xref: /freebsd/contrib/wpa/src/eap_server/eap_tls_common.h (revision a90b9d0159070121c221b966469c3e36d912bf82) 
139beb93cSSam Leffler /*
2e28a4053SRui Paulo  * EAP-TLS/PEAP/TTLS/FAST server common functions
3e28a4053SRui Paulo  * Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi>
439beb93cSSam Leffler  *
5f05cddf9SRui Paulo  * This software may be distributed under the terms of the BSD license.
6f05cddf9SRui Paulo  * See README for more details.
739beb93cSSam Leffler  */
839beb93cSSam Leffler 
939beb93cSSam Leffler #ifndef EAP_TLS_COMMON_H
1039beb93cSSam Leffler #define EAP_TLS_COMMON_H
1139beb93cSSam Leffler 
12e28a4053SRui Paulo /**
13e28a4053SRui Paulo  * struct eap_ssl_data - TLS data for EAP methods
14e28a4053SRui Paulo  */
1539beb93cSSam Leffler struct eap_ssl_data {
16e28a4053SRui Paulo 	/**
17e28a4053SRui Paulo 	 * conn - TLS connection context data from tls_connection_init()
18e28a4053SRui Paulo 	 */
1939beb93cSSam Leffler 	struct tls_connection *conn;
2039beb93cSSam Leffler 
21e28a4053SRui Paulo 	/**
22e28a4053SRui Paulo 	 * tls_out - TLS message to be sent out in fragments
23e28a4053SRui Paulo 	 */
24e28a4053SRui Paulo 	struct wpabuf *tls_out;
25e28a4053SRui Paulo 
26e28a4053SRui Paulo 	/**
27e28a4053SRui Paulo 	 * tls_out_pos - The current position in the outgoing TLS message
28e28a4053SRui Paulo 	 */
29e28a4053SRui Paulo 	size_t tls_out_pos;
30e28a4053SRui Paulo 
31e28a4053SRui Paulo 	/**
32e28a4053SRui Paulo 	 * tls_out_limit - Maximum fragment size for outgoing TLS messages
33e28a4053SRui Paulo 	 */
3439beb93cSSam Leffler 	size_t tls_out_limit;
3539beb93cSSam Leffler 
36e28a4053SRui Paulo 	/**
37e28a4053SRui Paulo 	 * tls_in - Received TLS message buffer for re-assembly
38e28a4053SRui Paulo 	 */
39e28a4053SRui Paulo 	struct wpabuf *tls_in;
40e28a4053SRui Paulo 
41e28a4053SRui Paulo 	/**
42e28a4053SRui Paulo 	 * phase2 - Whether this TLS connection is used in EAP phase 2 (tunnel)
43e28a4053SRui Paulo 	 */
4439beb93cSSam Leffler 	int phase2;
4539beb93cSSam Leffler 
46e28a4053SRui Paulo 	/**
47e28a4053SRui Paulo 	 * eap - EAP state machine allocated with eap_server_sm_init()
48e28a4053SRui Paulo 	 */
4939beb93cSSam Leffler 	struct eap_sm *eap;
5039beb93cSSam Leffler 
5139beb93cSSam Leffler 	enum { MSG, FRAG_ACK, WAIT_FRAG_ACK } state;
5239beb93cSSam Leffler 	struct wpabuf tmpbuf;
5385732ac8SCy Schubert 
5485732ac8SCy Schubert 	/**
5585732ac8SCy Schubert 	 * tls_v13 - Whether TLS v1.3 or newer is used
5685732ac8SCy Schubert 	 */
5785732ac8SCy Schubert 	int tls_v13;
58*a90b9d01SCy Schubert 
59*a90b9d01SCy Schubert 	bool skip_prot_success; /* testing behavior only for TLS v1.3 */
6039beb93cSSam Leffler };
6139beb93cSSam Leffler 
6239beb93cSSam Leffler 
6339beb93cSSam Leffler /* EAP TLS Flags */
6439beb93cSSam Leffler #define EAP_TLS_FLAGS_LENGTH_INCLUDED 0x80
6539beb93cSSam Leffler #define EAP_TLS_FLAGS_MORE_FRAGMENTS 0x40
6639beb93cSSam Leffler #define EAP_TLS_FLAGS_START 0x20
67206b73d0SCy Schubert #define EAP_TEAP_FLAGS_OUTER_TLV_LEN 0x10
6839beb93cSSam Leffler #define EAP_TLS_VERSION_MASK 0x07
6939beb93cSSam Leffler 
7039beb93cSSam Leffler  /* could be up to 128 bytes, but only the first 64 bytes are used */
7139beb93cSSam Leffler #define EAP_TLS_KEY_LEN 64
7239beb93cSSam Leffler 
734b72b91aSCy Schubert /* stub type used as a flag for UNAUTH-TLS */
74f05cddf9SRui Paulo #define EAP_UNAUTH_TLS_TYPE 255
755b9c547cSRui Paulo #define EAP_WFA_UNAUTH_TLS_TYPE 254
7639beb93cSSam Leffler 
77f05cddf9SRui Paulo 
78c1d255d3SCy Schubert struct wpabuf * eap_tls_msg_alloc(enum eap_type type, size_t payload_len,
79f05cddf9SRui Paulo 				  u8 code, u8 identifier);
8039beb93cSSam Leffler int eap_server_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
81325151a3SRui Paulo 			    int verify_peer, int eap_type);
8239beb93cSSam Leffler void eap_server_tls_ssl_deinit(struct eap_sm *sm, struct eap_ssl_data *data);
8339beb93cSSam Leffler u8 * eap_server_tls_derive_key(struct eap_sm *sm, struct eap_ssl_data *data,
844bc52338SCy Schubert 			       const char *label, const u8 *context,
854bc52338SCy Schubert 			       size_t context_len, size_t len);
865b9c547cSRui Paulo u8 * eap_server_tls_derive_session_id(struct eap_sm *sm,
875b9c547cSRui Paulo 				      struct eap_ssl_data *data, u8 eap_type,
885b9c547cSRui Paulo 				      size_t *len);
8939beb93cSSam Leffler struct wpabuf * eap_server_tls_build_msg(struct eap_ssl_data *data,
9039beb93cSSam Leffler 					 int eap_type, int version, u8 id);
9139beb93cSSam Leffler struct wpabuf * eap_server_tls_build_ack(u8 id, int eap_type, int version);
9239beb93cSSam Leffler int eap_server_tls_phase1(struct eap_sm *sm, struct eap_ssl_data *data);
9339beb93cSSam Leffler struct wpabuf * eap_server_tls_encrypt(struct eap_sm *sm,
9439beb93cSSam Leffler 				       struct eap_ssl_data *data,
95e28a4053SRui Paulo 				       const struct wpabuf *plain);
9639beb93cSSam Leffler int eap_server_tls_process(struct eap_sm *sm, struct eap_ssl_data *data,
9739beb93cSSam Leffler 			   struct wpabuf *respData, void *priv, int eap_type,
9839beb93cSSam Leffler 			   int (*proc_version)(struct eap_sm *sm, void *priv,
9939beb93cSSam Leffler 					       int peer_version),
10039beb93cSSam Leffler 			   void (*proc_msg)(struct eap_sm *sm, void *priv,
10139beb93cSSam Leffler 					    const struct wpabuf *respData));
10239beb93cSSam Leffler 
10339beb93cSSam Leffler #endif /* EAP_TLS_COMMON_H */
104