X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=gssapiP_eap.h;h=806c5dd2b37d1932bb0e0e1fd033db6f4a85b025;hb=807a70e820e7e10df65ed14bc722b77b3f58c3df;hp=10a6e8223c13faf8b0816cf41cd87a3b3dcaa63c;hpb=31cef49681566dc99790812f31de834dfce02c74;p=mech_eap.git

diff --git a/gssapiP_eap.h b/gssapiP_eap.h
index 10a6e82..806c5dd 100644
--- a/gssapiP_eap.h
+++ b/gssapiP_eap.h
@@ -29,3 +29,146 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  */
+
+#ifndef _GSSAPIP_EAP_H_
+#define _GSSAPIP_EAP_H_ 1
+
+#include <assert.h>
+#include <string.h>
+#include <errno.h>
+#include <time.h>
+
+/* GSS includes */
+#include <gssapi/gssapi.h>
+#include <gssapi/gssapi_ext.h>
+#include "gssapi_eap.h"
+
+/* EAP includes */
+#define IEEE8021X_EAPOL 1
+
+#include <common.h>
+#include <eap_peer/eap.h>
+#include <eap_peer/eap_config.h>
+#include <wpabuf.h>
+
+/* Kerberos includes */
+#include <krb5.h>
+#include "util.h"
+
+struct gss_name_struct {
+    OM_uint32 flags;
+    krb5_principal kerberosName;
+    void *aaa;
+    void *assertion;
+};
+
+#define CRED_FLAG_INITIATOR                 0x00000001
+#define CRED_FLAG_ACCEPTOR                  0x00000002
+#define CRED_FLAG_DEFAULT_IDENTITY          0x00000004
+#define CRED_FLAG_PASSWORD                  0x00000008
+
+struct gss_cred_id_struct {
+    OM_uint32 flags;
+    gss_name_t name;
+    gss_buffer_desc password;
+    time_t expiryTime;
+};
+
+#define CTX_FLAG_INITIATOR                  0x00000001
+
+#define CTX_IS_INITIATOR(ctx)               (((ctx)->flags & CTX_FLAG_INITIATOR) != 0)
+
+enum eap_gss_state {
+    EAP_STATE_AUTHENTICATE = 1,
+    EAP_STATE_KEY_TRANSPORT,
+    EAP_STATE_SECURE_ASSOCIATION,
+    EAP_STATE_GSS_CHANNEL_BINDINGS,
+    EAP_STATE_ESTABLISHED
+};
+
+#define CTX_IS_ESTABLISHED(ctx)             ((ctx)->state == EAP_STATE_ESTABLISHED)
+
+/* Initiator context flags */
+#define CTX_FLAG_EAP_SUCCESS                0x00010000
+#define CTX_FLAG_EAP_RESTART                0x00020000
+#define CTX_FLAG_EAP_FAIL                   0x00040000
+#define CTX_FLAG_EAP_RESP                   0x00080000
+#define CTX_FLAG_EAP_NO_RESP                0x00100000
+#define CTX_FLAG_EAP_REQ                    0x00200000
+#define CTX_FLAG_EAP_PORT_ENABLED           0x00400000
+#define CTX_FLAG_EAP_ALT_ACCEPT             0x00800000
+#define CTX_FLAG_EAP_ALT_REJECT             0x01000000
+
+struct eap_gss_initiator_ctx {
+    struct wpabuf *eapReqData;
+    unsigned int idleWhile;
+    struct eap_peer_config eapConfig;
+    struct eap_sm *eap;
+};
+
+/* Acceptor context flags */
+struct eap_gss_acceptor_ctx {
+};
+
+struct gss_ctx_id_struct {
+    enum eap_gss_state state;
+    OM_uint32 flags;
+    OM_uint32 gssFlags;
+    krb5_context kerberosCtx;
+    gss_OID mechanismUsed;
+    krb5_enctype encryptionType;
+    krb5_cksumtype checksumType;
+    krb5_keyblock *rfc3961Key;
+    gss_name_t initiatorName;
+    gss_name_t acceptorName;
+    time_t expiryTime;
+    union {
+        struct eap_gss_initiator_ctx initiator;
+        #define initiatorCtx         ctxU.initiator
+        struct eap_gss_acceptor_ctx  acceptor;
+        #define acceptorCtx          ctxU.acceptor
+    } ctxU;
+    uint64_t sendSeq, recvSeq;
+    void *seqState;
+};
+
+#define TOK_FLAG_SENDER_IS_ACCEPTOR         0x01
+#define TOK_FLAG_WRAP_CONFIDENTIAL          0x02
+#define TOK_FLAG_ACCEPTOR_SUBKEY            0x04
+
+#define KEY_USAGE_ACCEPTOR_SEAL             512
+#define KEY_USAGE_ACCEPTOR_SIGN             513
+#define KEY_USAGE_INITIATOR_SEAL            514
+#define KEY_USAGE_INITIATOR_SIGN            515
+
+enum gss_eap_token_type {
+    TOK_TYPE_EAP_RESP  = 0x0601,
+    TOK_TYPE_EAP_REQ   = 0x0602,
+    TOK_TYPE_GSS_CB    = 0x0603,
+    TOK_TYPE_MIC       = 0x0404,
+    TOK_TYPE_WRAP      = 0x0504,
+    TOK_TYPE_DELETE    = 0x0405,
+    TOK_TYPE_NONE      = 0xFFFF
+};
+
+/* wrap_iov.c */
+OM_uint32
+gssEapWrapOrGetMIC(OM_uint32 *minor,
+                   gss_ctx_id_t ctx,
+                   int conf_req_flag,
+                   int *conf_state,
+                   gss_iov_buffer_desc *iov,
+                   int iov_count,
+                   enum gss_eap_token_type toktype);
+
+OM_uint32
+gssEapUnwrapOrVerifyMIC(OM_uint32 *minor_status,
+                        gss_ctx_id_t ctx,
+                        int *conf_state,
+                        gss_qop_t *qop_state,
+                        gss_iov_buffer_desc *iov,
+                        int iov_count,
+                        enum gss_eap_token_type toktype);
+
+
+#endif /* _GSSAPIP_EAP_H_ */