1 /* 2 * EAP peer: EAP-TLS/PEAP/TTLS/FAST common functions 3 * Copyright (c) 2004-2009, 2012, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #ifndef EAP_TLS_COMMON_H 10 #define EAP_TLS_COMMON_H 11 12 /** 13 * struct eap_ssl_data - TLS data for EAP methods 14 */ 15 struct eap_ssl_data { 16 /** 17 * conn - TLS connection context data from tls_connection_init() 18 */ 19 struct tls_connection *conn; 20 21 /** 22 * tls_out - TLS message to be sent out in fragments 23 */ 24 struct wpabuf *tls_out; 25 26 /** 27 * tls_out_pos - The current position in the outgoing TLS message 28 */ 29 size_t tls_out_pos; 30 31 /** 32 * tls_out_limit - Maximum fragment size for outgoing TLS messages 33 */ 34 size_t tls_out_limit; 35 36 /** 37 * tls_in - Received TLS message buffer for re-assembly 38 */ 39 struct wpabuf *tls_in; 40 41 /** 42 * tls_in_left - Number of remaining bytes in the incoming TLS message 43 */ 44 size_t tls_in_left; 45 46 /** 47 * tls_in_total - Total number of bytes in the incoming TLS message 48 */ 49 size_t tls_in_total; 50 51 /** 52 * phase2 - Whether this TLS connection is used in EAP phase 2 (tunnel) 53 */ 54 int phase2; 55 56 /** 57 * include_tls_length - Whether the TLS length field is included even 58 * if the TLS data is not fragmented 59 */ 60 int include_tls_length; 61 62 /** 63 * eap - EAP state machine allocated with eap_peer_sm_init() 64 */ 65 struct eap_sm *eap; 66 67 /** 68 * ssl_ctx - TLS library context to use for the connection 69 */ 70 void *ssl_ctx; 71 72 /** 73 * eap_type - EAP method used in Phase 1 (EAP_TYPE_TLS/PEAP/TTLS/FAST) 74 */ 75 u8 eap_type; 76 }; 77 78 79 /* EAP TLS Flags */ 80 #define EAP_TLS_FLAGS_LENGTH_INCLUDED 0x80 81 #define EAP_TLS_FLAGS_MORE_FRAGMENTS 0x40 82 #define EAP_TLS_FLAGS_START 0x20 83 #define EAP_TLS_VERSION_MASK 0x07 84 85 /* could be up to 128 bytes, but only the first 64 bytes are used */ 86 #define EAP_TLS_KEY_LEN 64 87 88 /* dummy type used as a flag for UNAUTH-TLS */ 89 #define EAP_UNAUTH_TLS_TYPE 255 90 #define EAP_WFA_UNAUTH_TLS_TYPE 254 91 92 93 int eap_peer_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data, 94 struct eap_peer_config *config, u8 eap_type); 95 void eap_peer_tls_ssl_deinit(struct eap_sm *sm, struct eap_ssl_data *data); 96 u8 * eap_peer_tls_derive_key(struct eap_sm *sm, struct eap_ssl_data *data, 97 const char *label, size_t len); 98 u8 * eap_peer_tls_derive_session_id(struct eap_sm *sm, 99 struct eap_ssl_data *data, u8 eap_type, 100 size_t *len); 101 int eap_peer_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data, 102 EapType eap_type, int peap_version, 103 u8 id, const struct wpabuf *in_data, 104 struct wpabuf **out_data); 105 struct wpabuf * eap_peer_tls_build_ack(u8 id, EapType eap_type, 106 int peap_version); 107 int eap_peer_tls_reauth_init(struct eap_sm *sm, struct eap_ssl_data *data); 108 int eap_peer_tls_status(struct eap_sm *sm, struct eap_ssl_data *data, 109 char *buf, size_t buflen, int verbose); 110 const u8 * eap_peer_tls_process_init(struct eap_sm *sm, 111 struct eap_ssl_data *data, 112 EapType eap_type, 113 struct eap_method_ret *ret, 114 const struct wpabuf *reqData, 115 size_t *len, u8 *flags); 116 void eap_peer_tls_reset_input(struct eap_ssl_data *data); 117 void eap_peer_tls_reset_output(struct eap_ssl_data *data); 118 int eap_peer_tls_decrypt(struct eap_sm *sm, struct eap_ssl_data *data, 119 const struct wpabuf *in_data, 120 struct wpabuf **in_decrypted); 121 int eap_peer_tls_encrypt(struct eap_sm *sm, struct eap_ssl_data *data, 122 EapType eap_type, int peap_version, u8 id, 123 const struct wpabuf *in_data, 124 struct wpabuf **out_data); 125 int eap_peer_select_phase2_methods(struct eap_peer_config *config, 126 const char *prefix, 127 struct eap_method_type **types, 128 size_t *num_types); 129 int eap_peer_tls_phase2_nak(struct eap_method_type *types, size_t num_types, 130 struct eap_hdr *hdr, struct wpabuf **resp); 131 132 #endif /* EAP_TLS_COMMON_H */ 133