X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=gssapiP_eap.h;h=9bafde47b8685bfc1b0ba0d758c36d32d43cb77e;hb=4c2ed94fbe850e7914dd8caa1f9023dc466392f9;hp=10a6e8223c13faf8b0816cf41cd87a3b3dcaa63c;hpb=31cef49681566dc99790812f31de834dfce02c74;p=mech_eap.git diff --git a/gssapiP_eap.h b/gssapiP_eap.h index 10a6e82..9bafde4 100644 --- a/gssapiP_eap.h +++ b/gssapiP_eap.h @@ -29,3 +29,146 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ + +#ifndef _GSSAPIP_EAP_H_ +#define _GSSAPIP_EAP_H_ 1 + +#include +#include +#include +#include + +/* GSS includes */ +#include +#include +#include "gssapi_eap.h" +#include "util.h" + +/* EAP includes */ +#define IEEE8021X_EAPOL 1 + +#include +#include +#include +#include + +/* Kerberos includes */ +#include + +#define NAME_FLAG_NAI 0x00000001 +#define NAME_FLAG_SERVICE 0x00000002 +#define NAME_FLAG_SAML 0x00000010 +#define NAME_FLAG_RADIUS 0x00000020 + +struct eap_gss_saml_assertion; +struct eap_gss_avp_list; + +struct gss_name_struct { + GSSEAP_MUTEX mutex; /* mutex protecting attributes */ + OM_uint32 flags; + krb5_principal krbPrincipal; /* this is immutable */ + struct eap_gss_saml_assertion *assertion; + struct eap_gss_avp_list *avps; +}; + +#define CRED_FLAG_INITIATOR 0x00000001 +#define CRED_FLAG_ACCEPTOR 0x00000002 +#define CRED_FLAG_DEFAULT_IDENTITY 0x00000004 +#define CRED_FLAG_PASSWORD 0x00000008 + +struct gss_cred_id_struct { + GSSEAP_MUTEX mutex; + OM_uint32 flags; + gss_name_t name; + gss_buffer_desc password; + time_t expiryTime; +}; + +#define CTX_FLAG_INITIATOR 0x00000001 + +#define CTX_IS_INITIATOR(ctx) (((ctx)->flags & CTX_FLAG_INITIATOR) != 0) + +enum eap_gss_state { + EAP_STATE_AUTHENTICATE = 1, + EAP_STATE_KEY_TRANSPORT, + EAP_STATE_SECURE_ASSOCIATION, + EAP_STATE_GSS_CHANNEL_BINDINGS, + EAP_STATE_ESTABLISHED +}; + +#define CTX_IS_ESTABLISHED(ctx) ((ctx)->state == EAP_STATE_ESTABLISHED) + +/* Initiator context flags */ +#define CTX_FLAG_EAP_SUCCESS 0x00010000 +#define CTX_FLAG_EAP_RESTART 0x00020000 +#define CTX_FLAG_EAP_FAIL 0x00040000 +#define CTX_FLAG_EAP_RESP 0x00080000 +#define CTX_FLAG_EAP_NO_RESP 0x00100000 +#define CTX_FLAG_EAP_REQ 0x00200000 +#define CTX_FLAG_EAP_PORT_ENABLED 0x00400000 +#define CTX_FLAG_EAP_ALT_ACCEPT 0x00800000 +#define CTX_FLAG_EAP_ALT_REJECT 0x01000000 + +struct eap_gss_initiator_ctx { + struct wpabuf *eapReqData; + unsigned int idleWhile; + struct eap_peer_config eapConfig; + struct eap_sm *eap; +}; + +/* Acceptor context flags */ +struct eap_gss_acceptor_ctx { +}; + +struct gss_ctx_id_struct { + GSSEAP_MUTEX mutex; + enum eap_gss_state state; + OM_uint32 flags; + OM_uint32 gssFlags; + gss_OID mechanismUsed; + krb5_enctype encryptionType; + krb5_cksumtype checksumType; + krb5_keyblock rfc3961Key; + gss_name_t initiatorName; + gss_name_t acceptorName; + time_t expiryTime; + union { + struct eap_gss_initiator_ctx initiator; + #define initiatorCtx ctxU.initiator + struct eap_gss_acceptor_ctx acceptor; + #define acceptorCtx ctxU.acceptor + } ctxU; + uint64_t sendSeq, recvSeq; + void *seqState; +}; + +#define TOK_FLAG_SENDER_IS_ACCEPTOR 0x01 +#define TOK_FLAG_WRAP_CONFIDENTIAL 0x02 +#define TOK_FLAG_ACCEPTOR_SUBKEY 0x04 + +#define KEY_USAGE_ACCEPTOR_SEAL 22 +#define KEY_USAGE_ACCEPTOR_SIGN 23 +#define KEY_USAGE_INITIATOR_SEAL 24 +#define KEY_USAGE_INITIATOR_SIGN 25 + +/* wrap_iov.c */ +OM_uint32 +gssEapWrapOrGetMIC(OM_uint32 *minor, + gss_ctx_id_t ctx, + int conf_req_flag, + int *conf_state, + gss_iov_buffer_desc *iov, + int iov_count, + enum gss_eap_token_type toktype); + +OM_uint32 +gssEapUnwrapOrVerifyMIC(OM_uint32 *minor_status, + gss_ctx_id_t ctx, + int *conf_state, + gss_qop_t *qop_state, + gss_iov_buffer_desc *iov, + int iov_count, + enum gss_eap_token_type toktype); + + +#endif /* _GSSAPIP_EAP_H_ */