All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
eap_tls.h
Go to the documentation of this file.
1 /*
2  * eap_tls.h
3  *
4  * Version: $Id: a9ce51788b05b15313de04aa4723ddfe236e7229 $
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation; either version 2 of the License, or
9  * (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program; if not, write to the Free Software
18  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19  *
20  * Copyright 2001 hereUare Communications, Inc. <raghud@hereuare.com>
21  * Copyright 2003 Alan DeKok <aland@freeradius.org>
22  * Copyright 2006 The FreeRADIUS server project
23  */
24 #ifndef _EAP_TLS_H
25 #define _EAP_TLS_H
26 
27 RCSIDH(eap_tls_h, "$Id: a9ce51788b05b15313de04aa4723ddfe236e7229 $")
28 USES_APPLE_DEPRECATED_API /* OpenSSL API has been deprecated by Apple */
29 
30 #include <stdio.h>
31 #include <stdlib.h>
32 #include <string.h>
33 #include <errno.h>
34 #include <sys/types.h>
35 #include <sys/socket.h>
36 #include <netinet/in.h>
37 #include <netinet/tcp.h>
38 #include <netdb.h>
39 #include <fcntl.h>
40 #include <signal.h>
41 
42 #include <ctype.h>
43 #include <sys/time.h>
44 #include <arpa/inet.h>
45 
46 #ifdef HAVE_UNISTD_H
47 # include <unistd.h>
48 #endif
49 
50 #include <freeradius-devel/radiusd.h>
51 #include <freeradius-devel/tls.h>
52 
53 #include "eap.h"
54 
55 /*
56  * Externally exported TLS functions.
57  */
58 fr_tls_status_t eap_tls_process(eap_session_t *eap_session);
59 
60 int eap_tls_start(eap_session_t *eap_session) CC_HINT(nonnull);
61 int eap_tls_success(eap_session_t *eap_session) CC_HINT(nonnull);
62 int eap_tls_fail(eap_session_t *eap_session) CC_HINT(nonnull);
63 int eap_tls_request(eap_session_t *eap_session) CC_HINT(nonnull);
64 
65 
66 /* MPPE key generation */
67 void eap_tls_gen_mppe_keys(REQUEST *request, SSL *s, char const *prf_label);
68 void eap_ttls_gen_challenge(SSL *s, uint8_t *buffer, size_t size);
69 void eap_tls_gen_eap_key(RADIUS_PACKET *packet, SSL *s, uint32_t header);
70 
71 #define BUFFER_SIZE 1024
72 
73 typedef enum tls_op {
74  EAP_TLS_START = 1,
75  EAP_TLS_ACK = 2,
76  EAP_TLS_SUCCESS = 3,
77  EAP_TLS_FAIL = 4,
78  EAP_TLS_ALERT = 9
79 } tls_op_t;
80 
81 #define TLS_HEADER_LEN 4
82 
83 typedef struct tls_data_t {
84  uint8_t flags;
85  uint8_t data[1];
86 } eap_tls_data_t;
87 
88 /* EAP-TLS framework */
89 tls_session_t *eap_tls_session_init(eap_session_t *eap_session, fr_tls_server_conf_t *tls_conf, bool client_cert);
90 
91 
92 fr_tls_server_conf_t *eap_tls_conf_parse(CONF_SECTION *cs, char const *key);
93 
94 #endif /*_EAP_TLS_H*/
eap_tls_gen_eap_key
void eap_tls_gen_eap_key(RADIUS_PACKET *packet, SSL *s, uint32_t header)
Definition: mppe_keys.c:188
RCSIDH
#define RCSIDH(h, id)
Definition: build.h:136
EAP_TLS_ACK
Definition: eap_tls.h:75
eap_tls_gen_mppe_keys
void eap_tls_gen_mppe_keys(REQUEST *request, SSL *s, char const *prf_label)
Generate keys according to RFC 2716 and add to the reply.
Definition: mppe_keys.c:108
CC_HINT
#define CC_HINT(_x)
Definition: build.h:71
eap_tls_data_t
struct tls_data_t eap_tls_data_t
eap_tls_conf_parse
fr_tls_server_conf_t * eap_tls_conf_parse(CONF_SECTION *cs, char const *key)
Parse TLS configuration.
Definition: eap_tls.c:891
conf_part
Definition: conffile.c:107
eap_tls_success
int eap_tls_success(eap_session_t *eap_session) CC_HINT(nonnull)
Send an EAP-TLS success.
Definition: eap_tls.c:211
eap_tls_session_init
tls_session_t * eap_tls_session_init(eap_session_t *eap_session, fr_tls_server_conf_t *tls_conf, bool client_cert)
Create a new tls_session_t associated with an eap_session_t.
Definition: eap_tls.c:844
EAP_TLS_ALERT
Definition: eap_tls.h:78
_eap_session
Tracks the progress of a single session of any EAP method.
Definition: eap.h:60
eap_tls_start
int eap_tls_start(eap_session_t *eap_session) CC_HINT(nonnull)
Send an initial EAP-TLS request to the peer.
Definition: eap_tls.c:192
eap_tls_process
USES_APPLE_DEPRECATED_API fr_tls_status_t eap_tls_process(eap_session_t *eap_session)
Process an EAP TLS request.
Definition: eap_tls.c:708
tls_data_t
Definition: eap_tls.h:83
EAP_TLS_FAIL
Definition: eap_tls.h:77
eap_ttls_gen_challenge
void eap_ttls_gen_challenge(SSL *s, uint8_t *buffer, size_t size)
Definition: mppe_keys.c:161
tls_op_t
enum tls_op tls_op_t
EAP_TLS_START
Definition: eap_tls.h:74
radius_packet
Definition: libradius.h:146
EAP_TLS_SUCCESS
Definition: eap_tls.h:76
tls_data_t::data
uint8_t data[1]
Definition: eap_tls.h:85
rad_request
Definition: radiusd.h:208
eap_tls_request
int eap_tls_request(eap_session_t *eap_session) CC_HINT(nonnull)
Frames the OpenSSL data that needs to be sent to the client in an EAP-Request.
Definition: eap_tls.c:299
eap_tls_fail
int eap_tls_fail(eap_session_t *eap_session) CC_HINT(nonnull)
Send an EAP-TLS failure.
Definition: eap_tls.c:254
tls_op
tls_op
Definition: eap_tls.h:73
tls_data_t::flags
uint8_t flags
Definition: eap_tls.h:84
USES_APPLE_DEPRECATED_API
#define USES_APPLE_DEPRECATED_API
Definition: build.h:122
Generated on Sun Aug 28 2016 14:19:46 by   doxygen 1.8.6