Implemented a generic TLS EAP helper to implement EAP-TLS, TTLS and other variants
[strongswan.git] / src / libtls / tls_eap.h
1 /*
2 * Copyright (C) 2010 Martin Willi
3 * Copyright (C) 2010 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup tls_eap tls_eap
18 * @{ @ingroup libtls
19 */
20
21 #ifndef TLS_EAP_H_
22 #define TLS_EAP_H_
23
24 typedef struct tls_eap_t tls_eap_t;
25
26 #include <eap/eap.h>
27
28 #include "tls_application.h"
29
30 /**
31 * TLS over EAP helper, as used by EAP-TLS and EAP-TTLS.
32 */
33 struct tls_eap_t {
34
35 /**
36 * Initiate TLS over EAP exchange (as client).
37 *
38 * @param out allocated EAP packet data to send
39 * @return
40 * - NEED_MORE if more exchanges required
41 * - FAILED if initiation failed
42 */
43 status_t (*initiate)(tls_eap_t *this, chunk_t *out);
44
45 /**
46 * Process a received EAP-TLS/TTLS packet, create response.
47 *
48 * @param in EAP packet data to process
49 * @param out allocated EAP packet data to send
50 * @return
51 * - SUCCESS if TLS negotiation completed
52 * - FAILED if TLS negotiation failed
53 * - NEED_MORE if more exchanges required
54 */
55 status_t (*process)(tls_eap_t *this, chunk_t in, chunk_t *out);
56
57 /**
58 * Get the EAP-MSK.
59 *
60 * @return MSK
61 */
62 chunk_t (*get_msk)(tls_eap_t *this);
63
64 /**
65 * Destroy a tls_eap_t.
66 */
67 void (*destroy)(tls_eap_t *this);
68 };
69
70 /**
71 * Create a tls_eap instance.
72 *
73 * @param type EAP type, EAP-TLS or EAP-TTLS
74 * @param is_server role
75 * @param server server identity
76 * @param peer peer identity, NULL to omit peer authentication
77 * @param application TLS application layer, if any
78 */
79 tls_eap_t *tls_eap_create(eap_type_t type, bool is_server,
80 identification_t *server, identification_t *peer,
81 tls_application_t *application);
82
83 #endif /** TLS_EAP_H_ @}*/