1 /* 2 * EAP peer: EAP-TLS/PEAP/TTLS/FAST common functions 3 * Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 * 9 * Alternatively, this software may be distributed under the terms of BSD 10 * license. 11 * 12 * See README and COPYING for more details. 13 */ 14 15 #ifndef EAP_TLS_COMMON_H 16 #define EAP_TLS_COMMON_H 17 18 /** 19 * struct eap_ssl_data - TLS data for EAP methods 20 */ 21 struct eap_ssl_data { 22 /** 23 * conn - TLS connection context data from tls_connection_init() 24 */ 25 struct tls_connection *conn; 26 27 /** 28 * tls_out - TLS message to be sent out in fragments 29 */ 30 struct wpabuf *tls_out; 31 32 /** 33 * tls_out_pos - The current position in the outgoing TLS message 34 */ 35 size_t tls_out_pos; 36 37 /** 38 * tls_out_limit - Maximum fragment size for outgoing TLS messages 39 */ 40 size_t tls_out_limit; 41 42 /** 43 * tls_in - Received TLS message buffer for re-assembly 44 */ 45 struct wpabuf *tls_in; 46 47 /** 48 * tls_in_left - Number of remaining bytes in the incoming TLS message 49 */ 50 size_t tls_in_left; 51 52 /** 53 * tls_in_total - Total number of bytes in the incoming TLS message 54 */ 55 size_t tls_in_total; 56 57 /** 58 * phase2 - Whether this TLS connection is used in EAP phase 2 (tunnel) 59 */ 60 int phase2; 61 62 /** 63 * include_tls_length - Whether the TLS length field is included even 64 * if the TLS data is not fragmented 65 */ 66 int include_tls_length; 67 68 /** 69 * tls_ia - Whether TLS/IA is enabled for this TLS connection 70 */ 71 int tls_ia; 72 73 /** 74 * eap - EAP state machine allocated with eap_peer_sm_init() 75 */ 76 struct eap_sm *eap; 77 }; 78 79 80 /* EAP TLS Flags */ 81 #define EAP_TLS_FLAGS_LENGTH_INCLUDED 0x80 82 #define EAP_TLS_FLAGS_MORE_FRAGMENTS 0x40 83 #define EAP_TLS_FLAGS_START 0x20 84 #define EAP_TLS_VERSION_MASK 0x07 85 86 /* could be up to 128 bytes, but only the first 64 bytes are used */ 87 #define EAP_TLS_KEY_LEN 64 88 89 90 int eap_peer_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data, 91 struct eap_peer_config *config); 92 void eap_peer_tls_ssl_deinit(struct eap_sm *sm, struct eap_ssl_data *data); 93 u8 * eap_peer_tls_derive_key(struct eap_sm *sm, struct eap_ssl_data *data, 94 const char *label, size_t len); 95 int eap_peer_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data, 96 EapType eap_type, int peap_version, 97 u8 id, const u8 *in_data, size_t in_len, 98 struct wpabuf **out_data); 99 struct wpabuf * eap_peer_tls_build_ack(u8 id, EapType eap_type, 100 int peap_version); 101 int eap_peer_tls_reauth_init(struct eap_sm *sm, struct eap_ssl_data *data); 102 int eap_peer_tls_status(struct eap_sm *sm, struct eap_ssl_data *data, 103 char *buf, size_t buflen, int verbose); 104 const u8 * eap_peer_tls_process_init(struct eap_sm *sm, 105 struct eap_ssl_data *data, 106 EapType eap_type, 107 struct eap_method_ret *ret, 108 const struct wpabuf *reqData, 109 size_t *len, u8 *flags); 110 void eap_peer_tls_reset_input(struct eap_ssl_data *data); 111 void eap_peer_tls_reset_output(struct eap_ssl_data *data); 112 int eap_peer_tls_decrypt(struct eap_sm *sm, struct eap_ssl_data *data, 113 const struct wpabuf *in_data, 114 struct wpabuf **in_decrypted); 115 int eap_peer_tls_encrypt(struct eap_sm *sm, struct eap_ssl_data *data, 116 EapType eap_type, int peap_version, u8 id, 117 const struct wpabuf *in_data, 118 struct wpabuf **out_data); 119 int eap_peer_select_phase2_methods(struct eap_peer_config *config, 120 const char *prefix, 121 struct eap_method_type **types, 122 size_t *num_types); 123 int eap_peer_tls_phase2_nak(struct eap_method_type *types, size_t num_types, 124 struct eap_hdr *hdr, struct wpabuf **resp); 125 126 #endif /* EAP_TLS_COMMON_H */ 127