct tls_connection *conn;
20
21	/**
22	 * tls_out - TLS message to be sent out in fragments
23	 */
24	struct wpabuf *tls_out;
25
26	/**
27	 * tls_out_pos - The current position in the outgoing TLS message
28	 */
29	size_t tls_out_pos;
30
31	/**
32	 * tls_out_limit - Maximum fragment size for outgoing TLS messages
33	 */
34	size_t tls_out_limit;
35
36	/**
37	 * tls_in - Received TLS message buffer for re-assembly
38	 */
39	struct wpabuf *tls_in;
40
41	/**
42	 * tls_in_left - Number of remaining bytes in the incoming TLS message
43	 */
44	size_t tls_in_left;
45
46	/**
47	 * tls_in_total - Total number of bytes in the incoming TLS message
48	 */
49	size_t tls_in_total;
50
51	/**
52	 * phase2 - Whether this TLS connection is used in EAP phase 2 (tunnel)
53	 */
54	int phase2;
55
56	/**
57	 * include_tls_length - Whether the TLS length field is included even
58	 * if the TLS data is not fragmented
59	 */
60	int include_tls_length;
61
62	/**
63	 * eap - EAP state machine allocated with eap_peer_sm_init()
64	 */
65	struct eap_sm *eap;
66
67	/**
68	 * ssl_ctx - TLS library context to use for the connection
69	 */
70	void *ssl_ctx;
71};
72
73
74/* EAP TLS Flags */
75#define EAP_TLS_FLAGS_LENGTH_INCLUDED 0x80
76#define EAP_TLS_FLAGS_MORE_FRAGMENTS 0x40
77#define EAP_TLS_FLAGS_START 0x20
78#define EAP_TLS_VERSION_MASK 0x07
79
80 /* could be up to 128 bytes, but only the first 64 bytes are used */
81#define EAP_TLS_KEY_LEN 64
82
83
84int eap_peer_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
85			  struct eap_peer_config *config);
86void eap_peer_tls_ssl_deinit(struct eap_sm *sm, struct eap_ssl_data *data);
87u8 * eap_peer_tls_derive_key(struct eap_sm *sm, struct eap_ssl_data *data,
88			     const char *label, size_t len);
89int eap_peer_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data,
90				EapType eap_type, int peap_version,
91				u8 id, const u8 *in_data, size_t in_len,
92				struct wpabuf **out_data);
93struct wpabuf * eap_peer_tls_build_ack(u8 id, EapType eap_type,
94				       int peap_version);
95int eap_peer_tls_reauth_init(struct eap_sm *sm, struct eap_ssl_data *data);
96int eap_peer_tls_status(struct eap_sm *sm, struct eap_ssl_data *data,
97			char *buf, size_t buflen, int verbose);
98const u8 * eap_peer_tls_process_init(struct eap_sm *sm,
99				     struct eap_ssl_data *data,
100				     EapType eap_type,
101				     struct eap_method_ret *ret,
102				     const struct wpabuf *reqData,
103				     size_t *len, u8 *flags);
104void eap_peer_tls_reset_input(struct eap_ssl_data *data);
105void eap_peer_tls_reset_output(struct eap_ssl_data *data);
106int eap_peer_tls_decrypt(struct eap_sm *sm, struct eap_ssl_data *data,
107			 const struct wpabuf *in_data,
108			 struct wpabuf **in_decrypted);
109int eap_peer_tls_encrypt(struct eap_sm *sm, struct eap_ssl_data *data,
110			 EapType eap_type, int peap_version, u8 id,
111			 const struct wpabuf *in_data,
112			 struct wpabuf **out_data);
113int eap_peer_select_phase2_methods(struct eap_peer_config *config,
114				   const char *prefix,
115				   struct eap_method_type **types,
116				   size_t *num_types);
117int eap_peer_tls_phase2_nak(struct eap_method_type *types, size_t num_types,
118			    struct eap_hdr *hdr, struct wpabuf **resp);
119
120#endif /* EAP_TLS_COMMON_H */
121