#ifndef _GSSAPIP_EAP_H_
#define _GSSAPIP_EAP_H_ 1
+#define BUILTIN_EAP 1
+
#include <assert.h>
#include <string.h>
#include <errno.h>
+#include <unistd.h>
+#include <stdlib.h>
#include <time.h>
/* GSS includes */
#include "gssapi_eap.h"
#include "util.h"
-/* EAP includes */
-#define IEEE8021X_EAPOL 1
+/* Kerberos includes */
+#include <krb5.h>
+/* EAP includes */
+#ifndef __cplusplus
#include <common.h>
#include <eap_peer/eap.h>
#include <eap_peer/eap_config.h>
+#include <crypto/tls.h> /* XXX testing implementation only */
#include <wpabuf.h>
-
-/* Kerberos includes */
-#include <krb5.h>
+#endif
#define NAME_FLAG_NAI 0x00000001
#define NAME_FLAG_SERVICE 0x00000002
-#define NAME_FLAG_SAML 0x00000010
-#define NAME_FLAG_RADIUS 0x00000020
+#define NAME_FLAG_RADIUS_ATTRIBUTES 0x00000004
+#define NAME_FLAG_SAML_ATTRIBUTES 0x00000008
-#define NAME_HAS_ATTRIBUTES(name) ((name)->flags & \
- (NAME_FLAG_SAML | NAME_FLAG_RADIUS))
+#define NAME_HAS_ATTRIBUTES(name) ((name)->attrCtx != NULL)
-struct eap_gss_saml_assertion;
-struct eap_gss_avp_list;
+struct gss_eap_saml_attr_ctx;
+struct gss_eap_attr_ctx;
struct gss_name_struct {
GSSEAP_MUTEX mutex; /* mutex protecting attributes */
OM_uint32 flags;
krb5_principal krbPrincipal; /* this is immutable */
- struct eap_gss_saml_assertion *assertion;
- struct eap_gss_avp_list *avps;
+ struct gss_eap_attr_ctx *attrCtx;
};
#define CRED_FLAG_INITIATE 0x00000001
#define CTX_IS_INITIATOR(ctx) (((ctx)->flags & CTX_FLAG_INITIATOR) != 0)
-enum eap_gss_state {
- EAP_STATE_AUTHENTICATE = 1,
+enum gss_eap_state {
+ EAP_STATE_AUTHENTICATE = 0,
+#if 0
EAP_STATE_KEY_TRANSPORT,
EAP_STATE_SECURE_ASSOCIATION,
+#endif
EAP_STATE_GSS_CHANNEL_BINDINGS,
EAP_STATE_ESTABLISHED
};
#define CTX_FLAG_EAP_PORT_ENABLED 0x00400000
#define CTX_FLAG_EAP_ALT_ACCEPT 0x00800000
#define CTX_FLAG_EAP_ALT_REJECT 0x01000000
+#define CTX_FLAG_EAP_MASK 0xFFFF0000
-struct eap_gss_initiator_ctx {
- struct wpabuf *eapReqData;
+struct gss_eap_initiator_ctx {
unsigned int idleWhile;
- struct eap_peer_config eapConfig;
+#ifndef __cplusplus
+ struct eap_peer_config eapPeerConfig;
struct eap_sm *eap;
+ struct wpabuf reqData;
+#endif
};
-typedef OM_uint32 (*eap_gss_initiator_sm)(OM_uint32 *,
- gss_cred_id_t,
- gss_ctx_id_t *,
- gss_OID,
- OM_uint32,
- OM_uint32,
- gss_channel_bindings_t,
- gss_buffer_t,
- gss_OID *,
- gss_buffer_t,
- OM_uint32 *,
- OM_uint32 *);
-
-/* Acceptor context flags */
-struct eap_gss_acceptor_ctx {
+struct gss_eap_acceptor_ctx {
+#if defined(BUILTIN_EAP) && !defined(__cplusplus)
+ struct eap_eapol_interface *eapPolInterface;
+ void *tlsContext;
+ struct eap_sm *eap;
+#endif
};
-typedef OM_uint32 (*eap_gss_acceptor_sm)(OM_uint32 *,
- gss_ctx_id_t *,
- gss_cred_id_t,
- gss_buffer_t,
- gss_channel_bindings_t,
- gss_name_t *,
- gss_buffer_t,
- OM_uint32 *,
- OM_uint32 *,
- gss_cred_id_t *);
-
struct gss_ctx_id_struct {
GSSEAP_MUTEX mutex;
- enum eap_gss_state state;
+ enum gss_eap_state state;
OM_uint32 flags;
OM_uint32 gssFlags;
gss_OID mechanismUsed;
- krb5_enctype encryptionType;
krb5_cksumtype checksumType;
+ krb5_enctype encryptionType;
krb5_keyblock rfc3961Key;
gss_name_t initiatorName;
gss_name_t acceptorName;
time_t expiryTime;
+ uint64_t sendSeq, recvSeq;
+ void *seqState;
union {
- struct eap_gss_initiator_ctx initiator;
+ struct gss_eap_initiator_ctx initiator;
#define initiatorCtx ctxU.initiator
- struct eap_gss_acceptor_ctx acceptor;
+ struct gss_eap_acceptor_ctx acceptor;
#define acceptorCtx ctxU.acceptor
} ctxU;
- uint64_t sendSeq, recvSeq;
- void *seqState;
};
#define TOK_FLAG_SENDER_IS_ACCEPTOR 0x01
#define KEY_USAGE_ACCEPTOR_SIGN 23
#define KEY_USAGE_INITIATOR_SEAL 24
#define KEY_USAGE_INITIATOR_SIGN 25
+#define KEY_USAGE_CHANNEL_BINDINGS 64
/* wrap_iov.c */
OM_uint32
int iov_count,
enum gss_eap_token_type toktype);
-
#endif /* _GSSAPIP_EAP_H_ */