diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 09:49:46 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 09:49:46 +0000 |
commit | 50b37d4a27d3295a29afca2286f1a5a086142cec (patch) | |
tree | 9212f763934ee090ef72d823f559f52ce387f268 /src/modules/rlm_eap/libeap/eap_tls.h | |
parent | Initial commit. (diff) | |
download | freeradius-upstream.tar.xz freeradius-upstream.zip |
Adding upstream version 3.2.1+dfsg.upstream/3.2.1+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/modules/rlm_eap/libeap/eap_tls.h')
-rw-r--r-- | src/modules/rlm_eap/libeap/eap_tls.h | 109 |
1 files changed, 109 insertions, 0 deletions
diff --git a/src/modules/rlm_eap/libeap/eap_tls.h b/src/modules/rlm_eap/libeap/eap_tls.h new file mode 100644 index 0000000..8e5fc77 --- /dev/null +++ b/src/modules/rlm_eap/libeap/eap_tls.h @@ -0,0 +1,109 @@ +/* + * eap_tls.h + * + * Version: $Id$ + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA + * + * Copyright 2001 hereUare Communications, Inc. <raghud@hereuare.com> + * Copyright 2003 Alan DeKok <aland@freeradius.org> + * Copyright 2006 The FreeRADIUS server project + */ +#ifndef _EAP_TLS_H +#define _EAP_TLS_H + +RCSIDH(eap_tls_h, "$Id$") +USES_APPLE_DEPRECATED_API /* OpenSSL API has been deprecated by Apple */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <errno.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <netinet/tcp.h> +#include <netdb.h> +#include <fcntl.h> +#include <signal.h> + +#include <ctype.h> +#include <sys/time.h> +#include <arpa/inet.h> + +#ifdef HAVE_UNISTD_H +# include <unistd.h> +#endif + +#include <freeradius-devel/radiusd.h> +#include <freeradius-devel/tls.h> + +#include "eap.h" + +/* + * Externally exported TLS functions. + */ +fr_tls_status_t eaptls_process(eap_handler_t *handler); + +int eaptls_success(eap_handler_t *handler, int peap_flag) CC_HINT(nonnull); +int eaptls_fail(eap_handler_t *handler, int peap_flag) CC_HINT(nonnull); +int eaptls_request(EAP_DS *eap_ds, tls_session_t *ssn) CC_HINT(nonnull); + + +void T_PRF(unsigned char const *secret, unsigned int secret_len, char const *prf_label, unsigned char const *seed, unsigned int seed_len, unsigned char *out, unsigned int out_len) CC_HINT(nonnull(1,3,6)); +void eaptls_gen_mppe_keys(REQUEST *request, SSL *s, char const *label, uint8_t const *context, size_t context_size); +void eapttls_gen_challenge(SSL *s, uint8_t *buffer, size_t size); +void eaptls_gen_eap_key(eap_handler_t *handler); +void eap_fast_tls_gen_challenge(SSL *ssl, int version, uint8_t *buffer, size_t size, char const *prf_label) CC_HINT(nonnull); + +#define BUFFER_SIZE 1024 + +typedef enum tls_op { + EAP_TLS_START = 1, + EAP_TLS_ACK = 2, + EAP_TLS_SUCCESS = 3, + EAP_TLS_FAIL = 4, + EAP_TLS_ALERT = 9 +} tls_op_t; + +#define TLS_HEADER_LEN 4 + +typedef struct tls_packet_t { + uint8_t flags; + uint8_t data[1]; +} eaptls_packet_t; + +typedef struct tls_packet { + uint8_t code; + uint8_t id; + uint32_t length; + uint8_t flags; + uint8_t *data; + uint32_t dlen; + + //uint8_t *packet; /* Wired EAP-TLS packet as found in typdedata of eap_packet_t */ +} EAPTLS_PACKET; + + +/* EAP-TLS framework */ +EAPTLS_PACKET *eaptls_alloc(void); +void eaptls_free(EAPTLS_PACKET **eaptls_packet_ptr); +tls_session_t *eaptls_session(eap_handler_t *handler, fr_tls_server_conf_t *tls_conf, bool client_cert, bool allow_tls13); +int eaptls_start(EAP_DS *eap_ds, int peap); +int eaptls_compose(EAP_DS *eap_ds, EAPTLS_PACKET *reply); + +fr_tls_server_conf_t *eaptls_conf_parse(CONF_SECTION *cs, char const *key); + +#endif /*_EAP_TLS_H*/ |