/** * A client-side 802.1x implementation supporting EAP/TLS * * This code is released under both the GPL version 2 and BSD licenses. * Either license may be used. The respective licenses are found below. * * Copyright (C) 2002 Bryan D. Payne & Nick L. Petroni Jr. * All Rights Reserved * * --- GPL Version 2 License --- * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * * --- BSD License --- * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * - Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * - Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * Maryland at College Park and its contributors. * - Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ /******************************************************************* * EAPTLS Header * * File: eaptls.h * * Authors: bdpayne@cs.umd.edu, npetroni@cs.umd.edu * * $Id: eapttls.h,v 1.2 2003/03/25 23:59:28 chessing Exp $ * $Date: 2003/03/25 23:59:28 $ * $Log: eapttls.h,v $ * Revision 1.2 2003/03/25 23:59:28 chessing * Added support for authentication method specific keyblock generation, and added dynamic WEP support for TTLS. * * Revision 1.1 2003/03/23 03:26:17 chessing * Inital support for TTLS. Currently only supports TTLS-PAP. Dynamic rekeying still needs to be implemented. * * Revision 1.3 2003/01/14 23:52:07 chessing * More work on the TLS code. It should be mostly stable now. There is a problem if get_pass("") in eaptls_auth_challenge is called twice. * * Revision 1.2 2003/01/14 19:12:54 chessing * TLS code now uses OpenSSL! Cleaned out some of the no longer needed stuff from the TLS code. Still needs more work on error checking. * * Revision 1.1 2003/01/02 19:35:47 chessing * Add some files that were missed in the last import.. * *******************************************************************/ /*** *** Specifics for EAPTLS can be found in *** IETF 2716 ***/ #ifndef EAPTTLS_H #define EAPTTLS_H #include #include #include "dot1x_globals.h" /*********** MACRO DEFINITIONS ******************/ #define EAP_TYPE_TTLS 0x15 /* the EAP type of EAPTLS */ #define EAP_NAME_TTLS "TTLS" #define EAPTLS_LENGTH_INCL 0x80 #define EAPTLS_MORE_FRAGS 0x40 #define EAPTLS_START 0x20 #define EAPTLS_LENGTH_MORE 0xc0 #define EAPTLS_MAX_SIZE 1398 #define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ *((c)++)=(unsigned char)(((l)>>16)&0xff), \ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ *((c)++)=(unsigned char)(((l) )&0xff)) #define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24, \ l|=((unsigned long)(*((c)++)))<<16, \ l|=((unsigned long)(*((c)++)))<< 8, \ l|=((unsigned long)(*((c)++)))) #define s2n(s,c) (*((c)++)=(unsigned char)(((s)>> 8)&0xff), \ *((c)++)=(unsigned char)(((s) )&0xff)) #define n2s(c,s) (s =((unsigned short)(*((c)++)))<< 8, \ s|=((unsigned short)(*((c)++)))) /*********** STRUCTURE DEFINITIONS **************/ /*********** FUNCTION PROTOTYPES ****************/ /** * Initialize Function for EAPOL package */ int init_eapttls(char *, char *); //Clean up after ourselves. int eapttls_shutdown(); /** * Function to handle packets and manage state machine * for EAPTLS * * return -1 if fails * 0 otherwise */ int eapttls_decode_packet(u_char *, /* The incoming eaptls packet */ int, /* it's total length */ u_char *, /* The outgoing eaptls packet (if is one) */ int * /* The length of that packet */ ); /** * Pump the data through OpenSSL. */ int eapttls_parse_data(u_char *, /* Incoming SSL data */ int /* Size of the data */ ); /** * Return hunks of data back to the server. */ int eapttls_return_data(u_char *, /* Data to send out */ int * /* Size of data to send out */ ); /** * Preparse TLS for a new handshake (the necessary setup before each) */ int eapttls_reset(); /** * blah */ int eapttls_build_ack(u_char *out, int *out_size ); /** * blah */ int eapttls_add_message(u_char *buf, unsigned long length ); /** * Request the password for the certificate. */ int eapttls_auth_challenge(); int ttls_gen_keyblock(); #endif /* _EAPTLS_H_ */ /*** EOF ***/