16d49e1aeSJan Lentfer /* 23ff40c12SJohn Marino * EAP-TLS/PEAP/TTLS/FAST server common functions 33ff40c12SJohn Marino * Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi> 46d49e1aeSJan Lentfer * 53ff40c12SJohn Marino * This software may be distributed under the terms of the BSD license. 63ff40c12SJohn Marino * See README for more details. 76d49e1aeSJan Lentfer */ 86d49e1aeSJan Lentfer 96d49e1aeSJan Lentfer #ifndef EAP_TLS_COMMON_H 106d49e1aeSJan Lentfer #define EAP_TLS_COMMON_H 116d49e1aeSJan Lentfer 123ff40c12SJohn Marino /** 133ff40c12SJohn Marino * struct eap_ssl_data - TLS data for EAP methods 143ff40c12SJohn Marino */ 156d49e1aeSJan Lentfer struct eap_ssl_data { 163ff40c12SJohn Marino /** 173ff40c12SJohn Marino * conn - TLS connection context data from tls_connection_init() 183ff40c12SJohn Marino */ 196d49e1aeSJan Lentfer struct tls_connection *conn; 206d49e1aeSJan Lentfer 213ff40c12SJohn Marino /** 223ff40c12SJohn Marino * tls_out - TLS message to be sent out in fragments 233ff40c12SJohn Marino */ 243ff40c12SJohn Marino struct wpabuf *tls_out; 253ff40c12SJohn Marino 263ff40c12SJohn Marino /** 273ff40c12SJohn Marino * tls_out_pos - The current position in the outgoing TLS message 283ff40c12SJohn Marino */ 293ff40c12SJohn Marino size_t tls_out_pos; 303ff40c12SJohn Marino 313ff40c12SJohn Marino /** 323ff40c12SJohn Marino * tls_out_limit - Maximum fragment size for outgoing TLS messages 333ff40c12SJohn Marino */ 346d49e1aeSJan Lentfer size_t tls_out_limit; 356d49e1aeSJan Lentfer 363ff40c12SJohn Marino /** 373ff40c12SJohn Marino * tls_in - Received TLS message buffer for re-assembly 383ff40c12SJohn Marino */ 393ff40c12SJohn Marino struct wpabuf *tls_in; 403ff40c12SJohn Marino 413ff40c12SJohn Marino /** 423ff40c12SJohn Marino * phase2 - Whether this TLS connection is used in EAP phase 2 (tunnel) 433ff40c12SJohn Marino */ 446d49e1aeSJan Lentfer int phase2; 456d49e1aeSJan Lentfer 463ff40c12SJohn Marino /** 473ff40c12SJohn Marino * eap - EAP state machine allocated with eap_server_sm_init() 483ff40c12SJohn Marino */ 496d49e1aeSJan Lentfer struct eap_sm *eap; 506d49e1aeSJan Lentfer 516d49e1aeSJan Lentfer enum { MSG, FRAG_ACK, WAIT_FRAG_ACK } state; 526d49e1aeSJan Lentfer struct wpabuf tmpbuf; 53*a1157835SDaniel Fojt 54*a1157835SDaniel Fojt /** 55*a1157835SDaniel Fojt * tls_v13 - Whether TLS v1.3 or newer is used 56*a1157835SDaniel Fojt */ 57*a1157835SDaniel Fojt int tls_v13; 586d49e1aeSJan Lentfer }; 596d49e1aeSJan Lentfer 606d49e1aeSJan Lentfer 616d49e1aeSJan Lentfer /* EAP TLS Flags */ 626d49e1aeSJan Lentfer #define EAP_TLS_FLAGS_LENGTH_INCLUDED 0x80 636d49e1aeSJan Lentfer #define EAP_TLS_FLAGS_MORE_FRAGMENTS 0x40 646d49e1aeSJan Lentfer #define EAP_TLS_FLAGS_START 0x20 65*a1157835SDaniel Fojt #define EAP_TEAP_FLAGS_OUTER_TLV_LEN 0x10 666d49e1aeSJan Lentfer #define EAP_TLS_VERSION_MASK 0x07 676d49e1aeSJan Lentfer 686d49e1aeSJan Lentfer /* could be up to 128 bytes, but only the first 64 bytes are used */ 696d49e1aeSJan Lentfer #define EAP_TLS_KEY_LEN 64 706d49e1aeSJan Lentfer 713ff40c12SJohn Marino /* dummy type used as a flag for UNAUTH-TLS */ 723ff40c12SJohn Marino #define EAP_UNAUTH_TLS_TYPE 255 73*a1157835SDaniel Fojt #define EAP_WFA_UNAUTH_TLS_TYPE 254 746d49e1aeSJan Lentfer 753ff40c12SJohn Marino 763ff40c12SJohn Marino struct wpabuf * eap_tls_msg_alloc(EapType type, size_t payload_len, 773ff40c12SJohn Marino u8 code, u8 identifier); 786d49e1aeSJan Lentfer int eap_server_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data, 79*a1157835SDaniel Fojt int verify_peer, int eap_type); 806d49e1aeSJan Lentfer void eap_server_tls_ssl_deinit(struct eap_sm *sm, struct eap_ssl_data *data); 816d49e1aeSJan Lentfer u8 * eap_server_tls_derive_key(struct eap_sm *sm, struct eap_ssl_data *data, 82*a1157835SDaniel Fojt const char *label, const u8 *context, 83*a1157835SDaniel Fojt size_t context_len, size_t len); 84*a1157835SDaniel Fojt u8 * eap_server_tls_derive_session_id(struct eap_sm *sm, 85*a1157835SDaniel Fojt struct eap_ssl_data *data, u8 eap_type, 86*a1157835SDaniel Fojt size_t *len); 876d49e1aeSJan Lentfer struct wpabuf * eap_server_tls_build_msg(struct eap_ssl_data *data, 886d49e1aeSJan Lentfer int eap_type, int version, u8 id); 896d49e1aeSJan Lentfer struct wpabuf * eap_server_tls_build_ack(u8 id, int eap_type, int version); 906d49e1aeSJan Lentfer int eap_server_tls_phase1(struct eap_sm *sm, struct eap_ssl_data *data); 916d49e1aeSJan Lentfer struct wpabuf * eap_server_tls_encrypt(struct eap_sm *sm, 926d49e1aeSJan Lentfer struct eap_ssl_data *data, 933ff40c12SJohn Marino const struct wpabuf *plain); 946d49e1aeSJan Lentfer int eap_server_tls_process(struct eap_sm *sm, struct eap_ssl_data *data, 956d49e1aeSJan Lentfer struct wpabuf *respData, void *priv, int eap_type, 966d49e1aeSJan Lentfer int (*proc_version)(struct eap_sm *sm, void *priv, 976d49e1aeSJan Lentfer int peer_version), 986d49e1aeSJan Lentfer void (*proc_msg)(struct eap_sm *sm, void *priv, 996d49e1aeSJan Lentfer const struct wpabuf *respData)); 1006d49e1aeSJan Lentfer 1016d49e1aeSJan Lentfer #endif /* EAP_TLS_COMMON_H */ 102