3.1.7.1 Interface with TLS
The PEAP layer interfaces with the TLS layer on both the client and server using the following abstract methods. If either of the abstract methods described below returns a failure error code, the connection is terminated, and the error is indicated to the transport layer.
EncryptMessage: The PEAP layer uses this method on both the client and server to encrypt the messages exchanged during phase 2 of PEAP. This method takes the following parameters: the CtxtHandle, the input buffer containing the message to be encrypted, the input buffer length, the output buffer that contains the encrypted message when the method returns, the output buffer length, and an error code.
DecryptMessage: The PEAP layer uses this method on both the client and server to decrypt the messages exchanged during phase 2 of PEAP. This method takes the following parameters: the CtxtHandle, the input buffer containing the encrypted message, the input buffer length, the output buffer that contains the decrypted message when the method returns, the output buffer length, and an error code.
Phase 1 of PEAP is a slightly modified implementation of EAP-TLS, as defined in section 3.1.5.4. During this phase, PEAP interfaces with TLS through EAP-TLS as specified in [RFC5216].