#define CRED_FLAG_DEFAULT_CCACHE 0x00080000
#define CRED_FLAG_RESOLVED 0x00100000
#define CRED_FLAG_TARGET 0x00200000
+#define CRED_FLAG_CERTIFICATE 0x00400000
+#define CRED_FLAG_CONFIG_BLOB 0x00800000
#define CRED_FLAG_PUBLIC_MASK 0x0000FFFF
#ifdef HAVE_HEIMDAL_VERSION
gss_buffer_desc caCertificate;
gss_buffer_desc subjectNameConstraint;
gss_buffer_desc subjectAltNameConstraint;
+ gss_buffer_desc clientCertificate;
+ gss_buffer_desc privateKey;
#ifdef GSSEAP_ENABLE_REAUTH
krb5_ccache krbCredCache;
gss_cred_id_t reauthCred;
#define CTX_FLAG_INITIATOR 0x00000001
#define CTX_FLAG_KRB_REAUTH 0x00000002
+#define CTX_FLAG_CHANNEL_BINDINGS_VERIFIED 0x00000004
#define CTX_IS_INITIATOR(ctx) (((ctx)->flags & CTX_FLAG_INITIATOR) != 0)
#define CTX_FLAG_EAP_PORT_ENABLED 0x00400000
#define CTX_FLAG_EAP_ALT_ACCEPT 0x00800000
#define CTX_FLAG_EAP_ALT_REJECT 0x01000000
+#define CTX_FLAG_EAP_CHBIND_ACCEPT 0x02000000
#define CTX_FLAG_EAP_MASK 0xFFFF0000
+#define CONFIG_BLOB_CLIENT_CERT 0
+#define CONFIG_BLOB_PRIVATE_KEY 1
+#define CONFIG_BLOB_MAX 2
+
struct gss_eap_initiator_ctx {
unsigned int idleWhile;
struct eap_peer_config eapPeerConfig;
struct eap_sm *eap;
struct wpabuf reqData;
+ struct wpabuf *chbindData;
+ unsigned int chbindReqFlags;
+ struct wpa_config_blob configBlobs[CONFIG_BLOB_MAX];
};
#ifdef GSSEAP_ENABLE_ACCEPTOR
#define KEY_USAGE_INITIATOR_SEAL 24
#define KEY_USAGE_INITIATOR_SIGN 25
+#define KEY_USAGE_GSSEAP_CHBIND_MIC 60
+#define KEY_USAGE_GSSEAP_ACCTOKEN_MIC 61
+#define KEY_USAGE_GSSEAP_INITOKEN_MIC 62
+
/* accept_sec_context.c */
OM_uint32
gssEapAcceptSecContext(OM_uint32 *minor,
gss_ctx_id_t ctx,
int prf_key,
const gss_buffer_t prf_in,
- ssize_t desired_output_len,
gss_buffer_t prf_out);
/* query_mechanism_info.c */