Implement channel bindings

[mech_eap.orig] / gssapiP_eap.h

diff --git a/gssapiP_eap.h b/gssapiP_eap.h
index 2483924..5fb8383 100644 (file)
--- a/gssapiP_eap.h
+++ b/gssapiP_eap.h
@@ -36,6 +36,8 @@
 #include <assert.h>
 #include <string.h>
 #include <errno.h>
+#include <unistd.h>
+#include <stdlib.h>
 #include <time.h>
 
 /* GSS includes */
@@ -45,11 +47,10 @@
 #include "util.h"
 
 /* EAP includes */
-#define IEEE8021X_EAPOL 1
-
 #include <common.h>
 #include <eap_peer/eap.h>
 #include <eap_peer/eap_config.h>
+#include <crypto/tls.h>                     /* XXX testing implementation only */
 #include <wpabuf.h>
 
 /* Kerberos includes */
@@ -94,8 +95,10 @@ struct gss_cred_id_struct {
 
 enum eap_gss_state {
     EAP_STATE_AUTHENTICATE = 0,
+#if 0
     EAP_STATE_KEY_TRANSPORT,
     EAP_STATE_SECURE_ASSOCIATION,
+#endif
     EAP_STATE_GSS_CHANNEL_BINDINGS,
     EAP_STATE_ESTABLISHED
 };
@@ -114,14 +117,16 @@ enum eap_gss_state {
 #define CTX_FLAG_EAP_ALT_REJECT             0x01000000
 
 struct eap_gss_initiator_ctx {
-    struct wpabuf *eapReqData;
     unsigned int idleWhile;
-    struct eap_peer_config eapConfig;
+    struct eap_peer_config eapPeerConfig;
     struct eap_sm *eap;
+    struct wpabuf reqData;
 };
 
-/* Acceptor context flags */
 struct eap_gss_acceptor_ctx {
+    struct eap_eapol_interface *eapPolInterface;
+    void *tlsContext;
+    struct eap_sm *eap;
 };
 
 struct gss_ctx_id_struct {
@@ -131,7 +136,6 @@ struct gss_ctx_id_struct {
     OM_uint32 gssFlags;
     gss_OID mechanismUsed;
     krb5_enctype encryptionType;
-    krb5_cksumtype checksumType;
     krb5_keyblock rfc3961Key;
     gss_name_t initiatorName;
     gss_name_t acceptorName;
@@ -154,6 +158,7 @@ struct gss_ctx_id_struct {
 #define KEY_USAGE_ACCEPTOR_SIGN             23
 #define KEY_USAGE_INITIATOR_SEAL            24
 #define KEY_USAGE_INITIATOR_SIGN            25
+#define KEY_USAGE_CHANNEL_BINDINGS          64
 
 /* wrap_iov.c */
 OM_uint32