|
1 /* |
|
2 * Copyright (c) 2001-2006 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of the License "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: EAP and WLAN authentication protocols. |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 |
|
20 |
|
21 #if !defined(_RADIUS_TYPES_H_) |
|
22 #define _RADIUS_TYPES_H_ |
|
23 |
|
24 #include "eap_type_all_types.h" |
|
25 #include "eap_configuration_field.h" |
|
26 |
|
27 /** @file eap_radius_types.h |
|
28 * @brief This file defines the constants of the RADIUS EAP type. |
|
29 */ |
|
30 |
|
31 const u32_t RADIUS_FIRST_SEQUENCE = 1u; |
|
32 const u32_t RADIUS_PAYLOAD_LENGTH_ALIGN = 4u; |
|
33 const u32_t RADIUS_PAYLOAD_ZERO_DATA_LENGTH = 0u; |
|
34 const u8_t RADIUS_NAI_AT_BYTE = '@'; |
|
35 |
|
36 enum eap_radius_protocol_e |
|
37 { |
|
38 eap_radius_protocol, |
|
39 }; |
|
40 |
|
41 |
|
42 /** |
|
43 * This is the internal state of the RADIUS EAP type. |
|
44 */ |
|
45 enum eap_radius_state_variable_e |
|
46 { |
|
47 eap_radius_state_none , ///< This is the initial state |
|
48 eap_radius_state_waiting_for_identity_request , ///< Client state waiting_for_identity_request |
|
49 eap_radius_state_pending_identity_query , ///< Client state pending_identity_query |
|
50 eap_radius_state_waiting_for_start_request , ///< Client state imsi_waiting_for_start_request |
|
51 eap_radius_state_imsi_waiting_for_start_request , ///< Client state imsi_waiting_for_start_request |
|
52 eap_radius_state_pseydonym_waiting_for_start_request , ///< Client state pseydonym_waiting_for_start_request |
|
53 eap_radius_state_analyse_start_request , ///< Client state analyse_start_request |
|
54 eap_radius_state_waiting_for_challenge_request , ///< Client state waiting_for_challenge_request |
|
55 eap_radius_state_analyses_challenge_request , ///< Client state analyses_challenge_request |
|
56 eap_radius_state_pending_kc_sres_query , ///< Client state pending_kc_sres_query |
|
57 eap_radius_state_waiting_for_notification_request_success , ///< Client state waiting_for_notification_request_success |
|
58 eap_radius_state_waiting_for_success , ///< Client state waiting_for_success |
|
59 eap_radius_state_waiting_for_reauth_request , ///< Client state waiting_for_reauth_request |
|
60 eap_radius_state_analyses_reauthentication_request , ///< Client state analyses_reauthentication_request |
|
61 |
|
62 eap_radius_state_pending_pseudonym_decode_query , ///< Server state pending_pseudonym_decode_query |
|
63 eap_radius_state_waiting_for_identity_response , ///< Server state waiting_for_identity_response |
|
64 eap_radius_state_waiting_for_start_response_with_at_permanent_identity , ///< Server state waiting_for_start_response_with_at_permanen_identity |
|
65 eap_radius_state_waiting_for_start_response_with_at_full_auth_identity , ///< Server state waiting_for_start_response_with_at_identity |
|
66 eap_radius_state_waiting_for_start_response_with_at_any_identity , ///< Server state waiting_for_start_response_with_at_identity |
|
67 eap_radius_state_waiting_for_start_response , ///< Server state waiting_for_start_response |
|
68 eap_radius_state_waiting_for_challenge_response , ///< Server state waiting_for_challenge_response |
|
69 eap_radius_state_pending_triplet_query , ///< Server state pending_triplet_query |
|
70 eap_radius_state_analyses_challenge_response , ///< Server state analyses_challenge_response |
|
71 eap_radius_state_analyses_start_response , ///< Server state analyses_start_response |
|
72 eap_radius_state_waiting_for_notification_response_failure , ///< Server state waiting_for_notification_response, authentication failed |
|
73 eap_radius_state_waiting_for_notification_response_success , ///< Server state waiting_for_notification_response, authentication success |
|
74 eap_radius_state_waiting_for_reauth_response , ///< Server state waiting_for_reauth_response |
|
75 eap_radius_state_analyses_reauthentication_response , ///< Server state analyses_reauthentication_response |
|
76 |
|
77 eap_radius_state_success , ///< State state_success |
|
78 eap_radius_state_failure , ///< State state_failure |
|
79 |
|
80 eap_radius_state_last_value ///< Keep this enum the last one. |
|
81 }; |
|
82 |
|
83 |
|
84 /** |
|
85 * This is the required completion after a asyncronous call. |
|
86 */ |
|
87 enum eap_radius_complete_e |
|
88 { |
|
89 eap_radius_complete_none, ///< No completion required |
|
90 eap_radius_complete_start_request, ///< RADIUS start request must be completed |
|
91 eap_radius_complete_query_eap_identity, ///< RADIUS EAP-identity query must be completed |
|
92 eap_radius_complete_handle_imsi_from_username, |
|
93 eap_radius_complete_handle_start_response_message_completion, |
|
94 }; |
|
95 |
|
96 |
|
97 /** |
|
98 * This is the status of the triplet. |
|
99 */ |
|
100 enum eap_radius_triplet_status_e |
|
101 { |
|
102 eap_radius_triplet_status_ok = 0, |
|
103 eap_radius_triplet_status_no_roaming_agreement = 1024, ///< No roaming agreement. |
|
104 eap_radius_triplet_status_users_calls_are_barred = 1026, ///< User's calls are barred. |
|
105 eap_radius_triplet_status_user_has_not_subscribed_to_the_requested_service = 1031, ///< User has not subrcibed to the requested service. |
|
106 }; |
|
107 |
|
108 |
|
109 enum eap_radius_notification_codes_e |
|
110 { |
|
111 eap_radius_notification_no_F_no_P_general_failure = 0, ///< General failure. (implies failure, used after successful authentication) |
|
112 eap_radius_notification_no_F_P_set_general_failure = 16384, ///< General failure. (implies failure, used before authentication) |
|
113 eap_radius_notification_F_set_no_P_user_authenticated = 32768, ///< User has been successfully authenticated. (does not imply failure, used after successful authentication). The usage of this code is discussed in Section 4.4.2. |
|
114 eap_radius_notification_no_F_no_P_users_calls_are_barred = 1026, ///< User has been temporarily denied access to the requested service. (Implies failure, used after successful authentication) |
|
115 eap_radius_notification_no_F_no_P_user_has_not_subscribed_to_the_requested_service = 1031, ///< User has not subscribed to the requested service (implies failure, used after successful authentication) |
|
116 eap_radius_notification_none = 0xffff, ///< No code. |
|
117 }; |
|
118 |
|
119 |
|
120 enum radius_notification_code_bits_e |
|
121 { |
|
122 radius_notification_code_bit_f = 0x8000, |
|
123 radius_notification_code_bit_p = 0x4000, |
|
124 }; |
|
125 |
|
126 |
|
127 /** See eap_radius_triplet_status_e. */ |
|
128 const u8_t EAP_RADIUS_NOTIFICATION_NO_ROAMING_AGREEMENT[] |
|
129 = "1024 Visited network does not have a roaming agreement with user's home operator"; |
|
130 /** See eap_radius_triplet_status_e. */ |
|
131 const u8_t EAP_RADIUS_NOTIFICATION_USERS_CALLS_ARE_BARRED[] |
|
132 = "1026 User's calls are barred"; |
|
133 /** See eap_radius_triplet_status_e. */ |
|
134 const u8_t EAP_RADIUS_NOTIFICATION_USER_HAS_NOT_SUBSCRIBED_TO_THE_REQUESTED_SERVICE[] |
|
135 = "1031 User has not subscribed to the requested service"; |
|
136 |
|
137 /** |
|
138 * This is the type of the RADIUS identity. |
|
139 */ |
|
140 enum eap_radius_identity_type |
|
141 { |
|
142 RADIUS_IDENTITY_TYPE_NONE, |
|
143 RADIUS_IDENTITY_TYPE_IMSI_ID, |
|
144 RADIUS_IDENTITY_TYPE_PSEUDONYM_ID, |
|
145 RADIUS_IDENTITY_TYPE_RE_AUTH_ID, |
|
146 }; |
|
147 |
|
148 enum eap_radius_authentication_type_e |
|
149 { |
|
150 RADIUS_AUTHENTICATION_TYPE_NONE, |
|
151 RADIUS_AUTHENTICATION_TYPE_FULL_AUTH, |
|
152 RADIUS_AUTHENTICATION_TYPE_REAUTHENTICATION, |
|
153 }; |
|
154 |
|
155 const u8_t RADIUS_IMSI_PREFIX_CHARACTER[] = "1"; |
|
156 |
|
157 const u8_t RADIUS_AT_CHARACTER[] = "@"; |
|
158 |
|
159 const u8_t RADIUS_OWLAN_ORG_PREFIX_STRING[] = "wlan"; |
|
160 const u32_t RADIUS_OWLAN_ORG_PREFIX_STRING_LENGTH = sizeof(RADIUS_OWLAN_ORG_PREFIX_STRING)-1ul; |
|
161 |
|
162 const u8_t RADIUS_UMA_PREFIX_STRING[] = "wlan"; |
|
163 const u32_t RADIUS_UMA_PREFIX_STRING_LENGTH = sizeof(RADIUS_UMA_PREFIX_STRING)-1ul; |
|
164 |
|
165 const u8_t RADIUS_OWLAN_MNC_STRING[] = "mnc"; |
|
166 const u32_t RADIUS_OWLAN_MNC_STRING_LENGTH = sizeof(RADIUS_OWLAN_MNC_STRING)-1ul; |
|
167 |
|
168 const u8_t RADIUS_OWLAN_DOT_STRING[] = "."; |
|
169 const u32_t RADIUS_OWLAN_DOT_STRING_LENGTH = sizeof(RADIUS_OWLAN_DOT_STRING)-1ul; |
|
170 |
|
171 const u8_t RADIUS_OWLAN_MCC_STRING[] = "mcc"; |
|
172 const u32_t RADIUS_OWLAN_MCC_STRING_LENGTH = sizeof(RADIUS_OWLAN_MCC_STRING)-1ul; |
|
173 |
|
174 const u8_t RADIUS_OWLAN_ORG_STRING[] = "3gppnetwork.org"; |
|
175 const u32_t RADIUS_OWLAN_ORG_STRING_LENGTH = sizeof(RADIUS_OWLAN_ORG_STRING)-1ul; |
|
176 |
|
177 |
|
178 enum eap_radius_constants_e |
|
179 { |
|
180 EAP_TYPE_RADIUS_NONCE_MT_SIZE = 16u, ///< bytes = 128 bits |
|
181 EAP_TYPE_RADIUS_MAC_SIZE = 16u, ///< bytes = 128 bits |
|
182 EAP_TYPE_RADIUS_KEYMAT_SIZE = 20u, ///< bytes = 160 bits |
|
183 EAP_TYPE_RADIUS_MASTER_SESSION_KEY_SIZE = 4u*32u, ///< bytes |
|
184 EAP_TYPE_RADIUS_MAX_NAI_LENGTH = 255u, ///< bytes |
|
185 EAP_TYPE_RADIUS_MAX_USER_NAI_LENGTH = 255u, ///< bytes |
|
186 EAP_TYPE_RADIUS_DEFAULT_MINIMUM_RAND_COUNT = 2ul, ///< count |
|
187 EAP_TYPE_RADIUS_LOCAL_PACKET_BUFFER_LENGTH = 512u, ///< This is the size of the local send buffer. |
|
188 EAP_TYPE_RADIUS_PADDING_MODULUS = 4ul, ///< Padding length is always mudulus of 4. |
|
189 EAP_TYPE_RADIUS_PADDING_MAX_VALUE = 12ul, ///< Maximum padding length is 12 bytes. |
|
190 EAP_TYPE_RADIUS_INITIAL_REAUTH_COUNTER = 1ul, |
|
191 }; |
|
192 |
|
193 enum eap_radius_timer_id_e |
|
194 { |
|
195 EAP_TYPE_RADIUS_TIMER_DELAY_FAILURE_MESSAGE_SENT_ID, |
|
196 EAP_TYPE_RADIUS_TIMER_DELAY_NOTIFICATION_MESSAGE_ID, |
|
197 }; |
|
198 |
|
199 enum eap_radius_timer_timeout_value_e |
|
200 { |
|
201 EAP_TYPE_RADIUS_TIMER_TIMEOUT_VALUE_DELAY_FAILURE_MESSAGE_SENT = 0ul, ///< This is the default value. Zero means error message is handled immediately. |
|
202 }; |
|
203 |
|
204 |
|
205 /** |
|
206 * @defgroup RADIUS_config_options Configuration options of RADIUS. |
|
207 * The following configuration options are read through abs_eap_base_type_c::read_configure() function. |
|
208 * @{ |
|
209 */ |
|
210 |
|
211 |
|
212 EAP_CONFIGURATION_FIELD( |
|
213 cf_str_EAP_RADIUS_SERVER_client, |
|
214 "EAP_RADIUS_SERVER_client", |
|
215 eap_configure_type_section, |
|
216 false); |
|
217 |
|
218 /** |
|
219 * This string configuration option is the username part of EAP-type RADIUS identity. |
|
220 * Default value is empty string. That will cause use of automatic username. |
|
221 */ |
|
222 EAP_CONFIGURATION_FIELD( |
|
223 cf_str_EAP_RADIUS_SERVER_shared_secret, |
|
224 "EAP_RADIUS_SERVER_shared_secret", |
|
225 eap_configure_type_string, |
|
226 false); |
|
227 |
|
228 EAP_CONFIGURATION_FIELD( |
|
229 cf_str_EAP_RADIUS_SERVER_test_time, |
|
230 "EAP_RADIUS_SERVER_test_time", |
|
231 eap_configure_type_u32_t, |
|
232 false); |
|
233 |
|
234 |
|
235 /** @} */ // End of group RADIUS_config_options. |
|
236 |
|
237 #endif //#if !defined(_RADIUS_TYPES_H_) |
|
238 |
|
239 //-------------------------------------------------- |
|
240 |
|
241 |
|
242 |
|
243 // End. |