Provides EAP-TLS (EAP-transport layer security) authentication. More...

Functions
MOC_EXTERN MSTATUS	EAP_TLScloseConnection (ubyte appSessionHdl, ubyte tls_connection)
	Close an EAP-TLS connection. More...

MOC_EXTERN MSTATUS	EAP_TLSCreateSession (ubyte appSessionHdl, ubyte tls_connection, eap_tls_connection connectionType, ubyte4 sessionIdLen, ubyte sessionId, ubyte masterSecret, ubyte dnsName, ubyte methodType, ubyte peerVersion, ubyte authVersion, struct certStore pCertStore)
	Create an EAP-TLS session. More...

MOC_EXTERN MSTATUS	EAP_TLSformAlert (ubyte tls_connection, sbyte4 alertClass, sbyte4 alertId, ubyte4 len, ubyte eapRespData, ubyte4 eapRespLen)
	Build a TLS `Alert` Messsage to be sent over EAP. More...

MOC_EXTERN MSTATUS	EAP_TLSgetClientSessionInfo (ubyte appSessionHdl, ubyte tls_connection, ubyte4 sessionIdLen, ubyte sessionId, ubyte *masterSecret)
	Get EAP-TLS session's session ID and master secret. More...

MOC_EXTERN MSTATUS	EAP_TLSgetKey (ubyte tls_connection, ubyte key, ubyte2 keyLen)
	Get a new EAP-TLS session key. More...

MOC_EXTERN MSTATUS	EAP_TLSgetMTU (ubyte tls_connection, ubyte setMTU)
	Get the MTU (maximum transmission unit) value from the TLS control block. More...

MOC_EXTERN MSTATUS	EAP_TLSGetNegotiatedVersion (ubyte tls_connection, ubyte version)
	Get the negotiated version of an EAP-TLS packet. More...

MOC_EXTERN MSTATUS	EAP_TLSgetSessionStatus (ubyte appSessionHdl, ubyte tls_connection, ubyte4 *sessionStatus)
	Get an EAP-TLS session's session status. More...

MOC_EXTERN MSTATUS	EAP_TLSgetSSLInstance (ubyte appSessionHdl, ubyte tls_connection, sbyte4 *connectionInstance)
	Get an EAP-TLS connection's SSL connection instance. More...

MOC_EXTERN MSTATUS	EAP_TLSPeerGetAuthVersion (ubyte appSessionHdl, ubyte authVersion, ubyte *pkt, ubyte pktLen)
	Get the authentication version of an EAP-TLS packet. More...

MOC_EXTERN MSTATUS	EAP_TLSPeerStart (ubyte appSessionHdl, ubyte tls_connection, ubyte methodType, ubyte pkt, ubyte4 pktLen, ubyte eapRespData, ubyte4 eapRespLen)
	Build a client `Hello` message and add it to the send buffer. More...

MOC_EXTERN MSTATUS	EAP_TLSProcessMsg (ubyte appSessionHdl, ubyte tls_connection, ubyte data, ubyte4 len, ubyte eapRespData, ubyte4 eapRespLen)
	Process a received EAP-TLS message and build a response. More...

MOC_EXTERN MSTATUS	EAP_TLSRecvData (ubyte appSessionHdl, ubyte tls_connection, ubyte data, ubyte4 len, ubyte eapRespData, ubyte4 eapRespLen, ubyte *eapRemData, ubyte4 eapRemLen)
	Decrypt EAP message payload. More...

MOC_EXTERN MSTATUS	EAP_TLSSendData (ubyte appSessionHdl, ubyte tls_connection, ubyte data, ubyte4 len, ubyte eapRespData, ubyte4 eapRespLen)
	Encrypt EAP (clear text) data. More...

MOC_EXTERN MSTATUS	EAP_TLSSetAuthId (ubyte appSessionHdl, ubyte tls_connection, ubyte *authId, ubyte2 authIdLen)
	Set EAP-FAST authenticator ID. More...

MOC_EXTERN MSTATUS	EAP_TLSsetParams (ubyte appSessionHdl, ubyte tls_connection, ubyte methodType, eap_tls_param paramType, ubyte *param, ubyte4 paramLen)
	Set any parameter of any method to a specified value. More...

MOC_EXTERN MSTATUS	EAP_TLSstartRequest (ubyte appSessionHdl, ubyte tls_connection, certDescriptor sslCert, ubyte methodType, ubyte eapReqData, ubyte4 eapReqLen)
	Send an EAP-TLS `Start` message. More...

Detailed Description

Function Documentation

◆ EAP_TLScloseConnection()

MOC_EXTERN MSTATUS EAP_TLScloseConnection	(	ubyte *	appSessionHdl,
		ubyte *	tls_connection
	)

This function closes an EAP-TLS connection.

Since: 1.41

Version: 1.41 and later

To enable this function, the following flag must be defined in moptions.h:

__ENABLE_MOCANA_EAP_TLS__

Additionally, at least one of the following flags must be defined in moptions.h:

__ENABLE_MOCANA_EAP_PEER__
__ENABLE_MOCANA_EAP_AUTH__

eap_tls.h

Parameters

appSessionHdl	Cookie given by the application to identify the session.
tls_connection	EAP-TLS session handle returned from EAP_TLSCreateSession.

Returns: OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.

See also: EAP_TLSstartRequest; EAP_TLSProcessMsg; EAP_TLSgetClientSessionInfo

eap_tls.h

◆ EAP_TLSCreateSession()

MOC_EXTERN MSTATUS EAP_TLSCreateSession	(	ubyte *	appSessionHdl,
		ubyte **	tls_connection,
		eap_tls_connection	connectionType,
		ubyte4 *	sessionIdLen,
		ubyte *	sessionId,
		ubyte *	masterSecret,
		ubyte *	dnsName,
		ubyte	methodType,
		ubyte	peerVersion,
		ubyte	authVersion,
		struct certStore *	pCertStore
	)

This function creates an EAP-TLS session using the specified parameters. The TLS connection handle is returned through the tls_connection parameter, and should be passed in all subsequent function calls for the TLS session. This function can be called by any method that runs over TLS, for example, TTLS, PEAP, and FAST.

Both clients and servers can call this function. If called by a server, the function calls SSL_ASYNC_acceptConnection. If called by a client, the function calls SSL_ASYNC_connect.

Since: 1.41

Version: 1.41 and later

To enable this function, the following flag must be defined in moptions.h:

__ENABLE_MOCANA_EAP_TLS__

Additionally, at least one of the following flags must be defined in moptions.h:

__ENABLE_MOCANA_EAP_PEER__
__ENABLE_MOCANA_EAP_AUTH__

Note: The peerVersion and authVersion parameter values must match and must correspond to TLS v1.0 and later.

eap_tls.h

Parameters

appSessionHdl	Cookie given by the application to identify the session.
tls_connection	On return, EAP-TLS session handle.
connectionType	Any of the `eap_tls_connection` enumerated values (see eap_tls.h).
sessionIdLen	Pointer to number of bytes in EAP-TLS session ID (`sessionId`).
sessionId	Pointer to EAP-TLS session ID.
masterSecret	Pointer to master secret for this session.
dnsName	Pointer to DNS common name in the certificate.
methodType	Any of the `eapMethodType` enumerated values (see eap_proto.h).
peerVersion	Peer method version.
authVersion	Authenticator method version.
pCertStore	Pointer to TLS certificate store.

Returns: OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.

eap_tls.h

◆ EAP_TLSformAlert()

MOC_EXTERN MSTATUS EAP_TLSformAlert	(	ubyte *	tls_connection,
		sbyte4	alertClass,
		sbyte4	alertId,
		ubyte4	len,
		ubyte **	eapRespData,
		ubyte4 *	eapRespLen
	)

This function builds an EAP-TLS Alert Message for the peer to send whenever there is a TLS error.

Since: 2.45

Version: 2.45 and later

To enable this function, the following flags must be defined in moptions.h:

__ENABLE_MOCANA_EAP_TLS__
__ENABLE_MOCANA_SSL_ALERTS__

Additionally, at least one of the following flags must be defined in moptions.h:

__ENABLE_MOCANA_EAP_PEER__
__ENABLE_MOCANA_EAP_AUTH__

eap_tls.h

Parameters

tls_connection	EAP-TLS session handle returned from EAP_TLSCreateSession.
alertClass	Alert class (`SSLALERTLEVEL_WARNING` or `SSLALERTLEVEL_FATAL`)
alertId	Alert ID.
len	Number of bytes in EAP-TLS message payload (`data`)
eapRespData	On return, pointer to EAP-TLS Alert Payload.
eapRespLen	On return, pointer to length of the Payload (`eapRespData`).

Returns: OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.

See also: EAP_TLSstartRequest; EAP_TLSPeerStart; EAP_TLSSendData; EAP_TLSRecvData

eap_tls.h

◆ EAP_TLSgetClientSessionInfo()

MOC_EXTERN MSTATUS EAP_TLSgetClientSessionInfo	(	ubyte *	appSessionHdl,
		ubyte *	tls_connection,
		ubyte4 *	sessionIdLen,
		ubyte *	sessionId,
		ubyte *	masterSecret
	)

This function retrieves the specified TLS session's session ID and master secret.

Since: 1.41

Version: 1.41 and later

To enable this function, the following flags must be defined in moptions.h:

__ENABLE_MOCANA_EAP_TLS__
__ENABLE_MOCANA_SSL_CLIENT__

Additionally, at least one of the following flags must be defined in moptions.h:

__ENABLE_MOCANA_EAP_PEER__
__ENABLE_MOCANA_EAP_AUTH__

eap_tls.h

Parameters

appSessionHdl	Cookie given by the application to identify the session.
tls_connection	EAP-TLS session handle returned from EAP_TLSCreateSession.
sessionIdLen	On return, pointer to number of bytes in EAP-TLS session ID (`sessionId`).
sessionId	On return, pointer to session's session ID.
masterSecret	On return, pointer to session's master secret.

Returns: OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.

See also: EAP_TLSstartRequest; EAP_TLSProcessMsg; EAP_TLSgetSessionStatus; EAP_TLSgetSSLInstance

eap_tls.h

◆ EAP_TLSgetKey()

MOC_EXTERN MSTATUS EAP_TLSgetKey	(	ubyte *	tls_connection,
		ubyte *	key,
		ubyte2	keyLen
	)

This function generates an EAP-TLS session key and returns it (or NULL if there's no key) through the key parameter.

Since: 1.41

Version: 1.41 and later

To enable this function, the following flag must be defined in moptions.h:

__ENABLE_MOCANA_EAP_TLS__

Additionally, at least one of the following flags must be defined in moptions.h:

__ENABLE_MOCANA_EAP_PEER__
__ENABLE_MOCANA_EAP_AUTH__

eap_tls.h

Parameters

tls_connection	EAP-TLS session handle returned from EAP_TLSCreateSession.
key	On return, pointer to the newly generated key.
keyLen	Length (number of bytes) of key to generate.

Returns: OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.

See also: EAP_TLSstartRequest; EAP_TLSPeerStart; EAP_TLSRecvData

eap_tls.h

◆ EAP_TLSgetMTU()

MOC_EXTERN MSTATUS EAP_TLSgetMTU	(	ubyte *	tls_connection,
		ubyte *	setMTU
	)

This function retrieves the MTU (maximum transmission unit) value of an EAP-TLS session.

Since: 2.45

Version: 2.45 and later

To enable this function, the following flag must be defined in moptions.h:

__ENABLE_MOCANA_EAP_TLS__

Additionally, at least one of the following flags must be defined in moptions.h:

__ENABLE_MOCANA_EAP_PEER__
__ENABLE_MOCANA_EAP_AUTH__

eap_tls.h

Parameters

tls_connection	EAP-TLS session handle returned from EAP_TLSCreateSession.
setMTU	Pointer to allocated `ubyte` that on return contains the MTU.

Returns: OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.

eap_tls.h

◆ EAP_TLSGetNegotiatedVersion()

MOC_EXTERN MSTATUS EAP_TLSGetNegotiatedVersion	(	ubyte *	tls_connection,
		ubyte *	version
	)

This function returns the negotiated version to be used for second stage.

Since: 2.45

Version: 2.45 and later

To enable this function, the following flag must be defined in moptions.h:

__ENABLE_MOCANA_EAP_TLS__

Additionally, at least one of the following flags must be defined in moptions.h:

__ENABLE_MOCANA_EAP_PEER__
__ENABLE_MOCANA_EAP_AUTH__

eap_tls.h

Note: This function is applicable to EAP peers and authenticators.

Parameters

tls_connection	EAP-TLS session handle returned from EAP_TLSCreateSession.
version	Pointer to allocated `ubyte` that on return contains the negotiated version.

Returns: OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.

eap_tls.h

◆ EAP_TLSgetSessionStatus()

MOC_EXTERN MSTATUS EAP_TLSgetSessionStatus	(	ubyte *	appSessionHdl,
		ubyte *	tls_connection,
		ubyte4 *	sessionStatus
	)

This function retrieves TLS session's session status (SSL_CONNECTION_OPEN or SSL_CONNECTION_NEGOTIATE). This is usually used after a call to EAP_TLSProcessMsg to verify the TLS channel status.

Since: 1.41

Version: 1.41 and later

To enable this function, the following flag must be defined in moptions.h:

__ENABLE_MOCANA_EAP_TLS__

Additionally, at least one of the following flags must be defined in moptions.h:

__ENABLE_MOCANA_EAP_PEER__
__ENABLE_MOCANA_EAP_AUTH__

eap_tls.h

Parameters

appSessionHdl	Cookie given by the application to identify the session.
tls_connection	EAP-TLS session handle returned from EAP_TLSCreateSession.
sessionStatus	On return, pointer to the session's status.

Returns: OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.

See also: EAP_TLSstartRequest; EAP_TLSProcessMsg; EAP_TLSgetClientSessionInfo; EAP_TLSgetSSLInstance

eap_tls.h

◆ EAP_TLSgetSSLInstance()

MOC_EXTERN MSTATUS EAP_TLSgetSSLInstance	(	ubyte *	appSessionHdl,
		ubyte *	tls_connection,
		sbyte4 *	connectionInstance
	)

This function retrieves an EAP-TLS connection's SSL connection instance.

Since: 1.41

Version: 1.41 and later

To enable this function, the following flag must be defined in moptions.h:

__ENABLE_MOCANA_EAP_TLS__

Additionally, at least one of the following flags must be defined in moptions.h:

__ENABLE_MOCANA_EAP_PEER__
__ENABLE_MOCANA_EAP_AUTH__

eap_tls.h

Parameters

appSessionHdl	Cookie given by the application to identify the session.
tls_connection	EAP-TLS session handle returned from EAP_TLSCreateSession.
connectionInstance	On return, pointer to the SSL connection instance.

Returns: OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.

See also: EAP_TLSstartRequest; EAP_TLSProcessMsg; EAP_TLSgetSessionStatus; EAP_TLSgetClientSessionInfo

eap_tls.h

◆ EAP_TLSPeerGetAuthVersion()

MOC_EXTERN MSTATUS EAP_TLSPeerGetAuthVersion	(	ubyte *	appSessionHdl,
		ubyte *	authVersion,
		ubyte *	pkt,
		ubyte	pktLen
	)

This function extracts the authentication version from an EAP-TLS packet.

Since: 1.41

Version: 1.41 and later

To enable this function, the following flag must be defined in moptions.h:

__ENABLE_MOCANA_EAP_TLS__

Additionally, at least one of the following flags must be defined in moptions.h:

__ENABLE_MOCANA_EAP_PEER__
__ENABLE_MOCANA_EAP_AUTH__

eap_tls.h

Parameters

appSessionHdl	Cookie given by the application to identify the session.
authVersion	On return, authenticator method version.
pkt	EAP-TLS packet containing the authentication version.
pktLen	Number of bytes in the EAP-TLS packet (`pkt`).

Returns: OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.

eap_tls.h

◆ EAP_TLSPeerStart()

MOC_EXTERN MSTATUS EAP_TLSPeerStart	(	ubyte *	appSessionHdl,
		ubyte *	tls_connection,
		ubyte	methodType,
		ubyte *	pkt,
		ubyte4	pktLen,
		ubyte **	eapRespData,
		ubyte4 *	eapRespLen
	)

This function builds a client Hello response, returns the message through the eapRespData parameter, and adds the message to the asynchronous send buffer.

This function is used by the peer after it receives an EAP-TLS Start message from the authenticator. Version negotiation is performed using the specified authenticator and peer versions. This function can be called by any method that runs over TLS, such as TTLS, PEAP, and FAST.

Since: 1.41

Version: 1.41 and later

To enable this function, the following flags must be defined in moptions.h:

__ENABLE_MOCANA_EAP_TLS__
__ENABLE_MOCANA_EAP_PEER__

eap_tls.h

Parameters

appSessionHdl	Cookie given by the application to identify the session.
tls_connection	EAP-TLS session handle returned from EAP_TLSCreateSession.
methodType	Any of the `eapMethodType` enumerated values (see eap_proto.h).
pkt	`Start` message packet.
pktLen	Number of bytes in the `Start` message packet (`pkt`).
eapRespData	On return, pointer to generated `Hello` response.
eapRespLen	On return, pointer to length of generated `Hello` response (`eapRespData`).

Returns: OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.

Note

For EAP-FAST authentication, the authenticator ID can be extracted by calling EAP_FASTgetAuthId.

Although any eapMethodType enumerated value can be specified for the methodType parameter, only the following values are specifically addressed by this function:

EAP_TYPE_TLS
EAP_TYPE_TTLS
EAP_TYPE_PEAP
EAP_TYPE_FAST

eap_tls.h

◆ EAP_TLSProcessMsg()

MOC_EXTERN MSTATUS EAP_TLSProcessMsg	(	ubyte *	appSessionHdl,
		ubyte *	tls_connection,
		ubyte *	data,
		ubyte4	len,
		ubyte **	eapRespData,
		ubyte4 *	eapRespLen
	)

This function processes an EAP-TLS message received by an authenticator or peer, performing any necessary fragmentation and reassembly of records, as well as wrapping the TLS response as an EAP payload.

If the ERR_EAP_TLS_DATA_ARRIVED error code is returned, the decrypted data is returned through the eapRespData parameter, thereby managing cases where two SSL frames are grouped within a single TLS packet. A typical example is the Handshake Record for PEAP and FAST, where the Identity Request is frequently piggybacked to the TLS Finished message.

If OK is returned, the data is decrypted for local processing; otherwise the eapRespData parameter contains the decrypted data to be transmitted to the peer or authenticator (according to whether this function was called by the authenticator or peer, respectively).

Since: 1.41

Version: 1.41 and later

To enable this function, the following flag must be defined in moptions.h:

__ENABLE_MOCANA_EAP_TLS__

Additionally, at least one of the following flags must be defined in moptions.h:

__ENABLE_MOCANA_EAP_PEER__
__ENABLE_MOCANA_EAP_AUTH__

eap_tls.h

Parameters

appSessionHdl	Cookie given by the application to identify the session.
tls_connection	EAP-TLS session handle returned from EAP_TLSCreateSession.
data	EAP-TLS message payload.
len	Number of bytes in EAP-TLS message payload (`data`).
eapRespData	On return, pointer to decrypted data (regardless of the functin's return stauts).
eapRespLen	On return, pointer to length of decrypted data (`eapRespData`).

Returns: OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.

See also: EAP_TLSstartRequest; EAP_TLSPeerStart; EAP_TLSSendData; EAP_TLSRecvData

eap_tls.h

◆ EAP_TLSRecvData()

MOC_EXTERN MSTATUS EAP_TLSRecvData	(	ubyte *	appSessionHdl,
		ubyte *	tls_connection,
		ubyte *	data,
		ubyte4	len,
		ubyte **	eapRespData,
		ubyte4 *	eapRespLen,
		ubyte **	eapRemData,
		ubyte4 *	eapRemLen
	)

This function decrypts application data from an EAP payload. If the EAP payload contains multiple packets, this function decrypts the initial packet and returns the next packet through the eapRemData parameter, which must be used as input (via the data parameter) to a repeated call to this function. This function must be repeatedly called until eapRemData is NULL.

Since: 1.41

Version: 1.41 and later

To enable this function, the following flag must be defined in moptions.h:

__ENABLE_MOCANA_EAP_TLS__

Additionally, at least one of the following flags must be defined in moptions.h:

__ENABLE_MOCANA_EAP_PEER__
__ENABLE_MOCANA_EAP_AUTH__

Note: A repeated call to this function overwrites the decrypted data. Therefore your application should immediately process the data or explicitly save it for later processing.

eap_tls.h

Parameters

appSessionHdl	Cookie given by the application to identify the session.
tls_connection	EAP-TLS session handle returned from EAP_TLSCreateSession.
data	EAP-TLS message payload.
len	Number of bytes in EAP-TLS message payload (`data`).
eapRespData	On return, pointer to decrypted data.
eapRespLen	On return, pointer to length of decrypted data (`eapRespData`).
eapRemData	On return, pointer to remaining EAP payload (unprocessed data).
eapRemLen	On return, pointer to number of bytes in remaining EAP payload (`eapRemData`).

Returns: OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.

See also: EAP_TLSstartRequest; EAP_TLSPeerStart; EAP_TLSSendData; EAP_TLSgetKey

eap_tls.h

◆ EAP_TLSSendData()

MOC_EXTERN MSTATUS EAP_TLSSendData	(	ubyte *	appSessionHdl,
		ubyte *	tls_connection,
		ubyte *	data,
		ubyte4	len,
		ubyte **	eapRespData,
		ubyte4 *	eapRespLen
	)

This function encrypts EAP payload (clear text) data for sending in either direction. You can use this function to }harvest} or process packets that have already been added to the send buffer.

Since: 1.41

Version: 1.41 and later

To enable this function, the following flag must be defined in moptions.h:

__ENABLE_MOCANA_EAP_TLS__

Additionally, at least one of the following flags must be defined in moptions.h:

__ENABLE_MOCANA_EAP_PEER__
__ENABLE_MOCANA_EAP_AUTH__

Note: A repeated call to this function overwrites the decrypted data. Therefore your application should immediately process the data or explicitly save it for later processing.

eap_tls.h

Parameters

appSessionHdl	Cookie given by the application to identify the session.
tls_connection	EAP-TLS session handle returned from EAP_TLSCreateSession.
data	EAP payload (clear text data) to encrypt.
len	Number of bytes in EAP payload (`data`).
eapRespData	On return, pointer to encrypted data.
eapRespLen	On return, pointer to number of types in encrypted data (`eapRespData`).

Returns: OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.

See also: EAP_TLSstartRequest; EAP_TLSPeerStart; EAP_TLSRecvData; EAP_TLSgetKey

eap_tls.h

◆ EAP_TLSSetAuthId()

MOC_EXTERN MSTATUS EAP_TLSSetAuthId	(	ubyte *	appSessionHdl,
		ubyte *	tls_connection,
		ubyte *	authId,
		ubyte2	authIdLen
	)

This function sets an EAP-FAST authenticator's ID (which is sent to a peer in an EAP-TLS Start message) to the specified value.

Since: 1.41

Version: 1.41 and later

To enable this function, the following flag must be defined in moptions.h:

__ENABLE_MOCANA_EAP_TLS__

Additionally, at least one of the following flags must be defined in moptions.h:

__ENABLE_MOCANA_EAP_PEER__
__ENABLE_MOCANA_EAP_AUTH__

Note: A repeated call to this function overwrites the decrypted data. Therefore your application should immediately process the data or explicitly save it for later processing.

eap_tls.h

Parameters

appSessionHdl	Cookie given by the application to identify the session.
tls_connection	EAP-TLS session handle returned from EAP_TLSCreateSession.
authId	Value to assign to the authenticator ID.
authIdLen	Number of bytes in authenticator ID value (`authId`).

Returns: OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.

See also: EAP_TLSstartRequest; EAP_TLSPeerStart; EAP_TLSRecvData; EAP_TLSgetKey

eap_tls.h

◆ EAP_TLSsetParams()

MOC_EXTERN MSTATUS EAP_TLSsetParams	(	ubyte *	appSessionHdl,
		ubyte *	tls_connection,
		ubyte	methodType,
		eap_tls_param	paramType,
		ubyte *	param,
		ubyte4	paramLen
	)

This function sets the specified parameter's value for the specified method; for example, setting the pacKey value for EAP-FAST.

The two method-parameter combinations handled by this function are:

EAP_TYPE_FAST-EAP_TLS_PARAM_PAC_KEY (Requires that the __ENABLE_MOCANA_EAP_FAST__ flag be defined)
EAP_TYPE_TTLS-EAP_TLS_PARAM_INNER_APP (Requires that the __ENABLE_MOCANA_INNER_APP__ flag be defined)

Since: 1.41

Version: 1.41 and later

To enable this function, the following flags must be defined in moptions.h:

__ENABLE_MOCANA_EAP_TLS__
__ENABLE_MOCANA_SSL_CLIENT__

Additionally, at least one of the following flags must be defined in moptions.h:

__ENABLE_MOCANA_EAP_PEER__
__ENABLE_MOCANA_EAP_AUTH__

Note: A repeated call to this function overwrites the decrypted data. Therefore your application should immediately process the data or explicitly save it for later processing.

eap_tls.h

Parameters

appSessionHdl	Cookie given by the application to identify the session.
tls_connection	EAP-TLS session handle returned from EAP_TLSCreateSession.
methodType	`eapMethodType` enumerated value (see eap_proto.h)
paramType	`eap_tls_param` enumerated value (see eap_tls.h). There are four parameter settings you can use. Two of them are desribed here: `EAP_TLS_PARAM_MAX_MTU` : This is used to set the max MTU. The group of EAP-TLS messages sent in a single round may thus be larger than the MTU size or the maximum Remote Authentication Dail-In User Service (RADIUS) packet size of 4096 octets. As a result, an EAP-TLS implementation must provide its own support for fragmentation and reassembly. NanoEAP takes this value from use by providing API EAP_TLSsetParams, and uses for fragmentation and reassembly. `EAP_TLS_SSL_CERT_STORE_PTR:` This parameter is used to pass instance of certificate store to the EAP-TLS stack, so that it can find the client certificates and its private keys during mutual authentication.
param	Pointer to value to assign to specified `methodType` parameter.
paramLen	Number of bytes in value to assign (`param`).

Returns: OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.

See also: EAP_TLSstartRequest; EAP_TLSPeerStart; EAP_TLSRecvData; EAP_TLSgetKey

eap_tls.h

◆ EAP_TLSstartRequest()

MOC_EXTERN MSTATUS EAP_TLSstartRequest	(	ubyte *	appSessionHdl,
		ubyte *	tls_connection,
		certDescriptor *	sslCert,
		ubyte	methodType,
		ubyte **	eapReqData,
		ubyte4 *	eapReqLen
	)

This function sends an EAP-TLS Start message, which is used by the authenticator to start an EAP conversation using TLS, TTLS, PEAP, or FAST methods. For EAP-FAST conversations, the authenticator can include its ID to send to the peer.

Since: 1.41

Version: 1.41 and later

To enable this function, the following flag must be defined in moptions.h:

__ENABLE_MOCANA_EAP_TLS__

Additionally, at least one of the following flags must be defined in moptions.h:

__ENABLE_MOCANA_EAP_PEER__
__ENABLE_MOCANA_EAP_AUTH__

eap_tls.h

Parameters

appSessionHdl	Cookie given by the application to identify the session.
tls_connection	EAP-TLS session handle returned from EAP_TLSCreateSession.
sslCert	SSL certificate for this server.
methodType	Any of the `eapMethodType` enumerated values (see eap_proto.h).
eapReqData	On return, pointer to returned data (the TLS encrypted payload).
eapReqLen	On return, pointer to length of returned data (`eapReqData`).

Returns: OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.

eap_tls.h

Functions

Detailed Description

Function Documentation

◆ EAP_TLScloseConnection()

◆ EAP_TLSCreateSession()

◆ EAP_TLSformAlert()

◆ EAP_TLSgetClientSessionInfo()

◆ EAP_TLSgetKey()

◆ EAP_TLSgetMTU()

◆ EAP_TLSGetNegotiatedVersion()

◆ EAP_TLSgetSessionStatus()

◆ EAP_TLSgetSSLInstance()

◆ EAP_TLSPeerGetAuthVersion()

◆ EAP_TLSPeerStart()

◆ EAP_TLSProcessMsg()

◆ EAP_TLSRecvData()

◆ EAP_TLSSendData()

◆ EAP_TLSSetAuthId()

◆ EAP_TLSsetParams()

◆ EAP_TLSstartRequest()