6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 * Copyright 2001 hereUare Communications, Inc. <raghud@hereuare.com>
21 * Copyright 2003 Alan DeKok <aland@freeradius.org>
22 * Copyright 2006 The FreeRADIUS server project
27 RCSIDH(eap_tls_h, "$Id$")
28 USES_APPLE_DEPRECATED_API /* OpenSSL API has been deprecated by Apple */
34 #include <sys/types.h>
35 #include <sys/socket.h>
36 #include <netinet/in.h>
37 #include <netinet/tcp.h>
44 #include <arpa/inet.h>
50 #include <freeradius-devel/radiusd.h>
51 #include <freeradius-devel/tls.h>
56 * Externally exported TLS functions.
58 fr_tls_status_t eaptls_process(eap_handler_t *handler);
60 int eaptls_success(eap_handler_t *handler, int peap_flag) CC_HINT(nonnull);
61 int eaptls_fail(eap_handler_t *handler, int peap_flag) CC_HINT(nonnull);
62 int eaptls_request(EAP_DS *eap_ds, tls_session_t *ssn) CC_HINT(nonnull);
65 /* MPPE key generation */
66 void eaptls_gen_mppe_keys(REQUEST *request, SSL *s,
67 char const *prf_label);
68 void eapttls_gen_challenge(SSL *s, uint8_t *buffer, size_t size);
69 void eaptls_gen_eap_key(RADIUS_PACKET *packet, SSL *s, uint32_t header);
71 #define BUFFER_SIZE 1024
73 #define EAP_TLS_START 1
75 #define EAP_TLS_SUCCESS 3
76 #define EAP_TLS_FAIL 4
77 #define EAP_TLS_ALERT 9
79 #define TLS_HEADER_LEN 4
81 typedef struct tls_packet_t {
86 typedef struct tls_packet {
94 //uint8_t *packet; /* Wired EAP-TLS packet as found in typdedata of eap_packet_t */
98 /* EAP-TLS framework */
99 EAPTLS_PACKET *eaptls_alloc(void);
100 void eaptls_free(EAPTLS_PACKET **eaptls_packet_ptr);
101 tls_session_t *eaptls_session(fr_tls_server_conf_t *tls_conf, eap_handler_t *handler, int client_cert);
102 int eaptls_start(EAP_DS *eap_ds, int peap);
103 int eaptls_compose(EAP_DS *eap_ds, EAPTLS_PACKET *reply);
105 fr_tls_server_conf_t *eaptls_conf_parse(CONF_SECTION *cs, char const *key);
107 #endif /*_EAP_TLS_H*/