eap_tls_common.c File Reference

EAP peer: EAP-TLS/PEAP/TTLS/FAST common functions. More...

#include "includes.h"
#include "common.h"
#include "eap_i.h"
#include "eap_tls_common.h"
#include "config_ssid.h"
#include "md5.h"
#include "sha1.h"
#include "tls.h"
#include "config.h"

Include dependency graph for eap_tls_common.c:

Go to the source code of this file.

Functions

int eap_tls_ssl_init (struct eap_sm *sm, struct eap_ssl_data *data, struct wpa_ssid *config)

Initialize shared TLS functionality.

void eap_tls_ssl_deinit (struct eap_sm *sm, struct eap_ssl_data *data)

Deinitialize shared TLS functionality.

u8 * eap_tls_derive_key (struct eap_sm *sm, struct eap_ssl_data *data, const char *label, size_t len)

Derive a key based on TLS session data.

const u8 * eap_tls_data_reassemble (struct eap_sm *sm, struct eap_ssl_data *data, const u8 *in_data, size_t in_len, size_t *out_len, int *need_more_input)

Reassemble TLS data.

int eap_tls_process_helper (struct eap_sm *sm, struct eap_ssl_data *data, EapType eap_type, int peap_version, u8 id, const u8 *in_data, size_t in_len, u8 **out_data, size_t *out_len)

Process TLS handshake message.

u8 * eap_tls_build_ack (struct eap_ssl_data *data, size_t *respDataLen, u8 id, EapType eap_type, int peap_version)

Build a TLS ACK frames.

int eap_tls_reauth_init (struct eap_sm *sm, struct eap_ssl_data *data)

Re-initialize shared TLS for session resumption.

int eap_tls_status (struct eap_sm *sm, struct eap_ssl_data *data, char *buf, size_t buflen, int verbose)

Get TLS status.

const u8 * eap_tls_process_init (struct eap_sm *sm, struct eap_ssl_data *data, EapType eap_type, struct eap_method_ret *ret, const u8 *reqData, size_t reqDataLen, size_t *len, u8 *flags)

Initial validation and processing of EAP requests.

Detailed Description

EAP peer: EAP-TLS/PEAP/TTLS/FAST common functions.

Copyright: Copyright (c) 2004-2006, Jouni Malinen <[email protected]>

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2 as published by the Free Software Foundation.

Alternatively, this software may be distributed under the terms of BSD license.

See README and COPYING for more details.

Definition in file eap_tls_common.c.

Function Documentation

u8* eap_tls_build_ack ( struct eap_ssl_data * data,

size_t * respDataLen,

u8 id,

EapType eap_type,

int peap_version

)

Build a TLS ACK frames.

Parameters:

data Data for TLS processing

respDataLen Buffer for returning the length of the response message

id EAP identifier for the response

eap_type EAP type (EAP_TYPE_TLS, EAP_TYPE_PEAP, ...)

peap_version Version number for EAP-PEAP/TTLS

Returns:
Pointer to allocated ACK frames or NULL on failure

Definition at line 561 of file eap_tls_common.c.
Here is the call graph for this function:

const u8* eap_tls_data_reassemble ( struct eap_sm * sm,

struct eap_ssl_data * data,

const u8 * in_data,

size_t in_len,

size_t * out_len,

int * need_more_input

)

Reassemble TLS data.

Parameters:

sm Pointer to EAP state machine allocated with eap_sm_init()

data Data for TLS processing

in_data Next incoming TLS segment

in_len Length of in_data

out_len Variable for returning output data length

need_more_input Variable for returning whether more input data is needed to reassemble this TLS packet

Returns:
Pointer to output data, NULL on error or when more data is needed for the full message (in which case, *need_more_input is also set to 1).
This function reassembles TLS fragments. Caller must not free the returned data buffer since an internal pointer to it is maintained.
Definition at line 303 of file eap_tls_common.c.
Here is the call graph for this function:

u8* eap_tls_derive_key ( struct eap_sm * sm,

struct eap_ssl_data * data,

const char * label,

size_t len

)

Derive a key based on TLS session data.

Parameters:

sm Pointer to EAP state machine allocated with eap_sm_init()

data Data for TLS processing

label Label string for deriving the keys, e.g., "client EAP encryption"

len Length of the key material to generate (usually 64 for MSK)

Returns:
Pointer to allocated key on success or NULL on failure
This function uses TLS-PRF to generate pseudo-random data based on the TLS session data (client/server random and master key). Each key type may use a different label to bind the key usage into the generated material.
The caller is responsible for freeing the returned buffer.
Definition at line 238 of file eap_tls_common.c.
Here is the call graph for this function:

int eap_tls_process_helper ( struct eap_sm * sm,

struct eap_ssl_data * data,

EapType eap_type,

int peap_version,

u8 id,

const u8 * in_data,

size_t in_len,

u8 ** out_data,

size_t * out_len

)

Process TLS handshake message.

Parameters:

sm Pointer to EAP state machine allocated with eap_sm_init()

data Data for TLS processing

eap_type EAP type (EAP_TYPE_TLS, EAP_TYPE_PEAP, ...)

peap_version Version number for EAP-PEAP/TTLS

id EAP identifier for the response

in_data Message received from the server

in_len Length of in_data

out_data Buffer for returning a pointer to the response message

out_len Buffer for returning the length of the response message

Returns:
0 on success, 1 if more input data is needed, or -1 on failure
This function can be used to process TLS handshake messages. It reassembles the received fragments and uses a TLS library to process the messages. The response data from the TLS library is fragmented to suitable output messages that the caller can send out.
out_data is used to return the response message if the return value of this function is 0 or -1. In case of failure, the message is likely a TLS alarm message. The caller is responsible for freeing the allocated buffer if *out_data is not NULL.
Definition at line 504 of file eap_tls_common.c.
Here is the call graph for this function:

const u8* eap_tls_process_init ( struct eap_sm * sm,

struct eap_ssl_data * data,

EapType eap_type,

struct eap_method_ret * ret,

const u8 * reqData,

size_t reqDataLen,

size_t * len,

u8 * flags

)

Initial validation and processing of EAP requests.

Parameters:

sm Pointer to EAP state machine allocated with eap_sm_init()

data Data for TLS processing

eap_type EAP type (EAP_TYPE_TLS, EAP_TYPE_PEAP, ...)

ret Return values from EAP request validation and processing

reqData EAP request to be processed (eapReqData)

reqDataLen Length of the EAP request

len Buffer for returning length of the remaining payload

flags Buffer for returning TLS flags

Returns:
Buffer to payload after TLS flags and length or NULL on failure

Definition at line 638 of file eap_tls_common.c.
Here is the call graph for this function:

int eap_tls_reauth_init ( struct eap_sm * sm,

struct eap_ssl_data * data

)

Re-initialize shared TLS for session resumption.

Parameters:

sm Pointer to EAP state machine allocated with eap_sm_init()

data Data for TLS processing

Returns:
0 on success, -1 on failure

Definition at line 584 of file eap_tls_common.c.
Here is the call graph for this function:

void eap_tls_ssl_deinit ( struct eap_sm * sm,

struct eap_ssl_data * data

)

Deinitialize shared TLS functionality.

Parameters:

sm Pointer to EAP state machine allocated with eap_sm_init()

data Data for TLS processing

This function deinitializes shared TLS functionality that was initialized with eap_tls_ssl_init().
Definition at line 215 of file eap_tls_common.c.
Here is the call graph for this function:

int eap_tls_ssl_init ( struct eap_sm * sm,

struct eap_ssl_data * data,

struct wpa_ssid * config

)

Initialize shared TLS functionality.

Parameters:

sm Pointer to EAP state machine allocated with eap_sm_init()

data Data for TLS processing

config Pointer to the network configuration

Returns:
0 on success, -1 on failure
This function is used to initialize shared TLS functionality for EAP-TLS, EAP-PEAP, EAP-TTLS, and EAP-FAST.
Definition at line 165 of file eap_tls_common.c.
Here is the call graph for this function:

int eap_tls_status ( struct eap_sm * sm,

struct eap_ssl_data * data,

char * buf,

size_t buflen,

int verbose

)

Get TLS status.

Parameters:

sm Pointer to EAP state machine allocated with eap_sm_init()

data Data for TLS processing

buf Buffer for status information

buflen Maximum buffer length

verbose Whether to include verbose status information

Returns:
Number of bytes written to buf.

Definition at line 607 of file eap_tls_common.c.
Here is the call graph for this function:

Generated on Sun Dec 31 13:51:50 2006 for wpa_supplicant by

1.4.2


Functions
int	eap_tls_ssl_init (struct eap_sm sm, struct eap_ssl_data data, struct wpa_ssid *config)
	Initialize shared TLS functionality.
void	eap_tls_ssl_deinit (struct eap_sm sm, struct eap_ssl_data data)
	Deinitialize shared TLS functionality.
u8 *	eap_tls_derive_key (struct eap_sm sm, struct eap_ssl_data data, const char *label, size_t len)
	Derive a key based on TLS session data.
const u8 *	eap_tls_data_reassemble (struct eap_sm sm, struct eap_ssl_data data, const u8 in_data, size_t in_len, size_t out_len, int *need_more_input)
	Reassemble TLS data.
int	eap_tls_process_helper (struct eap_sm sm, struct eap_ssl_data data, EapType eap_type, int peap_version, u8 id, const u8 in_data, size_t in_len, u8 out_data, size_t out_len)
	Process TLS handshake message.
u8 *	eap_tls_build_ack (struct eap_ssl_data data, size_t respDataLen, u8 id, EapType eap_type, int peap_version)
	Build a TLS ACK frames.
int	eap_tls_reauth_init (struct eap_sm sm, struct eap_ssl_data data)
	Re-initialize shared TLS for session resumption.
int	eap_tls_status (struct eap_sm sm, struct eap_ssl_data data, char *buf, size_t buflen, int verbose)
	Get TLS status.
const u8 *	eap_tls_process_init (struct eap_sm sm, struct eap_ssl_data data, EapType eap_type, struct eap_method_ret ret, const u8 reqData, size_t reqDataLen, size_t len, u8 flags)
	Initial validation and processing of EAP requests.