|
1 /* |
|
2 * Copyright (c) 2001-2006 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of the License "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: EAP and WLAN authentication protocols. |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 |
|
20 |
|
21 #if !defined(_AKA_TYPES_H_) |
|
22 #define _AKA_TYPES_H_ |
|
23 |
|
24 #include "eap_type_aka_header.h" |
|
25 #include "eap_type_all_types.h" |
|
26 #include "eap_configuration_field.h" |
|
27 |
|
28 /** @file eap_type_aka_types.h |
|
29 * @brief This file defines the constants of the AKA EAP type. |
|
30 */ |
|
31 |
|
32 /** |
|
33 * This is the internal state of the AKA EAP type. |
|
34 */ |
|
35 enum eap_type_aka_state_variable_e |
|
36 { |
|
37 eap_type_aka_state_none , ///< State state_none |
|
38 |
|
39 eap_type_aka_state_waiting_for_identity_request , ///< Client state waiting_for_identity_request |
|
40 eap_type_aka_state_pending_identity_query , ///< Client state pending_identity_query |
|
41 eap_type_aka_state_waiting_for_aka_identity_request , ///< Client state imsi_waiting_for_aka_identity_request |
|
42 eap_type_aka_state_imsi_waiting_for_aka_identity_request , ///< Client state imsi_waiting_for_aka_identity_request |
|
43 eap_type_aka_state_pseydonym_waiting_for_aka_identity_request , ///< Client state pseydonym_waiting_for_aka_identity_request |
|
44 eap_type_aka_state_analyse_aka_identity_request , ///< Client state analyse_aka_identity_request |
|
45 eap_type_aka_state_waiting_for_challenge_request , ///< Client state waiting_for_challenge_request |
|
46 eap_type_aka_state_analyses_challenge_request , ///< Client state analyses_challenge_request |
|
47 eap_type_aka_state_pending_kc_sres_query , ///< Client state pending_kc_sres_query |
|
48 eap_type_aka_state_waiting_for_notification_request_success , ///< Client state waiting_for_notification_request_success |
|
49 eap_type_aka_state_waiting_for_success , ///< Client state waiting_for_success |
|
50 eap_type_aka_state_waiting_for_reauth_request , ///< Client state waiting_for_reauth_request |
|
51 eap_type_aka_state_analyses_reauthentication_request , ///< Client state analyses_reauthentication_request |
|
52 |
|
53 eap_type_aka_state_pending_pseudonym_decode_query , ///< Server state pending_pseudonym_decode_query |
|
54 eap_type_aka_state_waiting_for_identity_response , ///< Server state waiting_for_identity_response |
|
55 eap_type_aka_state_waiting_for_aka_identity_response_with_at_permanent_identity , ///< Server state waiting_for_aka_identity_response_with_at_permanen_identity |
|
56 eap_type_aka_state_waiting_for_aka_identity_response_with_at_full_auth_identity , ///< Server state waiting_for_aka_identity_response_with_at_identity |
|
57 eap_type_aka_state_waiting_for_aka_identity_response_with_at_any_identity , ///< Server state waiting_for_aka_identity_response_with_at_identity |
|
58 eap_type_aka_state_waiting_for_aka_identity_response , ///< Server state waiting_for_aka_identity_response |
|
59 eap_type_aka_state_pending_re_syncronization_query , ///< Server state pending_re_syncronization_query |
|
60 eap_type_aka_state_waiting_for_challenge_response , ///< Server state waiting_for_challenge_response |
|
61 eap_type_aka_state_pending_authentication_vector_query , ///< Server state pending_authentication_vector_query |
|
62 eap_type_aka_state_analyses_challenge_response , ///< Server state analyses_challenge_response |
|
63 eap_type_aka_state_analyses_aka_identity_response , ///< Server state analyses_aka_identity_response |
|
64 eap_type_aka_state_waiting_for_notification_response_failure , ///< Server state waiting_for_notification_response, authentication failed |
|
65 eap_type_aka_state_waiting_for_notification_response_success , ///< Server state waiting_for_notification_response, authentication success |
|
66 eap_type_aka_state_waiting_for_reauth_response , ///< Server state waiting_for_reauth_response |
|
67 eap_type_aka_state_analyses_reauthentication_response , ///< Server state analyses_reauthentication_response |
|
68 |
|
69 eap_type_aka_state_success , ///< State state_success |
|
70 eap_type_aka_state_failure , ///< State state_failure |
|
71 |
|
72 eap_type_aka_state_last_value ///< Keep this enum the last one. |
|
73 }; |
|
74 |
|
75 |
|
76 /** |
|
77 * This is the required completion after a asyncronous call. |
|
78 */ |
|
79 enum eap_type_aka_complete_e |
|
80 { |
|
81 eap_type_aka_complete_none, ///< No completion required |
|
82 eap_type_aka_complete_aka_identity_request, ///< AKA start request must be completed |
|
83 eap_type_aka_complete_query_eap_identity, ///< AKA EAP-identity query must be completed |
|
84 eap_type_aka_complete_handle_imsi_from_username, |
|
85 eap_type_aka_complete_handle_aka_identity_response_message_completion, |
|
86 }; |
|
87 |
|
88 |
|
89 /** |
|
90 * This is the status of the authentication_vector. |
|
91 */ |
|
92 enum eap_aka_authentication_vector_status_e |
|
93 { |
|
94 eap_aka_authentication_vector_status_ok = 0, |
|
95 eap_aka_authentication_vector_status_no_roaming_agreement = 1024, ///< No roaming agreement. |
|
96 eap_aka_authentication_vector_status_users_calls_are_barred = 1026, ///< User's calls are barred. |
|
97 eap_aka_authentication_vector_status_user_has_not_subscribed_to_the_requested_service = 1031, ///< User has not subrcibed to the requested service. |
|
98 }; |
|
99 |
|
100 |
|
101 enum eap_aka_notification_codes_e |
|
102 { |
|
103 eap_aka_notification_no_F_no_P_general_failure = 0, ///< General failure. (implies failure, used after successful authentication) |
|
104 eap_aka_notification_no_F_P_set_general_failure = 16384, ///< General failure. (implies failure, used before authentication) |
|
105 eap_aka_notification_F_set_no_P_user_authenticated = 32768, ///< User has been successfully authenticated. (does not imply failure, used after successful authentication). The usage of this code is discussed in Section 4.4.2. |
|
106 eap_aka_notification_no_F_no_P_users_calls_are_barred = 1026, ///< User has been temporarily denied access to the requested service. (Implies failure, used after successful authentication) |
|
107 eap_aka_notification_no_F_no_P_user_has_not_subscribed_to_the_requested_service = 1031, ///< User has not subscribed to the requested service (implies failure, used after successful authentication) |
|
108 eap_aka_notification_none = 0xffff, ///< No code. |
|
109 }; |
|
110 |
|
111 |
|
112 enum aka_notification_code_bits_e |
|
113 { |
|
114 aka_notification_code_bit_f = 0x8000, |
|
115 aka_notification_code_bit_p = 0x4000, |
|
116 aka_notification_code_value = 0x3FFF, |
|
117 }; |
|
118 |
|
119 |
|
120 /** See eap_aka_authentication_vector_status_e. */ |
|
121 const u8_t EAP_AKA_NOTIFICATION_NO_ROAMING_AGREEMENT[] |
|
122 = "1024 Visited network does not have a roaming agreement with user's home operator"; |
|
123 /** See eap_aka_authentication_vector_status_e. */ |
|
124 const u8_t EAP_AKA_NOTIFICATION_USERS_CALLS_ARE_BARRED[] |
|
125 = "1026 User's calls are barred"; |
|
126 /** See eap_aka_authentication_vector_status_e. */ |
|
127 const u8_t EAP_AKA_NOTIFICATION_USER_HAS_NOT_SUBSCRIBED_TO_THE_REQUESTED_SERVICE[] |
|
128 = "1031 User has not subscribed to the requested service"; |
|
129 |
|
130 /** |
|
131 * This is the type of the AKA identity. |
|
132 */ |
|
133 enum eap_type_aka_identity_type |
|
134 { |
|
135 AKA_IDENTITY_TYPE_NONE, |
|
136 AKA_IDENTITY_TYPE_IMSI_ID, |
|
137 AKA_IDENTITY_TYPE_PSEUDONYM_ID, |
|
138 AKA_IDENTITY_TYPE_RE_AUTH_ID, |
|
139 }; |
|
140 |
|
141 enum eap_aka_authentication_type_e |
|
142 { |
|
143 AKA_AUTHENTICATION_TYPE_NONE, |
|
144 AKA_AUTHENTICATION_TYPE_FULL_AUTH, |
|
145 AKA_AUTHENTICATION_TYPE_REAUTHENTICATION, |
|
146 }; |
|
147 |
|
148 const u8_t AKA_IMSI_PREFIX_CHARACTER[] = "0"; |
|
149 |
|
150 const u32_t TRACE_FLAGS_AKA_ERROR = eap_am_tools_c::eap_trace_mask_error; |
|
151 |
|
152 const u8_t AKA_AT_CHARACTER[] = "@"; |
|
153 |
|
154 const u8_t AKA_OWLAN_ORG_PREFIX_STRING[] = "wlan"; |
|
155 const u32_t AKA_OWLAN_ORG_PREFIX_STRING_LENGTH = sizeof(AKA_OWLAN_ORG_PREFIX_STRING)-1ul; |
|
156 |
|
157 const u8_t AKA_UMA_PREFIX_STRING[] = "uma"; |
|
158 const u32_t AKA_UMA_PREFIX_STRING_LENGTH = sizeof(AKA_UMA_PREFIX_STRING)-1ul; |
|
159 |
|
160 const u8_t AKA_OWLAN_MNC_STRING[] = "mnc"; |
|
161 const u32_t AKA_OWLAN_MNC_STRING_LENGTH = sizeof(AKA_OWLAN_MNC_STRING)-1ul; |
|
162 |
|
163 const u8_t AKA_OWLAN_DOT_STRING[] = "."; |
|
164 const u32_t AKA_OWLAN_DOT_STRING_LENGTH = sizeof(AKA_OWLAN_DOT_STRING)-1ul; |
|
165 |
|
166 const u8_t AKA_OWLAN_MCC_STRING[] = "mcc"; |
|
167 const u32_t AKA_OWLAN_MCC_STRING_LENGTH = sizeof(AKA_OWLAN_MCC_STRING)-1ul; |
|
168 |
|
169 const u8_t AKA_OWLAN_ORG_STRING[] = "3gppnetwork.org"; |
|
170 const u32_t AKA_OWLAN_ORG_STRING_LENGTH = sizeof(AKA_OWLAN_ORG_STRING)-1ul; |
|
171 |
|
172 |
|
173 enum eap_type_aka_constants_e |
|
174 { |
|
175 EAP_TYPE_AKA_NONCE_MT_SIZE = 16ul, ///< bytes = 128 bits |
|
176 EAP_TYPE_AKA_MAC_SIZE = 16ul, ///< bytes = 128 bits |
|
177 EAP_TYPE_AKA_KEYMAT_SIZE = 20ul, ///< bytes = 160 bits |
|
178 EAP_TYPE_AKA_MASTER_SESSION_KEY_SIZE = 4u*32ul, ///< bytes |
|
179 EAP_TYPE_AKA_MAX_NAI_LENGTH = 255ul, ///< bytes |
|
180 EAP_TYPE_AKA_MAX_USER_NAI_LENGTH = 255ul, ///< bytes |
|
181 EAP_TYPE_AKA_DEFAULT_MINIMUM_RAND_COUNT = 2ul, ///< count |
|
182 EAP_TYPE_AKA_LOCAL_PACKET_BUFFER_LENGTH = 512ul, ///< This is the size of the local send buffer. |
|
183 EAP_TYPE_AKA_PADDING_MODULUS = 4ul, ///< Padding length is always mudulus of 4. |
|
184 EAP_TYPE_AKA_PADDING_MAX_VALUE = 12ul, ///< Maximum padding length is 12 bytes. |
|
185 EAP_TYPE_AKA_MINIMUM_RAND_LENGTH = 16ul, |
|
186 EAP_TYPE_AKA_MINIMUM_AUTN_LENGTH = 16ul, |
|
187 EAP_TYPE_AKA_AUTS_LENGTH = 14ul, |
|
188 EAP_TYPE_AKA_CK_LENGTH = 16ul, |
|
189 EAP_TYPE_AKA_IK_LENGTH = 16ul, |
|
190 EAP_TYPE_AKA_MINIMUM_RES_LENGTH = 4ul, |
|
191 EAP_TYPE_AKA_MAXIMUM_CHECKCODE_LENGTH = 20ul, |
|
192 EAP_TYPE_AKA_INITIAL_REAUTH_COUNTER = 1ul, |
|
193 EAP_TYPE_AKA_DEFAULT_MNC_LENGTH_3_BYTES = 3ul, |
|
194 EAP_TYPE_AKA_MNC_LENGTH_2_BYTES = 2ul, |
|
195 EAP_TYPE_AKA_MNC_OFFSET = 3ul, |
|
196 EAP_TYPE_AKA_MCC_LENGTH = 3ul, |
|
197 EAP_TYPE_AKA_MCC_OFFSET = 0ul, |
|
198 EAP_TYPE_AKA_MINIMUM_IMSI_LENGTH = EAP_TYPE_AKA_MCC_LENGTH+EAP_TYPE_AKA_MNC_LENGTH_2_BYTES+1, |
|
199 }; |
|
200 |
|
201 enum eap_type_aka_timer_id_e |
|
202 { |
|
203 EAP_TYPE_AKA_TIMER_DELAY_FAILURE_MESSAGE_SENT_ID, |
|
204 EAP_TYPE_AKA_TIMER_DELAY_NOTIFICATION_MESSAGE_ID, |
|
205 }; |
|
206 |
|
207 enum eap_type_aka_timer_timeout_value_e |
|
208 { |
|
209 EAP_TYPE_AKA_TIMER_TIMEOUT_VALUE_DELAY_FAILURE_MESSAGE_SENT = 0ul, ///< This is the default value. Zero means error message is handled immediately. |
|
210 }; |
|
211 |
|
212 enum eap_type_aka_stored_e |
|
213 { |
|
214 eap_type_aka_stored_none, |
|
215 eap_type_aka_stored_reauth_xkey, |
|
216 eap_type_aka_stored_reauth_k_aut, |
|
217 eap_type_aka_stored_reauth_k_encr, |
|
218 eap_type_aka_stored_pseudonym_identity, |
|
219 eap_type_aka_stored_reauth_identity, |
|
220 eap_type_aka_stored_pseudonym_key, |
|
221 eap_type_aka_stored_pseudonym_mac_key, |
|
222 eap_type_aka_stored_prev_pseudonym_key, |
|
223 eap_type_aka_stored_prev_pseudonym_mac_key, |
|
224 eap_type_aka_stored_pseudonym_key_index, |
|
225 eap_type_aka_stored_pseudonym_key_use_count, |
|
226 eap_type_aka_stored_pseudonym_use_count, |
|
227 eap_type_aka_stored_reauth_use_count, |
|
228 eap_type_aka_stored_saved_reauth_counter, |
|
229 eap_type_aka_stored_sqn, |
|
230 }; |
|
231 |
|
232 |
|
233 /** |
|
234 * @defgroup AKA_config_options Configuration options of AKA. |
|
235 * The following configuration options are read through abs_eap_base_type_c::read_configure() function. |
|
236 * @{ |
|
237 */ |
|
238 |
|
239 /** |
|
240 * This u32_t configuration option is timeout in milli seconds before erroneous message is processed. |
|
241 * This is useful in protocol testing or if some delay is needed in final application. |
|
242 * Default value is 0. |
|
243 */ |
|
244 EAP_CONFIGURATION_FIELD( |
|
245 cf_str_EAP_AKA_failure_message_delay_time, |
|
246 "EAP_AKA_failure_message_delay_time", |
|
247 eap_configure_type_u32_t, |
|
248 false); |
|
249 |
|
250 /** |
|
251 * This boolean configuration option specifies whether the username should |
|
252 * be generated automatically. |
|
253 * Default value is 0. That will cause use of automatic username. If this is 1 |
|
254 * then cf_str_EAP_AKA_manual_username is used as the username. |
|
255 */ |
|
256 EAP_CONFIGURATION_FIELD( |
|
257 cf_str_EAP_AKA_use_manual_username, |
|
258 "EAP_AKA_use_manual_username", |
|
259 eap_configure_type_boolean, |
|
260 false); |
|
261 |
|
262 /** |
|
263 * This string configuration option is the username part of EAP-type AKA identity. |
|
264 * Default value is empty string. That will cause use of automatic username. |
|
265 */ |
|
266 EAP_CONFIGURATION_FIELD( |
|
267 cf_str_EAP_AKA_manual_username, |
|
268 "EAP_AKA_manual_username", |
|
269 eap_configure_type_string, |
|
270 false); |
|
271 |
|
272 /** |
|
273 * This boolean configuration option specifies whether the realm should |
|
274 * be generated automatically. |
|
275 * Default value is 0. That will cause use of automatic realm. If this is 1 |
|
276 * then cf_str_EAP_AKA_manual_realm is used as the realm. |
|
277 */ |
|
278 EAP_CONFIGURATION_FIELD( |
|
279 cf_str_EAP_AKA_use_manual_realm, |
|
280 "EAP_AKA_use_manual_realm", |
|
281 eap_configure_type_boolean, |
|
282 false); |
|
283 |
|
284 /** |
|
285 * This string configuration option is the realm part of EAP-type AKA identity. |
|
286 * Default value is empty string. That will cause use of automatic realm. |
|
287 */ |
|
288 EAP_CONFIGURATION_FIELD( |
|
289 cf_str_EAP_AKA_manual_realm, |
|
290 "EAP_AKA_manual_realm", |
|
291 eap_configure_type_string, |
|
292 false); |
|
293 |
|
294 /** |
|
295 * This is boolean configuration option. |
|
296 * True value means on successfull authentication EAP-type AKA waits the EAP-Success message. |
|
297 * False value means on successfull authentication EAP-type AKA does NOT wait the EAP-Success message. |
|
298 * NOTE: True value is needed in Windows RAS. |
|
299 * Default value is true. |
|
300 */ |
|
301 EAP_CONFIGURATION_FIELD( |
|
302 cf_str_EAP_AKA_wait_eap_success_packet, |
|
303 "EAP_AKA_wait_eap_success_packet", |
|
304 eap_configure_type_boolean, |
|
305 false); |
|
306 |
|
307 /** |
|
308 * This is boolean configuration option. |
|
309 * True value means on EAP-type AKA must check identifier of EAP-Response/Identity message. |
|
310 * False value means on EAP-type AKA does not check identifier of EAP-Response/Identity message. |
|
311 * This is not possible in cases where identifier of the EAP-Request/Identity is generated by other network entities. |
|
312 * Default value is false. |
|
313 */ |
|
314 EAP_CONFIGURATION_FIELD( |
|
315 cf_str_EAP_AKA_check_identifier_of_eap_identity_response, |
|
316 "EAP_AKA_check_identifier_of_eap_identity_response", |
|
317 eap_configure_type_boolean, |
|
318 false); |
|
319 |
|
320 /** |
|
321 * This is boolean configuration option. |
|
322 * This flag activates NAI realm check. Default value is false. |
|
323 * When active NAI realm muts be the same as realm given by EAP_AKA_manual_realm option. |
|
324 * Default value is false. |
|
325 */ |
|
326 EAP_CONFIGURATION_FIELD( |
|
327 cf_str_EAP_AKA_check_nai_realm, |
|
328 "EAP_AKA_check_nai_realm", |
|
329 eap_configure_type_boolean, |
|
330 false); |
|
331 |
|
332 /** |
|
333 * This is for testing. |
|
334 * This string configuration option is the full path name of the nonce_mt file. |
|
335 * Default value is empty string. |
|
336 */ |
|
337 EAP_CONFIGURATION_FIELD( |
|
338 cf_str_EAP_AKA_nonce_mt_file, |
|
339 "EAP_AKA_nonce_mt_file", |
|
340 eap_configure_type_string, |
|
341 false); |
|
342 |
|
343 /** |
|
344 * This is for testing. |
|
345 * This string configuration option is the full path name of the triplet file. |
|
346 * Default value is empty string. |
|
347 */ |
|
348 EAP_CONFIGURATION_FIELD( |
|
349 cf_str_EAP_AKA_authentication_vector_file, |
|
350 "EAP_AKA_authentication_vector_file", |
|
351 eap_configure_type_string, |
|
352 false); |
|
353 |
|
354 /** |
|
355 * This is for testing. |
|
356 * This string configuration option is the full path name of the pseudonym file. |
|
357 * Default value is empty string. |
|
358 */ |
|
359 EAP_CONFIGURATION_FIELD( |
|
360 cf_str_EAP_AKA_pseudonym_file, |
|
361 "EAP_AKA_pseudonym_file", |
|
362 eap_configure_type_string, |
|
363 false); |
|
364 |
|
365 /** |
|
366 * This is for testing. |
|
367 * This string configuration option is the full path name of the reauthentication file. |
|
368 * Default value is empty string. |
|
369 */ |
|
370 EAP_CONFIGURATION_FIELD( |
|
371 cf_str_EAP_AKA_reauthentication_file, |
|
372 "EAP_AKA_reauthentication_file", |
|
373 eap_configure_type_string, |
|
374 false); |
|
375 |
|
376 /** |
|
377 * This is for testing. |
|
378 * This string configuration option is the full path name of the encryption IV file. |
|
379 * Default value is empty string. |
|
380 */ |
|
381 EAP_CONFIGURATION_FIELD( |
|
382 cf_str_EAP_AKA_encryption_iv_file, |
|
383 "EAP_AKA_encryption_iv_file", |
|
384 eap_configure_type_string, |
|
385 false); |
|
386 |
|
387 /** |
|
388 * This is boolean configuration option. |
|
389 * True value means client of EAP-type AKA responds to every re-transmitted EAP-AKA request packets. |
|
390 * False value means client of EAP-type AKA does not respond to any re-transmitted EAP-AKA request packets, |
|
391 * instead the EAP layer does re-transmit the response. |
|
392 * The default value is false. |
|
393 */ |
|
394 EAP_CONFIGURATION_FIELD( |
|
395 cf_str_EAP_AKA_client_responds_retransmitted_packets, |
|
396 "EAP_AKA_client_responds_retransmitted_packets", |
|
397 eap_configure_type_boolean, |
|
398 false); |
|
399 |
|
400 /** |
|
401 * This is boolean configuration option. |
|
402 * This is for testing. |
|
403 * True value means test version of EAP-type AKA is used. |
|
404 * Test version tries to make as many authentications as it is possible. |
|
405 * False value means on real version of EAP-type AKA is used. |
|
406 * Default value is false. |
|
407 */ |
|
408 EAP_CONFIGURATION_FIELD( |
|
409 cf_str_EAP_AKA_test_version, |
|
410 "EAP_AKA_test_version", |
|
411 eap_configure_type_boolean, |
|
412 false); |
|
413 |
|
414 /** |
|
415 * This is boolean configuration option. |
|
416 * This is for testing. |
|
417 * True value means server refuses EAP-identity randomly. |
|
418 * False value means does not refuse EAP-identity randomly. |
|
419 * NOTE EAP_AKA_test_version option must be true also. |
|
420 * Default value is false. |
|
421 */ |
|
422 EAP_CONFIGURATION_FIELD( |
|
423 cf_str_EAP_AKA_randomly_refuse_eap_identity, |
|
424 "EAP_AKA_randomly_refuse_eap_identity", |
|
425 eap_configure_type_boolean, |
|
426 false); |
|
427 |
|
428 /** |
|
429 * This is boolean configuration option. |
|
430 * True value means on test of re-authentication counter of EAP-type AKA will fail always. |
|
431 * NOTE EAP_AKA_test_version option must be true also. |
|
432 * Default value is false. |
|
433 */ |
|
434 EAP_CONFIGURATION_FIELD( |
|
435 cf_str_EAP_AKA_fail_re_authentication_counter_check, |
|
436 "EAP_AKA_fail_re_authentication_counter_check", |
|
437 eap_configure_type_boolean, |
|
438 false); |
|
439 |
|
440 /** |
|
441 * This is boolean configuration option. |
|
442 * True value of this flag allows server accept the EAP-Response/Identity message. |
|
443 * False value does not allow server accept the EAP-Response/Identity message. |
|
444 * Instead server queries identity in EAP-Request/AKA/Start with AT_ANY_ID_REQ attribute. |
|
445 * Default value is true. |
|
446 */ |
|
447 EAP_CONFIGURATION_FIELD( |
|
448 cf_str_EAP_AKA_accept_eap_identity_response, |
|
449 "EAP_AKA_accept_eap_identity_response", |
|
450 eap_configure_type_boolean, |
|
451 false); |
|
452 |
|
453 /** |
|
454 * This is boolean configuration option. |
|
455 * True value of this flag causes client return random |
|
456 * identity on EAP-Response/Identity. |
|
457 * False value causes client return real identity |
|
458 * (IMSI, pseudonym or re-authentication identity) |
|
459 * in EAP-Response/Identity. |
|
460 * Default value is false. |
|
461 */ |
|
462 EAP_CONFIGURATION_FIELD( |
|
463 cf_str_EAP_AKA_use_random_identity_on_eap_identity_response, |
|
464 "EAP_AKA_use_random_identity_on_eap_identity_response", |
|
465 eap_configure_type_boolean, |
|
466 false); |
|
467 |
|
468 /** |
|
469 * This is string configuration option. |
|
470 * This option selects the AKA algorithm used in akaulation. |
|
471 * Possible values are "nokia_test_network_xor" or "tls_prf_with_shared_secret". |
|
472 * The default value is nokia_test_network_xor. |
|
473 */ |
|
474 EAP_CONFIGURATION_FIELD( |
|
475 cf_str_EAP_AKA_simulator_aka_algorithm, |
|
476 "EAP_AKA_simulator_aka_algorithm", |
|
477 eap_configure_type_string, |
|
478 false); |
|
479 |
|
480 EAP_CONFIGURATION_FIELD( |
|
481 cf_str_EAP_AKA_simulator_aka_algorithm_config_value_nokia_test_network_xor, |
|
482 "nokia_test_network_xor", |
|
483 eap_configure_type_string, |
|
484 false); |
|
485 |
|
486 EAP_CONFIGURATION_FIELD( |
|
487 cf_str_EAP_AKA_simulator_aka_algorithm_config_value_tls_prf_with_shared_secret, |
|
488 "tls_prf_with_shared_secret", |
|
489 eap_configure_type_string, |
|
490 false); |
|
491 |
|
492 /** |
|
493 * This is hex data configuration option. |
|
494 * This Ki is used in software-AKA (SW-AKA) implementation of MILENAGE algorithm. |
|
495 */ |
|
496 EAP_CONFIGURATION_FIELD( |
|
497 cf_str_EAP_AKA_simulator_aka_k, |
|
498 "EAP_AKA_simulator_aka_k", |
|
499 eap_configure_type_hex_data, |
|
500 false); |
|
501 |
|
502 /** |
|
503 * This is hex data configuration option. |
|
504 * This OP is used in software-AKA (SW-AKA) implementation of MILENAGE algorithm. |
|
505 */ |
|
506 EAP_CONFIGURATION_FIELD( |
|
507 cf_str_EAP_AKA_simulator_aka_op, |
|
508 "EAP_AKA_simulator_aka_op", |
|
509 eap_configure_type_hex_data, |
|
510 false); |
|
511 |
|
512 /** |
|
513 * This is 16-bit hex data configuration option. |
|
514 * This AMF is used in software-AKA (SW-AKA) implementation of MILENAGE algorithm. |
|
515 */ |
|
516 EAP_CONFIGURATION_FIELD( |
|
517 cf_str_EAP_AKA_simulator_aka_amf, |
|
518 "EAP_AKA_simulator_aka_amf", |
|
519 eap_configure_type_hex_data, |
|
520 false); |
|
521 |
|
522 /** |
|
523 * This is boolean configuration option. |
|
524 * This flag tells whether the random synchronization errors |
|
525 * of MILENAGE algorithm must be done (true) or not (false). |
|
526 * Default value is false. |
|
527 */ |
|
528 EAP_CONFIGURATION_FIELD( |
|
529 cf_str_EAP_AKA_simulator_aka_do_random_synchronization_errors, |
|
530 "EAP_AKA_simulator_aka_do_random_synchronization_errors", |
|
531 eap_configure_type_boolean, |
|
532 false); |
|
533 |
|
534 /** |
|
535 * This is boolean configuration option. |
|
536 * This flag tells whether the pseudonym identity could be used (true) or not (false). |
|
537 * Default value is true. |
|
538 */ |
|
539 EAP_CONFIGURATION_FIELD( |
|
540 cf_str_EAP_AKA_use_pseudonym_identity, |
|
541 "EAP_AKA_use_pseudonym_identity", |
|
542 eap_configure_type_boolean, |
|
543 false); |
|
544 |
|
545 /** |
|
546 * This is boolean configuration option. |
|
547 * This flag tells whether the re-authentication identity could be used (true) or not (false). |
|
548 * Default value is true. |
|
549 */ |
|
550 EAP_CONFIGURATION_FIELD( |
|
551 cf_str_EAP_AKA_use_reauthentication_identity, |
|
552 "EAP_AKA_use_reauthentication_identity", |
|
553 eap_configure_type_boolean, |
|
554 false); |
|
555 |
|
556 /** |
|
557 * This is boolean configuration option. |
|
558 * This is used in simulator testing. |
|
559 * True value means queries to AM are completed asyncronous. |
|
560 * False value means queries to AM are completed syncronous. |
|
561 * Default value is false. |
|
562 */ |
|
563 EAP_CONFIGURATION_FIELD( |
|
564 cf_str_EAP_AKA_do_asyncronous_completions, |
|
565 "EAP_AKA_do_asyncronous_completions", |
|
566 eap_configure_type_boolean, |
|
567 false); |
|
568 |
|
569 /** |
|
570 * This is boolean configuration option. |
|
571 * This is used in simulator testing. |
|
572 * True value means authentication_vector queries to AM are failed randomly. |
|
573 * False value means authentication_vector queries to AM are not failed. |
|
574 * Default value is false. |
|
575 */ |
|
576 EAP_CONFIGURATION_FIELD( |
|
577 cf_str_EAP_AKA_fail_AKA_authentication_vector_query_randomly, |
|
578 "EAP_AKA_fail_AKA_authentication_vector_query_randomly", |
|
579 eap_configure_type_boolean, |
|
580 false); |
|
581 |
|
582 /** |
|
583 * This is boolean configuration option. |
|
584 * This is used in simulator testing. |
|
585 * True value means queries to AM are randomly completed asyncronous. |
|
586 * False value means queries to AM are randomly completed syncronous. |
|
587 * Default value is false. |
|
588 */ |
|
589 EAP_CONFIGURATION_FIELD( |
|
590 cf_str_EAP_AKA_do_asyncronous_completions_randomly, |
|
591 "EAP_AKA_do_asyncronous_completions_randomly", |
|
592 eap_configure_type_boolean, |
|
593 false); |
|
594 |
|
595 |
|
596 /** |
|
597 * This is boolean configuration option. |
|
598 * This is used in simulator testing. |
|
599 * True value means EAP-AKA server fails randomly successfull authentication. |
|
600 * False value means EAP-AKA server does NOT fail randomly successfull authentication. |
|
601 * Default value is false. |
|
602 */ |
|
603 EAP_CONFIGURATION_FIELD( |
|
604 cf_str_EAP_AKA_randomly_fail_successfull_authentication, |
|
605 "EAP_AKA_randomly_fail_successfull_authentication", |
|
606 eap_configure_type_boolean, |
|
607 false); |
|
608 |
|
609 |
|
610 /** |
|
611 * This is boolean configuration option. |
|
612 * This is used in simulator testing. |
|
613 * True value means EAP-AKA client and server allows result indications. |
|
614 * False value means EAP-AKA client and server does NOT allow result indications. |
|
615 * Default value is true. |
|
616 */ |
|
617 EAP_CONFIGURATION_FIELD( |
|
618 cf_str_EAP_AKA_allow_use_result_indication, |
|
619 "EAP_AKA_allow_use_result_indication", |
|
620 eap_configure_type_boolean, |
|
621 false); |
|
622 |
|
623 /** |
|
624 * This is boolean configuration option. True value activates use of expanded EAP type field of 64-bits in length. |
|
625 * False value forces to use the normal 8-bit EAP type field. |
|
626 * Default value is false. |
|
627 */ |
|
628 EAP_CONFIGURATION_FIELD( |
|
629 cf_str_EAP_AKA_use_eap_expanded_type, |
|
630 "EAP_AKA_use_eap_expanded_type", |
|
631 eap_configure_type_boolean, |
|
632 false); |
|
633 |
|
634 |
|
635 /** |
|
636 * This is boolean configuration option. |
|
637 * This is used in simulator testing. |
|
638 * True value means EAP-AKA server allows result indications. |
|
639 * False value means EAP-AKA server does NOT allow result indications. |
|
640 * NOTE this option over rides cf_str_EAP_AKA_allow_use_result_indication |
|
641 * in server. |
|
642 * Default value is true. |
|
643 */ |
|
644 EAP_CONFIGURATION_FIELD( |
|
645 cf_str_EAP_AKA_server_allow_use_result_indication, |
|
646 "EAP_AKA_server_allow_use_result_indication", |
|
647 eap_configure_type_boolean, |
|
648 false); |
|
649 |
|
650 /** |
|
651 * This is boolean configuration option. |
|
652 * This flag tells whether the UMA profile is used (true) or not (false). |
|
653 * Default value is false. |
|
654 */ |
|
655 EAP_CONFIGURATION_FIELD( |
|
656 cf_str_EAP_AKA_UMA_profile, |
|
657 "EAP_AKA_UMA_profile", |
|
658 eap_configure_type_boolean, |
|
659 false); |
|
660 |
|
661 /** |
|
662 * This is string configuration option. |
|
663 * The string is the prefix of automatic realm in the UMA profile. |
|
664 * Note also the EAP_AKA_UMA_profile must be true before |
|
665 * this option is used. |
|
666 * Default value is empty. |
|
667 */ |
|
668 EAP_CONFIGURATION_FIELD( |
|
669 cf_str_EAP_AKA_UMA_realm_prefix, |
|
670 "EAP_AKA_UMA_realm_prefix", |
|
671 eap_configure_type_string, |
|
672 false); |
|
673 |
|
674 /** |
|
675 * This u32_t array configuration option is includes those MCCs that uses 2 digit MNC. |
|
676 * Default value is empty array. |
|
677 */ |
|
678 EAP_CONFIGURATION_FIELD( |
|
679 cf_str_EAP_AKA_2_digit_mnc_map_of_mcc_of_imsi_array, |
|
680 "EAP_AKA_GSMSIM_2_digit_mnc_map_of_mcc_of_imsi_array", |
|
681 eap_configure_type_u32array, |
|
682 false); |
|
683 |
|
684 /** |
|
685 * This is boolean configuration option. |
|
686 * This is used in simulator testing. |
|
687 * True value means EAP-AKA server randomly skip pseudonym and fast-reauth identity generation. |
|
688 * False value means EAP-AKA server does generate those identities. |
|
689 * Default value is false. |
|
690 */ |
|
691 EAP_CONFIGURATION_FIELD( |
|
692 cf_str_EAP_AKA_server_randomly_skip_identity_generation, |
|
693 "EAP_AKA_server_randomly_skip_identity_generation", |
|
694 eap_configure_type_boolean, |
|
695 false); |
|
696 |
|
697 /** |
|
698 * This u32_t configuration value specifies the maximum session validity time in seconds. |
|
699 * Default value is 12 hours in seconds, which is 43200 seconds. |
|
700 */ |
|
701 EAP_CONFIGURATION_FIELD( |
|
702 cf_str_EAP_AKA_max_session_validity_time, |
|
703 "EAP_AKA_max_session_validity_time", |
|
704 eap_configure_type_u32_t, |
|
705 false); |
|
706 |
|
707 /** @} */ // End of group AKA_config_options. |
|
708 |
|
709 //-------------------------------------------------- |
|
710 |
|
711 /// Macro traces payload type and data. |
|
712 #define EAP_AKA_TRACE_PAYLOAD(prefix, payload) \ |
|
713 { \ |
|
714 EAP_TRACE_DEBUG( \ |
|
715 m_am_tools, TRACE_FLAGS_DEFAULT|TRACE_TEST_VECTORS, \ |
|
716 (EAPL("%s (0x%08x): current payload 0x%04x=%s, data length 0x%04x.\n"), \ |
|
717 prefix, (payload)->get_header_buffer((payload)->get_payload_length()), (payload)->get_current_payload(), \ |
|
718 (payload)->get_payload_AT_string(), (payload)->get_data_length())); \ |
|
719 EAP_TRACE_DATA_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT|TRACE_TEST_VECTORS, (EAPL("payload"), \ |
|
720 (payload)->get_header_buffer((payload)->get_payload_length()), \ |
|
721 (payload)->get_payload_length())); \ |
|
722 } |
|
723 |
|
724 //-------------------------------------------------- |
|
725 |
|
726 |
|
727 /// These are the stored attributes for message authentication calculations. |
|
728 class eap_type_aka_MAC_attributes_c |
|
729 { |
|
730 private: |
|
731 //-------------------------------------------------- |
|
732 |
|
733 u8_t * m_MAC; ///< This is the pointer to MAC. |
|
734 u32_t m_MAC_size; ///< This is the size of the MAC. |
|
735 u8_t *m_data; ///< This is the pointer to the authenticated data. |
|
736 u32_t m_data_length; ///< This the length of the authenticated data. |
|
737 |
|
738 //-------------------------------------------------- |
|
739 public: |
|
740 //-------------------------------------------------- |
|
741 |
|
742 virtual ~eap_type_aka_MAC_attributes_c(); |
|
743 |
|
744 eap_type_aka_MAC_attributes_c(); |
|
745 |
|
746 eap_type_aka_MAC_attributes_c( |
|
747 u8_t * MAC, |
|
748 u32_t MAC_size, |
|
749 u8_t * const EAP_data, |
|
750 u32_t EAP_data_length); |
|
751 |
|
752 void init( |
|
753 u8_t * MAC, |
|
754 u32_t MAC_size, |
|
755 u8_t * const EAP_data, |
|
756 u32_t EAP_data_length); |
|
757 |
|
758 u8_t * get_MAC() const; |
|
759 |
|
760 void set_MAC(u8_t * MAC); |
|
761 |
|
762 u32_t get_MAC_size() const; |
|
763 |
|
764 eap_type_aka_MAC_attributes_c * copy() const; |
|
765 |
|
766 u8_t * get_data() const; |
|
767 |
|
768 u32_t get_data_length(); |
|
769 |
|
770 void set_data(u8_t * const data); |
|
771 |
|
772 //-------------------------------------------------- |
|
773 }; |
|
774 |
|
775 |
|
776 #endif //#if !defined(_AKA_TYPES_H_) |
|
777 |
|
778 //-------------------------------------------------- |
|
779 |
|
780 |
|
781 |
|
782 // End. |