libtls: Add getters for TLS handshake authentication details
[strongswan.git] / src / libtls / tls_eap.h
index 8aa2dce..df41fc4 100644 (file)
@@ -25,7 +25,7 @@ typedef struct tls_eap_t tls_eap_t;
 
 #include <eap/eap.h>
 
-#include "tls_application.h"
+#include "tls.h"
 
 /**
  * TLS over EAP helper, as used by EAP-TLS and EAP-TTLS.
@@ -33,7 +33,7 @@ typedef struct tls_eap_t tls_eap_t;
 struct tls_eap_t {
 
        /**
-        * Initiate TLS over EAP exchange (as client).
+        * Initiate TLS/TTLS/TNC over EAP exchange (as client).
         *
         * @param out                   allocated EAP packet data to send
         * @return
@@ -43,7 +43,7 @@ struct tls_eap_t {
        status_t (*initiate)(tls_eap_t *this, chunk_t *out);
 
        /**
-        * Process a received EAP-TLS/TTLS packet, create response.
+        * Process a received EAP-TLS/TTLS/TNC packet, create response.
         *
         * @param in                    EAP packet data to process
         * @param out                   allocated EAP packet data to send
@@ -62,6 +62,28 @@ struct tls_eap_t {
        chunk_t (*get_msk)(tls_eap_t *this);
 
        /**
+        * Get the current EAP identifier.
+        *
+        * @return                              identifier
+        */
+       uint8_t (*get_identifier)(tls_eap_t *this);
+
+       /**
+        * Set the EAP identifier to a deterministic value, overwriting
+        * the randomly initialized default value.
+        *
+        * @param identifier    EAP identifier
+        */
+       void (*set_identifier) (tls_eap_t *this, uint8_t identifier);
+
+       /**
+        * Get the authentication details after completing the handshake.
+        *
+        * @return                              authentication details, internal data
+        */
+       auth_cfg_t* (*get_auth)(tls_eap_t *this);
+
+       /**
         * Destroy a tls_eap_t.
         */
        void (*destroy)(tls_eap_t *this);
@@ -71,14 +93,12 @@ struct tls_eap_t {
  * Create a tls_eap instance.
  *
  * @param type                         EAP type, EAP-TLS or EAP-TTLS
- * @param is_server                    role
- * @param server                       server identity
- * @param peer                         peer identity, NULL to omit peer authentication
- * @param application          TLS application layer, if any
+ * @param tls                          TLS implementation
  * @param frag_size                    maximum size of a TLS fragment we send
+ * @param max_msg_count                maximum number of processed messages
+ * @param include_length       if TRUE include length in non-fragmented packets
  */
-tls_eap_t *tls_eap_create(eap_type_t type, bool is_server,
-                                                 identification_t *server, identification_t *peer,
-                                                 tls_application_t *application, size_t frag_size);
+tls_eap_t *tls_eap_create(eap_type_t type, tls_t *tls, size_t frag_size,
+                                                 int max_msg_count, bool include_length);
 
 #endif /** TLS_EAP_H_ @}*/