2 * EAP peer: EAP-TLS/PEAP/TTLS/FAST common functions
3 * Copyright (c) 2004-2009, 2012, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
9 #ifndef EAP_TLS_COMMON_H
10 #define EAP_TLS_COMMON_H
13 * struct eap_ssl_data - TLS data for EAP methods
17 * conn - TLS connection context data from tls_connection_init()
19 struct tls_connection *conn;
22 * tls_out - TLS message to be sent out in fragments
24 struct wpabuf *tls_out;
27 * tls_out_pos - The current position in the outgoing TLS message
32 * tls_out_limit - Maximum fragment size for outgoing TLS messages
37 * tls_in - Received TLS message buffer for re-assembly
39 struct wpabuf *tls_in;
42 * tls_in_left - Number of remaining bytes in the incoming TLS message
47 * tls_in_total - Total number of bytes in the incoming TLS message
52 * phase2 - Whether this TLS connection is used in EAP phase 2 (tunnel)
57 * include_tls_length - Whether the TLS length field is included even
58 * if the TLS data is not fragmented
60 int include_tls_length;
63 * eap - EAP state machine allocated with eap_peer_sm_init()
68 * ssl_ctx - TLS library context to use for the connection
73 * eap_type - EAP method used in Phase 1 (EAP_TYPE_TLS/PEAP/TTLS/FAST)
78 * tls_v13 - Whether TLS v1.3 or newer is used
85 #define EAP_TLS_FLAGS_LENGTH_INCLUDED 0x80
86 #define EAP_TLS_FLAGS_MORE_FRAGMENTS 0x40
87 #define EAP_TLS_FLAGS_START 0x20
88 #define EAP_TLS_VERSION_MASK 0x07
90 /* could be up to 128 bytes, but only the first 64 bytes are used */
91 #define EAP_TLS_KEY_LEN 64
93 /* dummy type used as a flag for UNAUTH-TLS */
94 #define EAP_UNAUTH_TLS_TYPE 255
95 #define EAP_WFA_UNAUTH_TLS_TYPE 254
98 int eap_peer_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
99 struct eap_peer_config *config, u8 eap_type);
100 void eap_peer_tls_ssl_deinit(struct eap_sm *sm, struct eap_ssl_data *data);
101 u8 * eap_peer_tls_derive_key(struct eap_sm *sm, struct eap_ssl_data *data,
102 const char *label, const u8 *context,
103 size_t context_len, size_t len);
104 u8 * eap_peer_tls_derive_session_id(struct eap_sm *sm,
105 struct eap_ssl_data *data, u8 eap_type,
107 int eap_peer_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data,
108 EapType eap_type, int peap_version,
109 u8 id, const struct wpabuf *in_data,
110 struct wpabuf **out_data);
111 struct wpabuf * eap_peer_tls_build_ack(u8 id, EapType eap_type,
113 int eap_peer_tls_reauth_init(struct eap_sm *sm, struct eap_ssl_data *data);
114 int eap_peer_tls_status(struct eap_sm *sm, struct eap_ssl_data *data,
115 char *buf, size_t buflen, int verbose);
116 const u8 * eap_peer_tls_process_init(struct eap_sm *sm,
117 struct eap_ssl_data *data,
119 struct eap_method_ret *ret,
120 const struct wpabuf *reqData,
121 size_t *len, u8 *flags);
122 void eap_peer_tls_reset_input(struct eap_ssl_data *data);
123 void eap_peer_tls_reset_output(struct eap_ssl_data *data);
124 int eap_peer_tls_decrypt(struct eap_sm *sm, struct eap_ssl_data *data,
125 const struct wpabuf *in_data,
126 struct wpabuf **in_decrypted);
127 int eap_peer_tls_encrypt(struct eap_sm *sm, struct eap_ssl_data *data,
128 EapType eap_type, int peap_version, u8 id,
129 const struct wpabuf *in_data,
130 struct wpabuf **out_data);
131 int eap_peer_select_phase2_methods(struct eap_peer_config *config,
133 struct eap_method_type **types,
135 int eap_peer_tls_phase2_nak(struct eap_method_type *types, size_t num_types,
136 struct eap_hdr *hdr, struct wpabuf **resp);
138 #endif /* EAP_TLS_COMMON_H */