--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/eapol/eapol_framework/eapol_common/include/eap_core.h Thu Dec 17 08:47:43 2009 +0200
@@ -0,0 +1,939 @@
+/*
+* Copyright (c) 2001-2006 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of the License "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description: EAP and WLAN authentication protocols.
+*
+*/
+
+
+
+
+/**
+ * @mainpage EAP Core documentation.
+ *
+ * @section intro Introduction
+ * This is a EAP Core documentation generated by doxygen.
+ * First read <a href="../S60_3_1_EAP_Core.doc">S60_3_1_EAP_Core.doc</a>
+ * file from <a href="..">EAPOL/documentation</a> directory.
+ * Release notes are in file <a href="../../../../../wlan_linux/wlaneapol_linux/release_notes.txt">release_notes.txt</a>
+ *
+ * @section install Installation
+ * Installation instructions are in file <a href="../../../../../wlan_linux/wlaneapol_linux/readme.txt">EAPOL/readme.txt</a>.
+ *
+ * @section classes Most crucial classes
+ * The most crucial classes are eap_core_c, abs_eap_core_c,
+ * eap_base_type_c and abs_eap_base_type_c.
+ *
+ * Header files are stored to a directory <a href="../../../include">EAPOL/include</a>.
+ * Implementation of eap_core_c class is in a file <a href="../../../core/eap_core.cpp">
+ * EAPOL/core/eap_core.cpp</a>. Implementation of eap_base_type_c class is in a file
+ * <a href="../../../common/eap_base_type.cpp">EAPOL/common/eap_base_type.cpp</a>.
+ *
+ * @section eap_types Implemented EAP-types
+ *
+ * @subsection GSMSIM EAP/SIM
+ * EAP/SIM implementation is in a directory
+ * <a href="../../../type/gsmsim">EAPOL/type/gsmsim</a>.
+ * EAP/SIM is specified in draft-haverinen-pppext-eap-sim-xx.txt.
+ * The most current is
+ * <a href="../../type/gsmsim/doc/rfc4186.txt">
+ * RFC 4186</a>.
+ * IETF drafts and RFC are stored to a directory <a href="../../type/gsmsim/doc">
+ * EAPOL/type/gsmsim/documentation</a>.
+ * The document
+ * <a href="../../type/gsmsim/doc/GSMSIM.doc">GSMSIM.doc</a>
+ * includes implementation notes of GSMSIM.
+ *
+ * @subsection EAP_AKA EAP/AKA
+ * EAP/AKA implementation is in a directory
+ * <a href="../../../type/aka">EAPOL/type/aka</a>.
+ * EAP/AKA is specified in draft-arkko-pppext-eap-aka-xx.txt.
+ * The most current is
+ * <a href="../../type/aka/doc/rfc4187.txt">
+ * RFC 4187</a>.
+ * IETF drafts are stored to a directory <a href="../../type/aka/doc">
+ * EAPOL/type/aka/documentation</a>.
+ *
+ * @subsection EAP_TLS_PEAP EAP/TLS, PEAP and TTLS
+ * Implementation design and architecture of EAP/TLS, PEAP and TTLS is in
+ * <a href="../../type/tls_peap/doc/EAP_TLS_PEAP.doc">EAP_TLS_PEAP.doc</a>
+ * file in <a href="../../type/tls_peap/doc">EAPOL/type/tls_peap/documentation</a> directory.
+ * EAP/TLS and PEAP implementation will be in a directory
+ * <a href="../../../type/tls_peap">EAPOL/type/tls_peap</a>.
+ * TLS is specified in <a href="../../type/tls_peap/doc/rfc2246.txt">rfc2246.txt</a>.
+ * EAP/TLS is specified in <a href="../../type/tls_peap/doc/rfc2716.txt">rfc2716.txt</a>.
+ * PEAPv2 is specified in <a href="../../type/tls_peap/doc/draft-josefsson-pppext-eap-tls-eap-08.txt">draft-josefsson-pppext-eap-tls-eap-08.txt</a>.
+ * PEAPv1 is specified in <a href="../../type/tls_peap/doc/draft-josefsson-pppext-eap-tls-eap-05.txt">draft-josefsson-pppext-eap-tls-eap-05.txt</a>.
+ * Windows XP- PEAPv0 is specified in <a href="../../type/tls_peap/doc/draft-kamath-pppext-peapv0-00.txt">draft-kamath-pppext-peapv0-00.txt</a>.
+ * TTLS is specified in <a href="../../type/tls_peap/doc/draft-ietf-pppext-eap-ttls-04.txt">draft-ietf-pppext-eap-ttls-04.txt</a>.
+ *
+ * @subsection EAP_MsChapv2 EAP/MsChapv2
+ * EAP/MsChapv2 implementation is in a directory
+ * <a href="../../../type/mschapv2">EAPOL/type/mschapv2</a>.
+ * EAP/MsChapv2 is specified in draft-kamath-pppext-eap-mschapv2-XX.txt, rfc2433.txt and rfc2759.txt.
+ * The most current is
+ * <a href="../../type/mschapv2/doc/draft-kamath-pppext-eap-mschapv2-01.txt">
+ * EAP/MsChapv2 draft version 2</a>.
+ * See also <a href="../../type/mschapv2/doc/rfc2433.txt">rfc2433.txt</a>
+ * and <a href="../../type/mschapv2/doc/rfc2759.txt">rfc2759.txt</a>.
+ * IETF drafts are stored to a directory <a href="../../type/mschapv2/doc">
+ * EAPOL/type/mschapv2/doc</a>.
+ *
+ * @subsection EAP_SecurID_GTC EAP/SecurID and GTC
+ * EAP/SecurID implementation is in a directory
+ * <a href="../../../type/securid">EAPOL/type/securid</a>.
+ * EAP/SecurID is specified in draft-josefsson-eap-securid-XX.txt.
+ * The most current is
+ * <a href="../../type/securid/doc/draft-josefsson-eap-securid-01.txt">
+ * EAP/SecurID draft version 1</a>.
+ * IETF drafts are stored to a directory <a href="../../type/securid/doc">
+ * EAPOL/type/securid/documentation</a>.
+ *
+ * @subsection EAP_LEAP EAP/LEAP
+ * EAP/LEAP implementation is in a directory
+ * <a href="../../../type/leap">EAPOL/type/leap</a>.
+ * EAP/LEAP documentation is not included here.
+ *
+ * @subsection SAE Experimental Security Association for EAPOL (not used)
+ * SAE implementation is in a directory <a href="../../../../../wlan_testing/wlaneapol_testing/SAE">EAPOL/SAE</a>.
+ * Document defining SAE is <a href="../../../../../wlan_testing/wlaneapol_testing/SAE/documentation/EAPOL_SA.doc">EAPOL_SA.doc</a>.
+ * This is a very experimental test implementation.
+ * Idea is to use Diffie-Hellman to create keys for a anonymous EAPOL tunnel.
+ * Any EAP-type could then run inside the tunnel.
+ * This fixes the problem of current EAPOL over WLAN.
+ * EAP was designed for poin to point environment and EAPOL to non-shared environment.
+ *
+ * NOTE SAE is not used anywhere.
+ *
+ * @section Symbian Symbian Plug-in
+ * EAP Type Plug-in Architecture for Symbian is specified in
+ * <a href="../../am/type/symbian/plugin/doc/eap_plugin_architecture.doc">
+ * eap_plugin_architecture.doc</a>.
+ *
+ */
+
+
+#if !defined(_EAP_CORE_H_)
+#define _EAP_CORE_H_
+
+#include "eap_am_export.h"
+#include "abs_eap_base_type.h"
+#include "eap_core_map.h"
+#include "eap_am_network_id.h"
+#include "abs_eap_stack_interface.h"
+#include "eap_configuration_field.h"
+#include "abs_eap_core_map.h"
+
+class abs_eap_core_c;
+class abs_eap_am_tools_c;
+class eap_core_retransmission_c;
+class eap_base_type_c;
+class eap_variable_data_c;
+
+//--------------------------------------------------------------------------------------------------
+
+/**
+ * @defgroup EAP_Core_config_options Configuration options of EAP Core.
+ * The following configuration options are read through abs_eap_base_type_c::read_configure() function.
+ * @{
+ */
+
+/**
+ * This is u32_t configuration option.
+ * This is the maximum count EAP CORE Authenticator resents message again.
+ * This is used in simulator testing.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_CORE_retransmission_counter,
+ "EAP_CORE_retransmission_counter",
+ eap_configure_type_u32_t,
+ false);
+
+/**
+ * This is u32_t configuration option.
+ * This is the time after EAP CORE Authenticator resents message again.
+ * This is used in simulator testing.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_CORE_retransmission_time,
+ "EAP_CORE_retransmission_time",
+ eap_configure_type_u32_t,
+ false);
+
+/**
+ * This is u32_t configuration option.
+ * This is the maximum time EAP authentication could succeed.
+ * This timeout is same for every EAP-type.
+ * You must define EAP-type spesific configuration
+ * if you need different timeout for your EAP-type.
+ * Authentication is terminated after this time elapses.
+ * Time is in milli secons.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_CORE_session_timeout,
+ "EAP_CORE_session_timeout",
+ eap_configure_type_u32_t,
+ false);
+
+/**
+ * This is optional and only valid for server.
+ * This allows different values for client and server.
+ * This is u32_t configuration option.
+ * This is the maximum time EAP authentication could succeed.
+ * This timeout is same for every EAP-type.
+ * You must define EAP-type spesific configuration
+ * if you need different timeout for your EAP-type.
+ * Authentication is terminated after this time elapses.
+ * Time is in milli secons.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_CORE_server_session_timeout,
+ "EAP_CORE_server_session_timeout",
+ eap_configure_type_u32_t,
+ false);
+
+
+/**
+ * This is optional and only valid for server.
+ * This is boolean configuration option.
+ * This flag selects whether EAP-Success is send after state notification is forwarded to lower layer (true)
+ * or EAP-Success is send before state notification is forwarded to lower layer (false).
+ * Default value is false.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_CORE_send_eap_success_after_notification,
+ "EAP_CORE_send_eap_success_after_notification",
+ eap_configure_type_boolean,
+ false);
+
+
+/**
+ * This is u32_t configuration option.
+ * This is the time after EAP-Failure is handled.
+ * Zero means EAP-Failure is handled immediately.
+ * Time is in milli secons.
+ * The default value is EAP_CORE_FAILURE_RECEIVED_TIMEOUT.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_CORE_failure_received_timeout,
+ "EAP_CORE_failure_received_timeout",
+ eap_configure_type_u32_t,
+ false);
+
+
+#if defined(USE_EAP_CORE_WAIT_REQUEST_TYPE_TIMER)
+/**
+ * This is u32_t configuration option.
+ * This is the maximum time client wait EAP-Request/Identity and EAP-Request/type packets.
+ * See EAP_CORE_WAIT_EAP_REQUEST_TYPE_ID.
+ * Time is in milli seconds.
+ * The default value is EAP_CORE_WAIT_EAP_REQUEST_TYPE_TIMEOUT.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_CORE_wait_eap_request_type_timeout,
+ "EAP_CORE_wait_eap_request_type_timeout",
+ eap_configure_type_u32_t,
+ false);
+
+/**
+ * This is optional and only valid for server.
+ * This is boolean configuration option.
+ * This flag selects whether EAP-Request/Identity is send (true) or not (false).
+ * Default value is false.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_CORE_skip_eap_request_identity,
+ "EAP_CORE_skip_eap_request_identity",
+ eap_configure_type_boolean,
+ false);
+
+#endif //#if defined(USE_EAP_CORE_WAIT_REQUEST_TYPE_TIMER)
+
+
+/** @} */ // End of group EAP_Core_config_options.
+
+//--------------------------------------------------------------------------------------------------
+
+
+/**
+ * This is the timer ID used with abs_eap_am_tools_c::set_timer() and abs_eap_am_tools_c::cancel_timer().
+ */
+enum eap_core_timer_id
+{
+ EAP_CORE_TIMER_RETRANSMISSION_ID, ///< This is time after a EAP-Request message is resent again. This is for testing purposes. See USE_EAP_CORE_RETRANSMISSION compilation flag.
+#if defined(USE_EAP_CORE_SERVER)
+ EAP_CORE_DELAYED_EAP_NAK_PROCESS_ID, ///< See EAP_CORE_DELAYED_EAP_NAK_PROCESS_TIMEOUT.
+#endif //#if defined(USE_EAP_CORE_SERVER)
+ EAP_CORE_SESSION_TIMEOUT_ID, ///< See EAP_CORE_TIMER_HANDLER_TIMEOUT_TIMEOUT.
+ EAP_CORE_FAILURE_RECEIVED_ID, ///< See EAP_CORE_FAILURE_RECEIVED_TIMEOUT.
+ EAP_CORE_REMOVE_SESSION_TIMEOUT_ID, ///< See EAP_CORE_REMOVE_SESSION_TIMEOUT.
+#if defined(USE_EAP_CORE_WAIT_REQUEST_TYPE_TIMER)
+ EAP_CORE_WAIT_EAP_REQUEST_TYPE_ID, ///< See EAP_CORE_WAIT_EAP_REQUEST_TYPE_TIMEOUT.
+#endif //#if defined(USE_EAP_CORE_WAIT_REQUEST_TYPE_TIMER)
+};
+
+/**
+ * This is time after a EAP-Failure message is handled.
+ */
+const u32_t EAP_CORE_FAILURE_RECEIVED_TIMEOUT = 2000ul;
+
+#if defined(USE_EAP_CORE_SERVER)
+/**
+ * This is time after a EAP-Response/Nak message is processes.
+ * We could wait if more suitable message is received.
+ */
+const u32_t EAP_CORE_DELAYED_EAP_NAK_PROCESS_TIMEOUT = 2000u;
+#endif //#if defined(USE_EAP_CORE_SERVER)
+
+/**
+ * This is the size of the local send buffer. Please use atleast minimum ethernet packet length 60 bytes.
+ */
+const u32_t EAP_CORE_PACKET_BUFFER_LENGTH = 512u;
+
+
+/**
+ * Re-transmission is used to test protocols.
+ * This is the maximum count EAP message is resent again.
+ * This is used in simulator testing.
+ * This is configurable parameter. See eap.conf EAP_CORE_retransmission_counter.
+ */
+const u32_t EAP_CORE_RETRANSMISSION_COUNTER = 5;
+
+/**
+ * Re-transmission is used to test protocols.
+ * This is the time after EAP message is resent again.
+ * This is used in simulator testing.
+ * This is configurable parameter. See eap.conf EAP_CORE_retransmission_time.
+ */
+const u32_t EAP_CORE_RETRANSMISSION_TIME = 1000u; /* milli seconds */
+
+/**
+ * This is the maximum time EAP authentication could succeed.
+ * Authentication is terminated after this time elapses.
+ * This is configurable parameter. See eap.conf EAP_CORE_session_timeout.
+ * See EAP_CORE_SESSION_TIMEOUT_ID.
+ * Time is in milli seconds.
+ */
+const u32_t EAP_CORE_SESSION_TIMEOUT = 120000u; /* milli seconds */
+
+/**
+ * This is the delay time after EAP-session is removed after authentication finished.
+ * This is configurable parameter.
+ * See EAP_CORE_REMOVE_SESSION_TIMEOUT_ID.
+ * Time is in milli seconds.
+ */
+const u32_t EAP_CORE_REMOVE_SESSION_TIMEOUT = 10000ul; /* milli seconds */
+
+#if defined(USE_EAP_CORE_WAIT_REQUEST_TYPE_TIMER)
+/**
+ * This is the maximum time client wait EAP-Request/Identity and EAP-Request/type packets.
+ * See EAP_CORE_WAIT_EAP_REQUEST_TYPE_ID.
+ * Time is in milli seconds.
+ */
+const u32_t EAP_CORE_WAIT_EAP_REQUEST_TYPE_TIMEOUT = 5000ul; /* milli seconds */
+#endif //#if defined(USE_EAP_CORE_WAIT_REQUEST_TYPE_TIMER)
+
+#if defined(USE_EAP_CORE_SERVER)
+/**
+ * This is default policy of EAP-Nak message.
+ * False value means EAP-Nak is prosessed after a timeout.
+ * True value means EAP-NAk is prosessed immediately.
+ */
+const bool EAP_CORE_PROCESS_EAP_NAK_IMMEDIATELY = true;
+#endif //#if defined(USE_EAP_CORE_SERVER)
+
+
+
+/// A eap_core_c class implements the basic functionality of EAP-type.
+class EAP_EXPORT eap_core_c
+: public abs_eap_core_map_c
+, public abs_eap_base_type_c
+, public abs_eap_base_timer_c
+, public abs_eap_stack_interface_c
+{
+private:
+ //--------------------------------------------------
+
+ /// This is back pointer to object which created this object.
+ /// Packets are sent to the partner.
+ abs_eap_core_c *m_partner;
+
+ /// This is pointer to the tools class.
+ abs_eap_am_tools_c * const m_am_tools;
+
+ /// This stores eap_base_type objects using eap_variable_data selector.
+ eap_core_map_c<eap_base_type_c, abs_eap_core_map_c, eap_variable_data_c> m_type_map;
+
+ /// This stores the current EAP-type. When requested, we send our ID using
+ /// our default EAP-type. This is our best quess of other peer's EAP-type.
+ /// Other peer will sent the real EAP-type later and we can NAK it then
+ /// and send our own EAP-type. This is due the limitations of EAP-protocol.
+ eap_type_value_e m_current_eap_type;
+
+ /// This is our default EAP-type.
+ eap_type_value_e m_default_eap_type;
+
+ /// This is the queried EAP-identity.
+ /// This is saved because other EAP-types may be load afterwards
+ /// and they may query EAP-identity.
+ eap_variable_data_c m_eap_identity;
+
+ /// This is offset in bytes of the EAP-type header.
+ u32_t m_eap_header_offset;
+
+ /// This is maximum transfer unit in bytes.
+ u32_t m_MTU;
+
+ /// This is length of the trailer in bytes.
+ u32_t m_trailer_length;
+
+ /// This is network identity of the received packet.
+ eap_am_network_id_c m_receive_network_id;
+
+ /// Re-transmission is used to test protocols.
+ /// This stores the information to resent a message. This is used for testing purposes.
+ eap_core_retransmission_c *m_retransmission;
+
+ /// Re-transmission is used to test protocols.
+ /// This is the time after resent a message. This is used for testing purposes.
+ u32_t m_retransmission_time;
+
+ /// Re-transmission is used to test protocols.
+ /// This is the maximum count of retransmission of one message. This is used for testing purposes.
+ u32_t m_retransmission_counter;
+
+ /// This is the maximum time authentication could succeed.
+ /// Authentication is terminated after this time elapses.
+ /// The EAP-type could change the timeout by calling set_session_timeout() function.
+ u32_t m_session_timeout;
+
+ u32_t m_eap_core_failure_received_timeout;
+
+ u32_t m_remove_session_timeout;
+
+#if defined(USE_EAP_CORE_WAIT_REQUEST_TYPE_TIMER)
+ u32_t m_wait_eap_request_type_timeout;
+ bool m_wait_eap_request_type_timeout_set;
+#endif //#if defined(USE_EAP_CORE_WAIT_REQUEST_TYPE_TIMER)
+
+ /// Latest received EAP-identifier. Used only for EAP-Request/Identity handling in client.
+ /// Ensures that the EAP-Response/Identity is sent with the latest EAP-identifier.
+ u8_t m_eap_identity_request_identifier_client;
+
+ /// This indicates whether this object is client (true) or server (false).
+ /// In terms of EAP-protocol whether this network entity is EAP-supplicant (true) or EAP-authenticator (false).
+ bool m_is_client;
+
+ /// This indicates whether the authentication role of this object is client (true) or server (false).
+ /// In terms of EAP-protocol whether this network entitys authentication role is EAP-supplicant (true) or EAP-authenticator (false).
+ /// NOTE the LEAP type changes authentication role during the authentication session.
+ bool m_is_client_role;
+
+ /// This indicates whether this object was generated successfully.
+ bool m_is_valid;
+
+ /// Client has initiated restart.
+ bool m_client_restart_authentication_initiated;
+
+ /// This flag indicates that this object is marked to removed asynchronously.
+ /// The very same object could be taken use before the removing timer elapses.
+ bool m_marked_removed;
+
+ /// This flag prevents server receiving of multiple EAP-Response/Identity message.
+ /// This is set true after the server accepts EAP-Response/Identity message.
+ bool m_eap_identity_response_accepted;
+
+ /// Function shutdown() is called already.
+ bool m_shutdown_was_called;
+
+ /// Server received EAP-Response from client. Server must not sent any other EAP-type. Server could send EAP-Failure or EAP-Success.
+ /// Client sent a response. Client must not accept any other EAP-type.
+ bool m_eap_type_response_sent;
+
+ /// Tells whether this is tunneled EAP-session. For example inside PEAP or TTLS tunnel.
+ /// This causes some changes to timeouts.
+ bool m_is_tunneled_eap;
+
+#if defined(USE_EAP_CORE_SERVER)
+ /// If this flag is true EAP-Response/Nak is processed immediately.
+ /// If this flag is false EAP-Response/Nak is processed after a timeout.
+ /// There might be received more suitable EAP-Response.
+ bool m_process_eap_nak_immediately;
+
+ /// EAP-Response/Nak is initiated.
+ bool m_nak_process_timer_active;
+
+ /// This flag prevents server sending of multiple EAP-Request/Identity message.
+ bool m_eap_identity_request_send;
+
+ /// This is set true after the server receives EAP-Response/Identity message.
+ bool m_eap_identity_response_received;
+
+ /// This flag is set true after a EAP-Failure is sent.
+ bool m_eap_failure_sent;
+
+ /// This flag selects whether EAP-Success is send after state notification is forwarded to lower layer (true)
+ /// or EAP-Success is send before state notification is forwarded to lower layer (false).
+ bool m_send_eap_success_after_notification;
+
+#if defined(USE_EAP_CORE_WAIT_REQUEST_TYPE_TIMER)
+ // This flag selects whether EAP-Request/Identity is send (true) or not (false).
+ bool m_skip_eap_request_identity;
+#endif //#if defined(USE_EAP_CORE_WAIT_REQUEST_TYPE_TIMER)
+#endif //#if defined(USE_EAP_CORE_SERVER)
+
+ bool m_use_eap_expanded_type;
+
+ /// Some of the protocols terminates with EAP-Failure. This flag tells to ignore EAP-Failure.
+ bool m_ignore_eap_failure;
+
+ bool m_ignore_notifications;
+
+ // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+ /**
+ * Re-transmission is used to test protocols.
+ * This function resends the packet.
+ */
+ EAP_FUNC_IMPORT eap_status_e resend_packet(
+ const eap_am_network_id_c * const send_network_id,
+ eap_buf_chain_wr_c * const sent_packet,
+ const u32_t header_offset,
+ const u32_t data_length,
+ const u32_t buffer_free,
+ const u32_t retransmission_counter
+ );
+
+ /**
+ * Re-transmission is used to test protocols.
+ * This function cancels retransmissions.
+ */
+ EAP_FUNC_IMPORT eap_status_e cancel_retransmission();
+
+ /**
+ * Re-transmission is used to test protocols.
+ * This function inits retransmission of sent packet.
+ */
+ EAP_FUNC_IMPORT eap_status_e init_retransmission(
+ const eap_am_network_id_c * const send_network_id,
+ eap_buf_chain_wr_c * const sent_packet,
+ const u32_t header_offset,
+ const u32_t data_length,
+ const eap_code_value_e eap_code,
+ const u8_t eap_identifier,
+ const eap_type_value_e eap_type
+ );
+
+ /**
+ * This function cancels previous session timeout and initializes new timeout for the session.
+ */
+ EAP_FUNC_IMPORT eap_status_e initialize_session_timeout(
+ const u32_t session_timeout_ms);
+
+ /**
+ * This function cancels timeout for a session.
+ */
+ EAP_FUNC_IMPORT eap_status_e cancel_session_timeout();
+
+ /**
+ * This function calls shutdown() for one eap_base_type_c object.
+ */
+ EAP_FUNC_IMPORT static eap_status_e shutdown_operation(
+ eap_base_type_c * const value,
+ abs_eap_am_tools_c * const m_am_tools);
+
+ /**
+ * This function calls reset() for one eap_base_type_c object.
+ */
+ EAP_FUNC_IMPORT static eap_status_e reset_operation(
+ eap_base_type_c * const handler,
+ abs_eap_am_tools_c * const m_am_tools);
+
+ EAP_FUNC_IMPORT eap_status_e client_proposes_eap_types(
+ const eap_am_network_id_c * const receive_network_id,
+ const u8_t eap_identifier);
+
+ /**
+ * This function processes EAP-packet with known EAP-type.
+ */
+ EAP_FUNC_IMPORT eap_status_e packet_process_type(
+ const eap_type_value_e used_eap_type,
+ const eap_am_network_id_c * const receive_network_id,
+ eap_general_header_base_c * const packet_data,
+ const u32_t packet_length);
+
+#if defined(USE_EAP_CORE_SERVER)
+ /**
+ * This function re-starts authentication with new EAP-type.
+ * Only server calls this function.
+ */
+ EAP_FUNC_IMPORT eap_status_e restart_with_new_type(
+ const eap_type_value_e used_eap_type,
+ const eap_am_network_id_c * const receive_network_id,
+ const u8_t eap_identifier);
+#endif //#if defined(USE_EAP_CORE_SERVER)
+
+#if defined(USE_EAP_CORE_SERVER)
+ EAP_FUNC_IMPORT eap_status_e handle_eap_identity_response(
+ eap_base_type_c * const handler,
+ const eap_type_value_e used_eap_type,
+ const eap_am_network_id_c * const receive_network_id,
+ eap_header_wr_c * const eap,
+ const u32_t packet_length);
+#endif //#if defined(USE_EAP_CORE_SERVER)
+
+ /**
+ * This function handles EAP-Request/Identity.
+ */
+ EAP_FUNC_IMPORT eap_status_e handle_eap_identity_request(
+ const eap_type_value_e used_eap_type,
+ const u8_t eap_identifier,
+ const eap_am_network_id_c * const receive_network_id);
+
+ /**
+ * This function creates EAP-Response/Identity.
+ */
+ EAP_FUNC_IMPORT eap_status_e create_eap_identity_response(
+ eap_buf_chain_wr_c * const response_packet,
+ const eap_variable_data_c * const identity,
+ const u8_t eap_identifier
+ );
+
+ /**
+ * This function sends EAP-Response/Identity.
+ */
+ EAP_FUNC_IMPORT eap_status_e send_eap_identity_response(
+ const eap_am_network_id_c * const send_network_id,
+ const eap_variable_data_c * const identity,
+ const u8_t eap_identifier);
+
+ /**
+ * This function sends EAP-Response/Notification.
+ */
+ EAP_FUNC_IMPORT eap_status_e send_eap_notification_response(
+ const eap_am_network_id_c * const send_network_id,
+ const u8_t eap_identifier);
+
+ /**
+ * This function initializes timeout for received EAP-Failure.
+ */
+ EAP_FUNC_IMPORT eap_status_e set_eap_failure_timeout();
+
+ /**
+ * This function cancels timeout for received EAP-Failure.
+ */
+ EAP_FUNC_IMPORT eap_status_e cancel_eap_failure_timeout();
+
+#if defined(USE_EAP_CORE_WAIT_REQUEST_TYPE_TIMER)
+ eap_status_e set_wait_eap_request_type_timeout();
+
+ eap_status_e cancel_wait_eap_request_type_timeout();
+#endif //#if defined(USE_EAP_CORE_WAIT_REQUEST_TYPE_TIMER)
+
+ EAP_FUNC_IMPORT eap_status_e asynchronous_init_remove_eap_session();
+
+ EAP_FUNC_IMPORT eap_status_e initialize_asynchronous_init_remove_eap_session(
+ const u32_t remove_session_timeout);
+
+ EAP_FUNC_IMPORT eap_status_e cancel_asynchronous_init_remove_eap_session();
+
+ eap_status_e init_end_of_session(
+ const abs_eap_state_notification_c * const state);
+
+ eap_status_e set_eap_identity_routing_info_and_nai_decoration(
+ eap_variable_data_c * const identity);
+
+ //--------------------------------------------------
+protected:
+ //--------------------------------------------------
+
+ //--------------------------------------------------
+public:
+ //--------------------------------------------------
+
+ /**
+ * The destructor of the eap_core class does nothing special.
+ */
+ EAP_FUNC_IMPORT virtual ~eap_core_c();
+
+ /**
+ * The constructor initializes member attributes using parameters passed to it.
+ * @param tools is pointer to the tools class. @see abs_eap_am_tools_c.
+ * @param partner is back pointer to object which created this object.
+ * @param is_client_when_true indicates whether the network entity should act
+ * @param is_tunneled_eap tells the EAP is run in tunnel (PEAP or other).
+ * as a client (true) or server (false), in terms of EAP-protocol
+ * whether this network entity is EAP-supplicant (true) or EAP-authenticator (false).
+ */
+ EAP_FUNC_IMPORT eap_core_c(
+ abs_eap_am_tools_c * const tools,
+ abs_eap_core_c * const partner,
+ const bool is_client_when_true,
+ const eap_am_network_id_c * const receive_network_id,
+ const bool is_tunneled_eap);
+
+ /**
+ * The load_type() function function indicates the lower level to load
+ * new module including EAP-type. The type parameter is the requested EAP-type.
+ * @param type is the identifier of the required EAP type.
+ * @return Function returns pointer to the EAP type object.
+ */
+ EAP_FUNC_IMPORT eap_base_type_c * load_type(
+ const eap_type_value_e type,
+ const eap_type_value_e tunneling_type,
+ const eap_am_network_id_c * const receive_network_id);
+
+ EAP_FUNC_IMPORT void trace_eap_packet(
+ eap_const_string prefix,
+ const eap_header_wr_c * const eap_header);
+
+ // This is documented in abs_eap_stack_interface_c::packet_process().
+ EAP_FUNC_IMPORT eap_status_e packet_process(
+ const eap_am_network_id_c * const receive_network_id,
+ eap_general_header_base_c * const packet_data,
+ const u32_t packet_length);
+
+ // This is documented in abs_eap_base_type_c::packet_send().
+ EAP_FUNC_IMPORT eap_status_e packet_send(
+ const eap_am_network_id_c * const send_network_id,
+ eap_buf_chain_wr_c * const sent_packet,
+ const u32_t header_offset,
+ const u32_t data_length,
+ const u32_t buffer_length);
+
+ /**
+ * The get_partner() function returns pointer to partner class.
+ */
+ EAP_FUNC_IMPORT abs_eap_core_c * get_partner();
+
+ /**
+ * The set_partner() function sets pointer to partner class.
+ */
+ EAP_FUNC_IMPORT void set_partner(abs_eap_core_c * const partner);
+
+ // This is documented in abs_eap_base_type_c::get_header_offset().
+ EAP_FUNC_IMPORT u32_t get_header_offset(
+ u32_t * const MTU,
+ u32_t * const trailer_length);
+
+ // This is documented in abs_eap_base_type_c::load_module().
+ EAP_FUNC_IMPORT eap_status_e load_module(
+ const eap_type_value_e type,
+ const eap_type_value_e /* tunneling_type */,
+ abs_eap_base_type_c * const partner,
+ eap_base_type_c ** const eap_type,
+ const bool is_client_when_true,
+ const eap_am_network_id_c * const receive_network_id);
+
+ // This is documented in abs_eap_base_type_c::unload_module().
+ EAP_FUNC_IMPORT eap_status_e unload_module(
+ const eap_type_value_e type);
+
+ /**
+ * The adaptation module calls the eap_acknowledge() function after
+ * any Network Protocol packet is received. This is used as a success indication.
+ * This is described in RFC 2284 "PPP Extensible Authentication Protocol (EAP)".
+ * Mostly there is only one session in the client.
+ * The server does not need eap_acknowledge() function because
+ * server (EAP-authenticator) sends the EAP-success message.
+ */
+ EAP_FUNC_IMPORT eap_status_e eap_acknowledge(
+ const eap_am_network_id_c * const receive_network_id);
+
+ // This is documented in abs_eap_base_type_c::restart_authentication().
+ EAP_FUNC_IMPORT eap_status_e restart_authentication(
+ const eap_am_network_id_c * const send_network_id,
+ const bool is_client_when_true);
+
+ /**
+ * The EAP Core calls the send_eap_nak_response() function
+ * when EAP-authentication with requested EAP type is not possible.
+ * @param receive_network_id includes the addresses (network identity) and packet type.
+ * @param eap_identifier is the EAP-Identifier to be used with EAP-Nak message.
+ * @param preferred_eap_type is the acceptable EAP-Type to be informed with an other peer.
+ */
+ EAP_FUNC_IMPORT eap_status_e send_eap_nak_response(
+ const eap_am_network_id_c * const receive_network_id,
+ const u8_t eap_identifier,
+ const eap_array_c<eap_type_value_e> * const eap_type_list);
+
+
+#if defined(USE_EAP_CORE_SERVER)
+
+ /**
+ * The EAP Core calls the send_eap_identity_request() function
+ * when EAP-authentication is needed with another peer.
+ * @param network_id includes the addresses (network identity) and packet type.
+ */
+ EAP_FUNC_IMPORT eap_status_e send_eap_identity_request(
+ const eap_am_network_id_c * const network_id);
+
+ /**
+ * This function sends EAP-Success.
+ */
+ EAP_FUNC_IMPORT eap_status_e send_eap_success(
+ const eap_am_network_id_c * const send_network_id,
+ const u8_t eap_identifier);
+
+ /**
+ * This function sends EAP-Failure.
+ */
+ EAP_FUNC_IMPORT eap_status_e send_eap_failure(
+ const eap_am_network_id_c * const send_network_id,
+ const u8_t eap_identifier);
+
+#endif //#if defined(USE_EAP_CORE_SERVER)
+
+
+ // This is documented in abs_eap_base_type_c::packet_data_crypto_keys().
+ EAP_FUNC_IMPORT eap_status_e packet_data_crypto_keys(
+ const eap_am_network_id_c * const send_network_id,
+ const eap_master_session_key_c * const master_session_key
+ );
+
+ // This is documented in abs_eap_stack_interface_c::configure().
+ EAP_FUNC_IMPORT eap_status_e configure();
+
+ // This is documented in abs_eap_stack_interface_c::shutdown().
+ EAP_FUNC_IMPORT eap_status_e shutdown();
+
+ // This is documented in abs_eap_base_type_c::read_configure().
+ EAP_FUNC_IMPORT virtual eap_status_e read_configure(
+ const eap_configuration_field_c * const field,
+ eap_variable_data_c * const data);
+
+ // This is documented in abs_eap_base_type_c::write_configure().
+ EAP_FUNC_IMPORT virtual eap_status_e write_configure(
+ const eap_configuration_field_c * const field,
+ eap_variable_data_c * const data);
+
+ // This is documented in abs_eap_stack_interface_c::set_is_valid().
+ EAP_FUNC_IMPORT void set_is_valid();
+
+ // This is documented in abs_eap_stack_interface_c::get_is_valid().
+ EAP_FUNC_IMPORT bool get_is_valid();
+
+ // This is documented in abs_eap_base_type_c::state_notification().
+ EAP_FUNC_IMPORT void state_notification(
+ const abs_eap_state_notification_c * const state);
+
+ // See abs_eap_base_timer_c::timer_expired().
+ EAP_FUNC_IMPORT eap_status_e timer_expired(
+ const u32_t id, void *data);
+
+ // See abs_eap_base_timer_c::timer_delete_data().
+ EAP_FUNC_IMPORT eap_status_e timer_delete_data(
+ const u32_t id, void *data);
+
+ /**
+ * eap_core_map_c class increases reference count each time reference to stored object is get.
+ * Here is always just one state for one session so no references are used.
+ */
+ EAP_FUNC_IMPORT void object_increase_reference_count();
+
+ /**
+ * eap_core_map_c class increases reference count each time reference to stored object is get.
+ * Here is always just one state for one session so no references are used.
+ */
+ EAP_FUNC_IMPORT u32_t object_decrease_reference_count();
+
+ /**
+ * @{ Add configuration of accepted EAP-types. }
+ */
+ // This is documented in abs_eap_base_type_c::check_is_valid_eap_type().
+ EAP_FUNC_IMPORT eap_status_e check_is_valid_eap_type(const eap_type_value_e eap_type);
+
+ // This is commented in abs_eap_base_type_c::get_eap_type_list().
+ EAP_FUNC_IMPORT eap_status_e get_eap_type_list(
+ eap_array_c<eap_type_value_e> * const eap_type_list);
+
+ /**
+ * Gets flag whether this session is marked removed.
+ * Session is removed later if it is not reused.
+ */
+ EAP_FUNC_IMPORT bool get_marked_removed();
+
+ /**
+ * Marks this session removed.
+ * Session is removed later if it is not reused.
+ */
+ EAP_FUNC_IMPORT void set_marked_removed();
+
+ /**
+ * Marks this session not removed.
+ * Session is not removed it is reused.
+ */
+ EAP_FUNC_IMPORT void unset_marked_removed();
+
+ /**
+ * Prevents all notifications.
+ */
+ EAP_FUNC_IMPORT void ignore_notifications();
+
+ /**
+ * This function must reset the state of object to same as
+ * state was after the configure() function call.
+ * If object reset succeeds this function must return eap_status_ok.
+ * If object reset fails this function must return corresponding error status.
+ * @return This function returns the status of reset operation.
+ */
+ EAP_FUNC_IMPORT eap_status_e reset();
+
+ // This is documented in abs_eap_base_type_c::complete_eap_identity_query().
+ EAP_FUNC_IMPORT eap_status_e complete_eap_identity_query(
+ const eap_am_network_id_c * const send_network_id,
+ const eap_variable_data_c * const identity,
+ const u8_t eap_identifier);
+
+ // This is documented in abs_eap_base_type_c::get_saved_eap_identity().
+ EAP_FUNC_IMPORT eap_status_e get_saved_eap_identity(eap_variable_data_c * const identity);
+
+ // This is documented in abs_eap_base_type_c::set_session_timeout().
+ EAP_FUNC_IMPORT eap_status_e set_session_timeout(
+ const u32_t session_timeout_ms);
+
+ // This is documented in abs_eap_base_type_c::set_timer().
+ EAP_FUNC_IMPORT eap_status_e set_timer(
+ abs_eap_base_timer_c * const p_initializer,
+ const u32_t p_id,
+ void * const p_data,
+ const u32_t p_time_ms);
+
+ // This is documented in abs_eap_base_type_c::cancel_timer().
+ EAP_FUNC_IMPORT eap_status_e cancel_timer(
+ abs_eap_base_timer_c * const p_initializer,
+ const u32_t p_id);
+
+ // This is documented in abs_eap_base_type_c::cancel_all_timers().
+ EAP_FUNC_IMPORT eap_status_e cancel_all_timers();
+
+ // This is documented in abs_eap_base_type_c::set_authentication_role().
+ EAP_FUNC_IMPORT eap_status_e set_authentication_role(const bool when_true_set_client);
+
+ // This is documented in abs_eap_base_type_c::add_rogue_ap().
+ EAP_FUNC_IMPORT eap_status_e add_rogue_ap(eap_array_c<eap_rogue_ap_entry_c> & rogue_ap_list);
+
+ // This is documented in abs_eap_base_type_c::get_is_tunneled().
+ EAP_FUNC_IMPORT bool get_is_tunneled_eap() const;
+
+ //--------------------------------------------------
+}; // class eap_core_c
+
+
+#endif //#if !defined(_EAP_CORE_H_)
+
+//--------------------------------------------------
+
+
+
+// End.