1 /*
2  * eap-tls.h
3  *
4  * Copyright (c) Beniamino Galvani 2005 All rights reserved.
5  *               Jan Just Keijser  2006-2019 All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  *
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  *
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in
16  *    the documentation and/or other materials provided with the
17  *    distribution.
18  *
19  * 3. The name(s) of the authors of this software must not be used to
20  *    endorse or promote products derived from this software without
21  *    prior written permission.
22  *
23  * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
24  * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
25  * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
26  * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
27  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
28  * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
29  * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
30  *
31  */
32 
33 #ifndef PPP_EAP_TLS_H
34 #define PPP_EAP_TLS_H
35 
36 #include "pppdconf.h"
37 #include "eap.h"
38 
39 #include <openssl/ssl.h>
40 #include <openssl/bio.h>
41 
42 #define EAP_TLS_FLAGS_LI        128    /* length included flag */
43 #define EAP_TLS_FLAGS_MF        64     /* more fragments flag */
44 #define EAP_TLS_FLAGS_START     32     /* start flag */
45 
46 #define EAP_TLS_MAX_LEN         65536  /* max eap tls packet size */
47 
48 struct tls_info;
49 
50 struct eaptls_session
51 {
52     u_char *data;               /* buffered data */
53     int datalen;                /* buffered data len */
54     int offset;                 /* from where to send */
55     int tlslen;                 /* total length of tls data */
56     bool frag;                  /* packet is fragmented */
57     bool tls_v13;               /* whether we've negotiated TLSv1.3 */
58     SSL_CTX *ctx;
59     SSL *ssl;                   /* ssl connection */
60     BIO *from_ssl;
61     BIO *into_ssl;
62     char peercertfile[MAXWORDLEN];
63     bool alert_sent;
64     u_char alert_sent_desc;
65     bool alert_recv;
66     u_char alert_recv_desc;
67     char rtx[EAP_TLS_MAX_LEN];  /* retransmission buffer */
68     int rtx_len;
69     int mtu;                    /* unit mtu */
70     struct tls_info *info;
71 };
72 
73 
74 SSL_CTX *eaptls_init_ssl(int init_server, char *cacertfile, char *capath,
75             char *certfile, char *privkeyfile, char *pkcs12);
76 int eaptls_init_ssl_server(eap_state * esp);
77 int eaptls_init_ssl_client(eap_state * esp);
78 void eaptls_free_session(struct eaptls_session *ets);
79 
80 int eaptls_is_init_finished(struct eaptls_session *ets);
81 
82 int eaptls_receive(struct eaptls_session *ets, u_char * inp, int len);
83 int eaptls_send(struct eaptls_session *ets, u_char ** outp);
84 void eaptls_retransmit(struct eaptls_session *ets, u_char ** outp);
85 
86 int get_eaptls_secret(int unit, char *client, char *server,
87               char *clicertfile, char *servcertfile, char *cacertfile,
88               char *capath, char *pkfile, char *pkcs12, int am_server);
89 
90 #ifdef PPP_WITH_MPPE
91 void eaptls_gen_mppe_keys(struct eaptls_session *ets, int client);
92 #endif
93 
94 #endif
95