diff options
Diffstat (limited to 'src/libtls/tls_eap.h')
| -rw-r--r-- | src/libtls/tls_eap.h | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/src/libtls/tls_eap.h b/src/libtls/tls_eap.h new file mode 100644 index 000000000..48b4dec62 --- /dev/null +++ b/src/libtls/tls_eap.h @@ -0,0 +1,83 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup tls_eap tls_eap + * @{ @ingroup libtls + */ + +#ifndef TLS_EAP_H_ +#define TLS_EAP_H_ + +typedef struct tls_eap_t tls_eap_t; + +#include <eap/eap.h> + +#include "tls_application.h" + +/** + * TLS over EAP helper, as used by EAP-TLS and EAP-TTLS. + */ +struct tls_eap_t { + + /** + * Initiate TLS over EAP exchange (as client). + * + * @param out allocated EAP packet data to send + * @return + * - NEED_MORE if more exchanges required + * - FAILED if initiation failed + */ + status_t (*initiate)(tls_eap_t *this, chunk_t *out); + + /** + * Process a received EAP-TLS/TTLS packet, create response. + * + * @param in EAP packet data to process + * @param out allocated EAP packet data to send + * @return + * - SUCCESS if TLS negotiation completed + * - FAILED if TLS negotiation failed + * - NEED_MORE if more exchanges required + */ + status_t (*process)(tls_eap_t *this, chunk_t in, chunk_t *out); + + /** + * Get the EAP-MSK. + * + * @return MSK + */ + chunk_t (*get_msk)(tls_eap_t *this); + + /** + * Destroy a tls_eap_t. + */ + void (*destroy)(tls_eap_t *this); +}; + +/** + * Create a tls_eap instance. + * + * @param type EAP type, EAP-TLS or EAP-TTLS + * @param is_server role + * @param server server identity + * @param peer peer identity, NULL to omit peer authentication + * @param application TLS application layer, if any + */ +tls_eap_t *tls_eap_create(eap_type_t type, bool is_server, + identification_t *server, identification_t *peer, + tls_application_t *application); + +#endif /** TLS_EAP_H_ @}*/ |