#include <assert.h>
#include <string.h>
#include <errno.h>
+#include <unistd.h>
+#include <stdlib.h>
#include <time.h>
/* GSS includes */
#include "util.h"
/* EAP includes */
-#define IEEE8021X_EAPOL 1
-
#include <common.h>
#include <eap_peer/eap.h>
#include <eap_peer/eap_config.h>
+#include <crypto/tls.h> /* XXX testing implementation only */
#include <wpabuf.h>
/* Kerberos includes */
enum eap_gss_state {
EAP_STATE_AUTHENTICATE = 0,
+#if 0
EAP_STATE_KEY_TRANSPORT,
EAP_STATE_SECURE_ASSOCIATION,
+#endif
EAP_STATE_GSS_CHANNEL_BINDINGS,
EAP_STATE_ESTABLISHED
};
struct eap_gss_initiator_ctx {
unsigned int idleWhile;
struct eap_peer_config eapPeerConfig;
- struct eap_config eapConfig;
struct eap_sm *eap;
+ struct wpabuf reqData;
};
-/* Acceptor context flags */
struct eap_gss_acceptor_ctx {
+ struct eap_eapol_interface *eapPolInterface;
+ void *tlsContext;
+ struct eap_sm *eap;
};
struct gss_ctx_id_struct {
OM_uint32 flags;
OM_uint32 gssFlags;
gss_OID mechanismUsed;
+ krb5_cksumtype checksumType;
krb5_enctype encryptionType;
krb5_keyblock rfc3961Key;
gss_name_t initiatorName;
gss_name_t acceptorName;
time_t expiryTime;
+ uint64_t sendSeq, recvSeq;
+ void *seqState;
union {
struct eap_gss_initiator_ctx initiator;
#define initiatorCtx ctxU.initiator
struct eap_gss_acceptor_ctx acceptor;
#define acceptorCtx ctxU.acceptor
} ctxU;
- uint64_t sendSeq, recvSeq;
- void *seqState;
};
#define TOK_FLAG_SENDER_IS_ACCEPTOR 0x01
#define KEY_USAGE_ACCEPTOR_SIGN 23
#define KEY_USAGE_INITIATOR_SEAL 24
#define KEY_USAGE_INITIATOR_SIGN 25
+#define KEY_USAGE_CHANNEL_BINDINGS 64
/* wrap_iov.c */
OM_uint32