Allow certificate/private key to contain binary data

[moonshot.git] / moonshot / mech_eap / gssapiP_eap.h

diff --git a/moonshot/mech_eap/gssapiP_eap.h b/moonshot/mech_eap/gssapiP_eap.h
index f42f7be..eb7e7db 100644 (file)
--- a/moonshot/mech_eap/gssapiP_eap.h
+++ b/moonshot/mech_eap/gssapiP_eap.h
@@ -150,6 +150,8 @@ struct gss_name_struct
 #define CRED_FLAG_DEFAULT_CCACHE            0x00080000
 #define CRED_FLAG_RESOLVED                  0x00100000
 #define CRED_FLAG_TARGET                    0x00200000
+#define CRED_FLAG_CERTIFICATE               0x00400000
+#define CRED_FLAG_CONFIG_BLOB               0x00800000
 #define CRED_FLAG_PUBLIC_MASK               0x0000FFFF
 
 #ifdef HAVE_HEIMDAL_VERSION
@@ -170,6 +172,8 @@ struct gss_cred_id_struct
     gss_buffer_desc caCertificate;
     gss_buffer_desc subjectNameConstraint;
     gss_buffer_desc subjectAltNameConstraint;
+    gss_buffer_desc clientCertificate;
+    gss_buffer_desc privateKey;
 #ifdef GSSEAP_ENABLE_REAUTH
     krb5_ccache krbCredCache;
     gss_cred_id_t reauthCred;
@@ -195,11 +199,16 @@ struct gss_cred_id_struct
 #define CTX_FLAG_EAP_ALT_REJECT             0x01000000
 #define CTX_FLAG_EAP_MASK                   0xFFFF0000
 
+#define CONFIG_BLOB_CLIENT_CERT             0
+#define CONFIG_BLOB_PRIVATE_KEY             1
+#define CONFIG_BLOB_MAX                     2
+
 struct gss_eap_initiator_ctx {
     unsigned int idleWhile;
     struct eap_peer_config eapPeerConfig;
     struct eap_sm *eap;
     struct wpabuf reqData;
+    struct wpa_config_blob configBlobs[CONFIG_BLOB_MAX];
 };
 
 #ifdef GSSEAP_ENABLE_ACCEPTOR
@@ -380,6 +389,12 @@ gssEapPseudoRandom(OM_uint32 *minor,
                    ssize_t desired_output_len,
                    gss_buffer_t prf_out);
 
+/* query_mechanism_info.c */
+OM_uint32
+gssQueryMechanismInfo(OM_uint32 *minor,
+                      gss_const_OID mech_oid,
+                      unsigned char auth_scheme[16]);
+
 /* query_meta_data.c */
 OM_uint32
 gssEapQueryMetaData(OM_uint32 *minor,