--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/eapol/eapol_framework/eapol_common/type/radius/include/eap_radius.h Thu Dec 17 08:47:43 2009 +0200
@@ -0,0 +1,427 @@
+/*
+* Copyright (c) 2001-2006 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of the License "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description: EAP and WLAN authentication protocols.
+*
+*/
+
+
+
+
+#if !defined(_RADIUS_CORE_H_)
+#define _RADIUS_CORE_H_
+
+#include "eap_tools.h"
+#include "eap_am_export.h"
+#include "eap_base_type.h"
+#include "eap_variable_data.h"
+#include "eap_radius_header.h"
+#include "eap_radius_types.h"
+#include "eap_radius_payloads.h"
+#include "eap_radius_state.h"
+#include "eap_radius_initialized.h"
+#include "abs_eap_base_timer.h"
+#include "abs_eap_am_radius.h"
+#include "eap_am_radius.h"
+#include "eap_crypto_api.h"
+#include "eap_radius_session.h"
+#include "abs_eap_radius.h"
+#include "abs_eap_radius_session.h"
+#include "eap_radius_session.h"
+#include "eap_diameter_avp_code.h"
+
+class eap_radius_MAC_attributes_c;
+class eap_radius_header_base_c;
+
+//--------------------------------------------------
+
+
+/// This class is implementation of RADIUS EAP-type.
+class EAP_EXPORT eap_radius_c
+: public abs_eap_radius_session_c
+, public abs_eap_radius_state_c
+, public abs_eap_base_timer_c
+, public abs_eap_core_map_c
+{
+private:
+ //--------------------------------------------------
+
+ /// This is pointer to the tools class.
+ abs_eap_am_tools_c * const m_am_tools;
+
+ abs_eap_radius_c * const m_partner;
+
+ /// This stores objects using eap_variable_data selector.
+ eap_core_map_c<eap_radius_session_c, abs_eap_core_map_c, eap_variable_data_c> m_session_map;
+
+ eap_variable_data_c m_pseudo_ethernet_header;
+
+ /// This is offset in bytes of the EAP-type header in the packet buffer.
+ /// Offset is described in abs_eap_base_type_c::get_header_offset().
+ u32_t m_radius_header_offset;
+
+ /// This is maximum transfer unit in bytes.
+ /// MTU is described in abs_eap_base_type_c::get_header_offset().
+ u32_t m_MTU;
+
+ /// This is length of the trailer in bytes.
+ /// Trailer length is described in abs_eap_base_type_c::get_header_offset().
+ u32_t m_trailer_length;
+
+ u16_t m_salt;
+
+ /// This flag is set true when shutdown() function is called.
+ bool m_shutdown_was_called;
+
+ /// This indicates whether this object is client (true) or server (false).
+ /// In terms of EAP-protocol whether this network entity is EAP-supplicant (true)
+ /// or EAP-authenticator (false).
+ bool m_is_client;
+
+ /// This indicates whether this object was generated successfully.
+ bool m_is_valid;
+
+ //--------------------------------------------------
+
+
+ /**
+ * This function sends and traces all messages.
+ */
+ EAP_FUNC_IMPORT eap_status_e packet_send(
+ const eap_am_network_id_c * const network_id,
+ eap_buf_chain_wr_c * const sent_packet,
+ const u32_t header_offset,
+ const u32_t data_length,
+ const u32_t buffer_length,
+ eap_radius_session_c * const session
+ );
+
+#if defined(USE_EAP_TRACE)
+
+ /**
+ * This function traces the EAP packet.
+ */
+ EAP_FUNC_IMPORT void packet_trace(
+ eap_const_string prefix,
+ const eap_am_network_id_c * const receive_network_id,
+ eap_radius_header_base_c * const received_eap,
+ const u32_t eap_packet_length);
+
+ #define EAP_RADIUS_PACKET_TRACE(prefix, receive_network_id, \
+ received_eap, eap_packet_length) \
+ packet_trace((prefix), (receive_network_id), (received_eap), (eap_packet_length))
+
+#else
+
+ #define EAP_RADIUS_PACKET_TRACE(prefix, receive_network_id, \
+ received_eap, eap_packet_length)
+
+#endif //#if !defined(USE_EAP_TRACE)
+
+
+ /**
+ * This function processes the RADIUS packets.
+ */
+ EAP_FUNC_IMPORT eap_status_e radius_packet_process(
+ const eap_am_network_id_c * const receive_network_id, ///< This is the network identity of the received EAP packet.
+ eap_radius_header_base_c * const received_radius, ///< This is pointer to EAP header including RADIUS fields.
+ const u32_t radius_packet_length, ///< This is length of received RADIUS EAP packet.
+ const bool is_client_when_true ///< Indicates whether this is client (true) or server (false).
+ );
+
+ EAP_FUNC_IMPORT eap_status_e cancel_error_message_delay_timer();
+
+ EAP_FUNC_IMPORT eap_status_e set_error_message_delay_timer();
+
+ EAP_FUNC_IMPORT eap_status_e handle_error_packet();
+
+ EAP_FUNC_IMPORT bool random_selection();
+
+ EAP_FUNC_IMPORT eap_status_e add_ms_mppe_key_attributes(
+ const eap_variable_data_c * const shared_secret,
+ const eap_variable_data_c * const master_session_key,
+ const eap_variable_data_c * const request_authenticator,
+ eap_radius_header_base_c * const radius_header,
+ u32_t * const attribute_offset,
+ crypto_hmac_c * const hmac_message_auth,
+ crypto_md5_c * const md5_response_auth);
+
+
+ EAP_FUNC_IMPORT eap_status_e add_user_name_attribute(
+ const eap_radius_variable_data_c * const user_name,
+ eap_radius_header_base_c * const radius_header,
+ u32_t * const radius_attribute_offset,
+ crypto_hmac_c * const hmac_message_auth,
+ crypto_md5_c * const md5_response_auth);
+
+ EAP_FUNC_IMPORT eap_status_e xor_values(
+ u8_t * const plaintext,
+ const u32_t plaintext_length,
+ const eap_variable_data_c * const intermediate_value);
+
+ EAP_FUNC_IMPORT eap_status_e encrypt_ms_mppe_key_attribute(
+ const eap_variable_data_c * const shared_secret,
+ const eap_variable_data_c * const request_authenticator,
+ const u8_t * salt,
+ const u32_t salt_length,
+ u8_t * const data,
+ const u32_t data_length);
+
+ EAP_FUNC_IMPORT eap_status_e add_one_ms_mppe_key_attribute(
+ const eap_variable_data_c * const shared_secret,
+ const eap_variable_data_c * const request_authenticator,
+ eap_radius_header_base_c * const radius_header,
+ u32_t * const attribute_offset,
+ const u8_t * const key,
+ const u32_t key_length,
+ const eap_diameter_avp_code_c mppe_key_type,
+ crypto_hmac_c * const hmac_message_auth,
+ crypto_md5_c * const md5_response_auth);
+
+ EAP_FUNC_IMPORT static eap_status_e shutdown_operation(
+ eap_radius_session_c * const session,
+ abs_eap_am_tools_c * const m_am_tools);
+
+ /**
+ * This function parses all payloads of the whole RADIUS EAP packet.
+ * Payloads are stored to p_radius_payloads.
+ * @see parse_radius_payload().
+ */
+ EAP_FUNC_IMPORT eap_status_e parse_radius_packet(
+ eap_radius_header_base_c * const radius, ///< This is pointer to EAP header including RADIUS fields.
+ const u32_t radius_packet_length, ///< This is length of received RADIUS EAP packet.
+ eap_radius_payloads_c * const p_radius_payloads);
+
+ /**
+ * This function handles the received RADIUS EAP packet.
+ *
+ * First is checked the valid massage is received in valid state.
+ * See also eap_radius_state_c::check_valid_state().
+ *
+ * Second is parsed the payloads and checked syntax of the received RADIUS EAP packet.
+ * See also parse_radius_packet().
+ *
+ * Third is analysed the RADIUS EAP packet. This includes the payload and values of each payload.
+ * See also analyse_radius_packet().
+ */
+ EAP_FUNC_IMPORT eap_status_e handle_radius_packet(
+ const eap_am_network_id_c * const receive_network_id, ///< This is the network identity of the received EAP packet.
+ eap_radius_header_base_c * const radius, ///< This is pointer to EAP header including RADIUS fields.
+ const u32_t radius_length, ///< This is length of received RADIUS EAP packet.
+ eap_radius_payloads_c * const p_radius_payloads ///< This is pointer to all payloads of the received EAP packet.
+ );
+
+ /**
+ * This function analyses the received RADIUS EAP packet.
+ * Each sub-type is handled in separate function.
+ * @see Client messages are handled in handle_start_request_message() and handle_challenge_request_message().
+ * @see Server messages are handled in handle_start_response_message() and handle_challenge_response_message().
+ */
+ EAP_FUNC_IMPORT eap_status_e analyse_radius_packet(
+ const eap_am_network_id_c * const receive_network_id, ///< This is the network identity of the received EAP packet.
+ eap_radius_header_base_c * const received_radius, ///< This is pointer to EAP header including RADIUS fields.
+ const u32_t radius_packet_length, ///< This is length of received RADIUS EAP packet.
+ eap_radius_payloads_c * const p_radius_payloads ///< This is pointer to all payloads of the received EAP packet.
+ );
+
+ EAP_FUNC_IMPORT void trace_tunneled_packet(
+ eap_const_string prefix,
+ const eap_header_base_c * const eap_packet);
+
+ //--------------------------------------------------
+protected:
+ //--------------------------------------------------
+
+ //--------------------------------------------------
+public:
+ //--------------------------------------------------
+
+ /**
+ * Destructor cancels all timers and deletes member attributes.
+ */
+ EAP_FUNC_IMPORT virtual ~eap_radius_c();
+
+ /**
+ * Constructor initializes all member attributes.
+ */
+ EAP_FUNC_IMPORT eap_radius_c(
+ abs_eap_am_tools_c * const tools, ///< This is pointer to the tools AM of current platform.
+ abs_eap_radius_c * const partner, ///< This is back pointer to object which created this object.
+ eap_am_radius_c * const am_radius, ///< This is pointer to adaptation module of RADIUS EAP type.
+ const bool free_am_radius, ///< True value means m_am_radius is allocated within eap_radius_c and m_am_radius must be freed in destructor.
+ const bool is_client_when_true ///< Indicates whether this is client (true) or server (false).
+ );
+
+ /**
+ * This function returns string of the state. This is for trace purposes.
+ * NOTE this is static member function.
+ */
+ EAP_FUNC_IMPORT static eap_const_string get_state_string(eap_radius_state_variable_e state);
+
+ /**
+ * This function tells if the object is a client or a server..
+ */
+ EAP_FUNC_IMPORT bool get_is_client();
+
+ EAP_FUNC_IMPORT eap_status_e load_module(
+ const eap_type_value_e type,
+ const eap_type_value_e tunneling_type,
+ abs_eap_base_type_c * const partner,
+ eap_base_type_c ** const eap_type,
+ const bool is_client_when_true,
+ const eap_am_network_id_c * const receive_network_id);
+
+ EAP_FUNC_IMPORT eap_status_e unload_module(const eap_type_value_e eap_type);
+
+ EAP_FUNC_IMPORT eap_status_e restart_authentication(
+ const eap_am_network_id_c * const receive_network_id,
+ const bool is_client_when_true,
+ const bool force_clean_restart,
+ const bool from_timer = false);
+
+ EAP_FUNC_IMPORT eap_status_e asynchronous_init_remove_eap_session(
+ const eap_am_network_id_c * const send_network_id);
+
+ EAP_FUNC_IMPORT eap_status_e check_is_valid_eap_type(const eap_type_value_e eap_type);
+
+ EAP_FUNC_IMPORT eap_status_e get_eap_type_list(
+ eap_array_c<eap_type_value_e> * const eap_type_list);
+
+ EAP_FUNC_IMPORT eap_status_e add_rogue_ap(
+ eap_array_c<eap_rogue_ap_entry_c> & rogue_ap_list);
+
+ EAP_FUNC_IMPORT eap_status_e set_session_timeout(
+ const u32_t session_timeout_ms);
+
+ /**
+ * The partner class calls this function when EAP/RADIUS packet is received.
+ * see also eap_base_type_c::packet_process().
+ */
+ EAP_FUNC_IMPORT eap_status_e packet_process(
+ const eap_am_network_id_c * const receive_network_id, ///< This is the network identity of the received EAP packet.
+ eap_radius_header_base_c * const radius, ///< This is pointer to RADIUS header and data.
+ const u32_t radius_packet_length ///< This is length of received RADIUS packet.
+ );
+
+ /**
+ * This function obtains header offset, MTU and trailer length.
+ * See also abs_eap_base_type_c::get_header_offset().
+ */
+ EAP_FUNC_IMPORT u32_t get_header_offset(
+ u32_t * const MTU,
+ u32_t * const trailer_length
+ );
+
+ /**
+ * This function creates a message authentication code (MAC)
+ */
+ EAP_FUNC_IMPORT eap_status_e create_message_authentication_code(
+ eap_radius_MAC_attributes_c *MAC_attributes, ///< This includes required parameters.
+ const eap_radius_code_value_e code,
+ const eap_variable_data_c * const authentication_key
+ );
+
+ // This is commented in abs_eap_base_timer_c::timer_delete_data().
+ EAP_FUNC_IMPORT eap_status_e timer_expired(
+ const u32_t id, void *data
+ );
+
+ // This is commented in abs_eap_base_timer_c::timer_delete_data().
+ EAP_FUNC_IMPORT eap_status_e timer_delete_data(
+ const u32_t id, void *data
+ );
+
+ // This is commented in eap_base_type_c::set_is_valid().
+ EAP_FUNC_IMPORT void set_is_valid();
+
+ // This is commented in eap_base_type_c::get_is_valid().
+ EAP_FUNC_IMPORT bool get_is_valid();
+
+ // This is commented in eap_base_type_c::configure().
+ /**
+ * EAP-type RADIUS reads configuration.
+ */
+ EAP_FUNC_IMPORT eap_status_e configure();
+
+ // This is commented in eap_base_type_c::shutdown().
+ /**
+ * The shutdown() function is called before the destructor of the
+ * object is executed. During the function call the object
+ * could shutdown the operations, for example cancel timers.
+ * Each derived class must define this function.
+ */
+ EAP_FUNC_IMPORT eap_status_e shutdown();
+
+ /**
+ * The read_configure() function reads the configuration data identified
+ * by the field string of field_length bytes length. Adaptation module must direct
+ * the query to some persistent store.
+ * @param field is generic configure string idenfying the required configure data.
+ * @param field_length is length of the field string.
+ * @param data is pointer to existing eap_variable_data object.
+ */
+ EAP_FUNC_IMPORT virtual eap_status_e read_configure(
+ const eap_configuration_field_c * const field,
+ eap_variable_data_c * const data
+ );
+
+ /**
+ * The write_configure() function writes the configuration data identified
+ * by the field string of field_length bytes length. Adaptation module must direct
+ * the action to some persistent store.
+ * @param field is generic configure string idenfying the required configure data.
+ * @param field_length is length of the field string.
+ * @param data is pointer to existing eap_variable_data object.
+ */
+ EAP_FUNC_IMPORT virtual eap_status_e write_configure(
+ const eap_configuration_field_c * const field,
+ eap_variable_data_c * const data
+ );
+
+ // This is commented in eap_base_type_c::eap_acknowledge().
+ EAP_FUNC_IMPORT eap_status_e eap_acknowledge(
+ const eap_am_network_id_c * const receive_network_id);
+
+ /**
+ * This function must reset the state of object to same as
+ * state was after the configure() function call.
+ * If object reset succeeds this function must return eap_status_ok.
+ * If object reset fails this function must return corresponding error status.
+ * @return This function returns the status of reset operation.
+ */
+ EAP_FUNC_IMPORT eap_status_e reset();
+
+ //
+ EAP_FUNC_IMPORT eap_status_e set_timer(
+ abs_eap_base_timer_c * const p_initializer,
+ const u32_t p_id,
+ void * const p_data,
+ const u32_t p_time_ms);
+
+ EAP_FUNC_IMPORT eap_status_e cancel_timer(
+ abs_eap_base_timer_c * const p_initializer,
+ const u32_t p_id);
+
+ //
+ EAP_FUNC_IMPORT eap_status_e cancel_all_timers();
+
+ //--------------------------------------------------
+}; // class eap_radius_c
+
+#endif //#if !defined(_RADIUS_CORE_H_)
+
+//--------------------------------------------------
+
+
+
+// End.