--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/eapol/eapol_framework/eapol_common/type/tls_peap/eap/include/eap_type_tls_peap_types.h Thu Dec 17 08:47:43 2009 +0200
@@ -0,0 +1,1116 @@
+/*
+* Copyright (c) 2001-2006 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of the License "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description: EAP and WLAN authentication protocols.
+*
+*/
+
+
+
+
+#if !defined(_EAP_TYPE_TLS_PEAP_TYPES_H_)
+#define _EAP_TYPE_TLS_PEAP_TYPES_H_
+
+#include "eap_buffer.h"
+#include "eap_type_all_types.h"
+#include "tls_peap_types.h"
+#include "eap_configuration_field.h"
+
+/** @file eap_type_tls_peap_types.h
+ * @brief This file defines the constants of the TLS_PEAP EAP type.
+ */
+
+/**
+ * This is the internal state of the TLS_PEAP EAP type.
+ */
+enum eap_type_tls_peap_state_variable_e
+{
+ eap_type_tls_peap_state_waiting_for_identity_request , ///< Client state waiting_for_identity_request
+ eap_type_tls_peap_state_pending_identity_query , ///< Client state pending_identity_query
+ eap_type_tls_peap_state_waiting_for_tls_start , ///< Client state waiting_for_eap_start
+ eap_type_tls_peap_state_process_tls_start , ///< Client state process_tls_start
+ eap_type_tls_peap_state_waiting_for_request , ///< Client state waiting_for_request
+ eap_type_tls_peap_state_waiting_for_success , ///< Client state waiting_for_success
+ eap_type_tls_peap_state_tppd_peapv1_waits_eap_success_or_tunneled_packet , ///< Client state PEAPv1 waits EAP-Success or tunneled packet.
+
+ eap_type_tls_peap_state_waiting_for_identity_response , ///< Server state waiting_for_identity_response
+ eap_type_tls_peap_state_waiting_for_first_response , ///< Server state waiting_for_first_response, This is needed in PEAP version negotiation.
+ eap_type_tls_peap_state_waiting_for_response , ///< Server state waiting_for_response
+ eap_type_tls_peap_state_waiting_for_empty_response , ///< Server state waiting_for_empty_response
+ eap_type_tls_peap_state_waiting_for_empty_tppd_peap_v1_acknowledge , ///< Server state waiting_for_empty_tppd_peap_v1_response
+
+#if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK)
+ eap_type_tls_peap_state_server_waits_ttls_plain_ms_chap_v2_empty_ack , ///< This is state notification to server to wait empty TTLS/plain MsChapv2 Ack.
+#endif //#if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK)
+
+ eap_type_tls_peap_state_process_tls_message , ///< Client or server state process_tls_message
+
+ eap_type_tls_peap_state_success , ///< State state_success
+ eap_type_tls_peap_state_failure , ///< State state_failure
+
+ eap_type_tls_peap_state_last_value , ///< Keep this enum the last one.
+};
+
+
+enum eap_type_tls_peap_reassembly_state_e
+{
+ eap_type_tls_peap_reassembly_state_none,
+ eap_type_tls_peap_reassembly_state_wait_first_message,
+ eap_type_tls_peap_reassembly_state_wait_last_fragment,
+ eap_type_tls_peap_reassembly_state_message_reassembled,
+};
+
+
+/**
+ * This is the type of the TLS_PEAP authentication.
+ */
+enum eap_tls_peap_authentication_type_e
+{
+ TLS_PEAP_AUTHENTICATION_TYPE_NONE,
+ TLS_PEAP_AUTHENTICATION_TYPE_TLS,
+ TLS_PEAP_AUTHENTICATION_TYPE_PEAP,
+};
+
+enum eap_type_tls_peap_stored_e
+{
+ eap_type_tls_peap_stored_none,
+ eap_type_tls_peap_stored_session_id,
+ eap_type_tls_peap_stored_master_secret,
+ eap_type_tls_peap_stored_used_cipher_suite,
+ eap_type_tls_peap_stored_count_of_session_resumes,
+ eap_type_tls_peap_stored_test_every_cipher_suite_counter,
+#if defined(USE_EAP_TLS_SESSION_TICKET)
+ eap_type_tls_peap_stored_session_ticket_encryption_key,
+ eap_type_tls_peap_stored_session_ticket_authentication_key,
+ eap_type_tls_peap_stored_session_ticket_lifetime_hint,
+ eap_type_tls_peap_stored_session_ticket_data,
+#endif // #if defined(USE_EAP_TLS_SESSION_TICKET)
+#if defined(USE_FAST_EAP_TYPE)
+ eap_type_tls_peap_stored_tunnel_pac_is_fresh,
+ eap_type_tls_peap_stored_tunnel_pac,
+ eap_type_tls_peap_stored_user_authorization_pac,
+ eap_type_tls_peap_stored_provisioning_successfull,
+ eap_type_tls_peap_stored_provisioning_mode,
+ eap_type_tls_peap_stored_provisioning_pac_type,
+ eap_type_tls_peap_stored_tls_session_type,
+#endif //#if defined(USE_FAST_EAP_TYPE)
+};
+
+/**
+ * This is the size of the local send buffer.
+ */
+const u32_t EAP_TLS_PEAP_LOCAL_PACKET_BUFFER_LENGTH = EAP_MAX_LOCAL_PACKET_BUFFER_LENGTH;
+
+/**
+ * This is the at character used in NAI.
+ */
+const u8_t EAP_TLS_PEAP_AT_CHARACTER = '@';
+
+
+/**
+ * This is the maximum size of the EAP-TLS/PEAP message.
+ * This value limits the maximum size of the received EAP-TLS/PEAP message.
+ */
+const u32_t EAP_TLS_PEAP_MAX_MESSAGE_LENGTH = 65536ul;
+
+
+/**
+ * @defgroup EAP_TLS_PEAP_config_options Configuration options of EAP-TLS/PEAP.
+ * The following configuration options are read through abs_eap_base_type_c::read_configure() function.
+ * @{
+ */
+
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_use_manual_username,
+ "EAP_TLS_PEAP_use_manual_username",
+ eap_configure_type_boolean,
+ false);
+
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_manual_username,
+ "EAP_TLS_PEAP_manual_username",
+ eap_configure_type_string,
+ false);
+
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_use_manual_realm,
+ "EAP_TLS_PEAP_use_manual_realm",
+ eap_configure_type_boolean,
+ false);
+
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_manual_realm,
+ "EAP_TLS_PEAP_manual_realm",
+ eap_configure_type_string,
+ false);
+
+#if defined(USE_EAP_TLS_SESSION_TICKET)
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_use_session_ticket,
+ "EAP_TLS_PEAP_use_session_ticket",
+ eap_configure_type_boolean,
+ false);
+#endif //#if defined(USE_EAP_TLS_SESSION_TICKET)
+
+
+#if defined(USE_EAP_TLS_SESSION_TICKET)
+EAP_CONFIGURATION_FIELD(
+ cf_str_TLS_fail_with_illegal_session_ticket_or_pac,
+ "TLS_fail_with_illegal_session_ticket_or_pac",
+ eap_configure_type_boolean,
+ false);
+#endif //#if defined(USE_EAP_TLS_SESSION_TICKET)
+
+
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_disable_certificates,
+ "EAP_TLS_PEAP_disable_certificates",
+ eap_configure_type_boolean,
+ false);
+
+
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_ttls_pap_password_prompt,
+ "EAP_TLS_PEAP_ttls_pap_password_prompt",
+ eap_configure_type_boolean,
+ false);
+
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_ttls_pap_username,
+ "EAP_TLS_PEAP_ttls_pap_username",
+ eap_configure_type_string,
+ false);
+
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_ttls_pap_password,
+ "EAP_TLS_PEAP_ttls_pap_password",
+ eap_configure_type_string,
+ false);
+
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_ttls_pap_max_session_validity_time,
+ "EAP_TLS_PEAP_ttls_pap_max_session_validity_time",
+ eap_configure_type_u32_t,
+ false);
+
+
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_ttls_pap_randomly_fail_password,
+ "EAP_TLS_PEAP_ttls_pap_randomly_fail_password",
+ eap_configure_type_boolean,
+ false);
+
+
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_FAST_authority_identity,
+ "EAP_FAST_authority_identity",
+ eap_configure_type_string,
+ false);
+
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_FAST_authority_identity_hex_data,
+ "EAP_FAST_authority_identity",
+ eap_configure_type_hex_data,
+ false);
+
+/**
+ * This is boolean configuration option.
+ * True value means every cipher suite is tested during test run.
+ * False value means only selected cipher suite is tested. See EAP_TLS_PEAP_cipher_suite.
+ * Default value is false.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_test_every_cipher_suite,
+ "EAP_TLS_PEAP_test_every_cipher_suite",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This u32_t configuration option is the cipher suite.
+ * Default value is 19 = 0x0013 (TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA).
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_cipher_suite,
+ "EAP_TLS_PEAP_cipher_suite",
+ eap_configure_type_u32_t,
+ false);
+
+/**
+ * This u32array_t configuration option is the array of accepted cipher suites.
+ * Default value is 19 = 0x0013 (TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA).
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_allowed_cipher_suites,
+ "EAP_TLS_PEAP_allowed_cipher_suites",
+ eap_configure_type_u32array,
+ false);
+
+/**
+ * This u32_t configuration option is the maximum count of session resumes.
+ * Default value is 0.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_max_count_of_session_resumes,
+ "EAP_TLS_PEAP_max_count_of_session_resumes",
+ eap_configure_type_u32_t,
+ false);
+
+/**
+ * This u32_t configuration option is the count of session resumes.
+ * Default value is 0.
+ */
+#if defined(USE_EAP_FIXED_DATABASE_FIELDS)
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_count_of_session_resumes,
+ "EAP_TLS_PEAP_count_of_session_resumes",
+ eap_configure_type_u32_t,
+ false);
+#else
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_count_of_session_resumes,
+ "session_resume_count",
+ eap_configure_type_u32_t,
+ false);
+#endif
+
+
+/**
+ * This hex data configuration option is the saved session ID.
+ * Default value is 0.
+ */
+#if defined(USE_EAP_FIXED_DATABASE_FIELDS)
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_saved_session_id,
+ "EAP_TLS_PEAP_saved_session_id",
+ eap_configure_type_hex_data,
+ false);
+#else
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_saved_session_id,
+ "session_id",
+ eap_configure_type_hex_data,
+ false);
+#endif
+
+/**
+ * This hex data or u32array configuration option value is list of EAP-types client accepts inside PEAP.
+ * Values in the u32array are type of u32_t.
+ * This is used in simulator testing.
+ */
+#if defined(USE_EAP_FIXED_DATABASE_FIELDS)
+EAP_CONFIGURATION_FIELD(
+ cf_str_PEAP_accepted_tunneled_client_types_hex_data,
+ "PEAP_accepted_tunneled_client_types",
+ eap_configure_type_hex_data,
+ false);
+EAP_CONFIGURATION_FIELD(
+ cf_str_PEAP_accepted_tunneled_client_types_u32array,
+ "PEAP_accepted_tunneled_client_types",
+ eap_configure_type_u32array,
+ false);
+EAP_CONFIGURATION_FIELD(
+ cf_str_PEAP_unaccepted_tunneled_client_types_hex_data,
+ "PEAP_unaccepted_tunneled_client_types",
+ eap_configure_type_hex_data,
+ false);
+EAP_CONFIGURATION_FIELD(
+ cf_str_PEAP_unaccepted_tunneled_client_types_u32array,
+ "PEAP_unaccepted_tunneled_client_types",
+ eap_configure_type_u32array,
+ false);
+#else
+EAP_CONFIGURATION_FIELD(
+ cf_str_PEAP_accepted_tunneled_client_types_hex_data,
+ "PEAP_tunneled_types",
+ eap_configure_type_hex_data,
+ false);
+EAP_CONFIGURATION_FIELD(
+ cf_str_PEAP_accepted_tunneled_client_types_u32array,
+ "PEAP_tunneled_types",
+ eap_configure_type_u32array,
+ false);
+
+#endif
+
+/**
+ * This hex data or u32array configuration option value is list of EAP-types server accepts inside PEAP.
+ * Values in the array are type of u32_t.
+ * This is used in simulator testing.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_PEAP_accepted_tunneled_server_types_hex_data,
+ "PEAP_accepted_tunneled_server_types",
+ eap_configure_type_hex_data,
+ false);
+EAP_CONFIGURATION_FIELD(
+ cf_str_PEAP_accepted_tunneled_server_types_u32array,
+ "PEAP_accepted_tunneled_server_types",
+ eap_configure_type_u32array,
+ false);
+
+/**
+ * This boolean configuration option value true allows PEAP restore tunneled session.
+ * This means PEAP does not run the tunneled EAP-type when
+ * PEAP session is resumed successfully.
+ * Default value is true.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_PEAP_allow_tunneled_session_resumption,
+ "PEAP_allow_tunneled_session_resumption",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This boolean configuration option value true allows PEAP server restore tunneled session.
+ * This means PEAP version 0 does not run the tunneled EAP-type when
+ * PEAP session is resumed successfully.
+ * Default value is true.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_PEAP_server_allow_tunneled_session_resumption,
+ "PEAP_server_allow_tunneled_session_resumption",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This boolean configuration option value true commands PEAPv1 server use tunneled Extensions Request message.
+ * Default value is false.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_PEAPv1_server_use_extensions_request,
+ "PEAPv1_server_use_extensions_request",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This hex data configuration option is the saved master secret.
+ * Default value is 0.
+ */
+#if defined(USE_EAP_FIXED_DATABASE_FIELDS)
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_saved_master_secret,
+ "EAP_TLS_PEAP_saved_master_secret",
+ eap_configure_type_hex_data,
+ true);
+#else
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_saved_master_secret,
+ "master_secret",
+ eap_configure_type_hex_data,
+ true);
+#endif
+
+/**
+ * This u32_t configuration option is the saved cipher suite.
+ * Default value is 0.
+ */
+#if defined(USE_EAP_FIXED_DATABASE_FIELDS)
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_saved_cipher_suite,
+ "EAP_TLS_PEAP_saved_cipher_suite",
+ eap_configure_type_u32_t,
+ false);
+#else
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_saved_cipher_suite,
+ "saved_cipher_suite",
+ eap_configure_type_u32_t,
+ false);
+#endif
+
+
+/**
+ * This string configuration option is the filename for the client DSA certificate used
+ * in EAP-type TLS_PEAP.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_DSA_client_certificate_file,
+ "EAP_TLS_PEAP_DSA_client_certificate_file",
+ eap_configure_type_string,
+ false);
+
+/**
+ * This string configuration option is the filename for the client DSA private key used
+ * in EAP-type TLS_PEAP.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_DSA_client_private_key_file,
+ "EAP_TLS_PEAP_DSA_client_private_key_file",
+ eap_configure_type_string,
+ false);
+
+/**
+ * This string configuration option is the filename for the server DSA certificate used
+ * in EAP-type TLS_PEAP.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_DSA_server_certificate_file,
+ "EAP_TLS_PEAP_DSA_server_certificate_file",
+ eap_configure_type_string,
+ false);
+
+/**
+ * This string configuration option is the filename for the server DSA private key used
+ * in EAP-type TLS_PEAP.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_DSA_server_private_key_file,
+ "EAP_TLS_PEAP_DSA_server_private_key_file",
+ eap_configure_type_string,
+ false);
+
+/**
+ * This string configuration option is the filename for the client's CA
+ * DSA certificate used for verifying server's identity in EAP-type TLS_PEAP.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_DSA_client_ca_certificate_file,
+ "EAP_TLS_PEAP_DSA_client_ca_certificate_file",
+ eap_configure_type_string,
+ false);
+
+/**
+ * This string configuration option is the filename for the server's CA
+ * DSA certificate used for verifying client's identity in EAP-type TLS_PEAP.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_DSA_server_ca_certificate_file,
+ "EAP_TLS_PEAP_DSA_server_ca_certificate_file",
+ eap_configure_type_string,
+ false);
+
+
+/**
+ * This string configuration option is the filename for the client RSA certificate used
+ * in EAP-type TLS_PEAP.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_RSA_client_certificate_file,
+ "EAP_TLS_PEAP_RSA_client_certificate_file",
+ eap_configure_type_string,
+ false);
+
+/**
+ * This string configuration option is the filename for the client RSA private key used
+ * in EAP-type TLS_PEAP.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_RSA_client_private_key_file,
+ "EAP_TLS_PEAP_RSA_client_private_key_file",
+ eap_configure_type_string,
+ false);
+
+/**
+ * This string configuration option is the filename for the server RSA certificate used
+ * in EAP-type TLS_PEAP.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_RSA_server_certificate_file,
+ "EAP_TLS_PEAP_RSA_server_certificate_file",
+ eap_configure_type_string,
+ false);
+
+/**
+ * This string configuration option is the filename for the server RSA private key used
+ * in EAP-type TLS_PEAP.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_RSA_server_private_key_file,
+ "EAP_TLS_PEAP_RSA_server_private_key_file",
+ eap_configure_type_string,
+ false);
+
+/**
+ * This string configuration option is the filename for the client's CA
+ * RSA certificate used for verifying server's identity in EAP-type TLS_PEAP.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_RSA_client_ca_certificate_file,
+ "EAP_TLS_PEAP_RSA_client_ca_certificate_file",
+ eap_configure_type_string,
+ false);
+
+/**
+ * This string configuration option is the filename for the server's CA
+ * RSA certificate used for verifying client's identity in EAP-type TLS_PEAP.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_RSA_server_ca_certificate_file,
+ "EAP_TLS_PEAP_RSA_server_ca_certificate_file",
+ eap_configure_type_string,
+ false);
+
+
+#if defined(USE_EAP_TLS_IDENTITY_PRIVACY)
+/**
+ * This is boolean configuration option.
+ * True value means on TLS client uses privacy.
+ * False value means on TLS client does not use privacy.
+ * Default value is false.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_use_identity_privacy,
+ "EAP_TLS_PEAP_use_identity_privacy",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This is boolean configuration option.
+ * True value means on TLS server uses privacy.
+ * False value means on TLS server does not use privacy.
+ * Default value is false.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_use_identity_privacy_server,
+ "EAP_TLS_PEAP_use_identity_privacy_server",
+ eap_configure_type_boolean,
+ false);
+#endif //#if defined(USE_EAP_TLS_IDENTITY_PRIVACY)
+
+
+/**
+ * This is boolean configuration option.
+ * True value means EAP-FAST server sends piggypacked EAP-Identity/Request.
+ * False value means EAP-FAST server does not send piggypacked EAP-Identity/Request, instead it waits empty Ack-message from client.
+ * Default value is true.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_FAST_send_piggypacked_eap_identity_request,
+ "EAP_FAST_send_piggypacked_eap_identity_request",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This is boolean configuration option.
+ * True value means EAP-FAST can run server unauthenticated provisioning.
+ * False value means no EAP-FAST server unauthenticated provisioning is allowed.
+ * Default value is false.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_FAST_allow_server_unauthenticated_provisioning_mode_ADHP,
+ "EAP_FAST_allow_server_unauthenticated_provisioning_mode_ADHP",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This is boolean configuration option.
+ * True value means EAP-FAST can run server authenticated provisioning.
+ * False value means no EAP-FAST server authenticated provisioning is allowed.
+ * Default value is false.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_FAST_allow_server_authenticated_provisioning_mode,
+ "EAP_FAST_allow_server_authenticated_provisioning_mode",
+ eap_configure_type_boolean,
+ false);
+
+
+/**
+ * This is boolean configuration option.
+ * True value means EAP-FAST client can provisioning User Authorization PAC.
+ * False value means EAP-FAST client can not provisioning User Authorization PAC.
+ * Default value is true.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_FAST_allow_user_authorization_pac_provisioning,
+ "EAP_FAST_allow_user_authorization_pac_provisioning",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This is boolean configuration option.
+ * True value means EAP-FAST server randomly refuses provisioning User Authorization PAC.
+ * False value means EAP-FAST server does provisioning User Authorization PAC.
+ * Default value is true.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_FAST_randomly_does_not_provision_user_authorization_pac,
+ "EAP_FAST_randomly_does_not_provision_user_authorization_pac",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This is boolean configuration option.
+ * True value means EAP-FAST server randomly fail successfull authentication with EAP-Failure.
+ * False value means EAP-FAST server does not ramdomly fail authentication.
+ * Default value is false.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_FAST_server_randomly_fail_authentication,
+ "EAP_FAST_server_randomly_fail_authentication",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This is boolean configuration option.
+ * True value means EAP-FAST client accepts A-ID.
+ * False value means no EAP-FAST client does not accept A-ID.
+ * Default value is false.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_accept_a_id,
+ "EAP_TLS_PEAP_accept_a_id",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This is boolean configuration option.
+ * True value means EAP-FAST server fail check of User Authorization PAC randomly.
+ * False value means no EAP-FAST server does not fail check of User Authorization PAC randomly.
+ * Default value is false.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_FAST_test_fail_user_authorization_pac_randomly,
+ "EAP_FAST_test_fail_user_authorization_pac_randomly",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This is boolean configuration option.
+ * True value means EAP-FAST server fail check of Tunnel PAC randomly.
+ * False value means no EAP-FAST server does not fail check of Tunnel PAC randomly.
+ * Default value is false.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_FAST_test_fail_tunnel_pac_randomly,
+ "EAP_FAST_test_fail_tunnel_pac_randomly",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This string configuration option is the password of PAC store.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_FAST_PAC_store_password,
+ "EAP_FAST_PAC_store_password",
+ eap_configure_type_string,
+ false);
+
+/**
+ * This string configuration option is the password of PAC file.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_FAST_tppds_PAC_file_password,
+ "EAP_FAST_tppds_PAC_file_password",
+ eap_configure_type_string,
+ false);
+
+/**
+ * This string configuration option is the device seed of PAC store password.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_FAST_PAC_store_device_seed,
+ "EAP_FAST_PAC_store_device_seed",
+ eap_configure_type_string,
+ false);
+
+
+/**
+ * This string configuration option is the directory path to PAC store.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_FAST_PAC_store_path,
+ "EAP_FAST_PAC_store_path",
+ eap_configure_type_string,
+ false);
+
+
+/**
+ * This string configuration option is the directory path of import directory of PAC store.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_FAST_import_path,
+ "EAP_FAST_import_path",
+ eap_configure_type_string,
+ false);
+
+
+/**
+ * This hex data configuration option is the encryption key server uses with PAC.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_FAST_PAC_encryption_key,
+ "EAP_FAST_PAC_encryption_key",
+ eap_configure_type_hex_data,
+ false);
+
+/**
+ * This hex data configuration option is the authentication key server uses with PAC.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_FAST_PAC_authentication_key,
+ "EAP_FAST_PAC_authentication_key",
+ eap_configure_type_hex_data,
+ false);
+
+/**
+ * This hex data configuration option is the IAP reference the client uses.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_FAST_IAP_reference,
+ "EAP_FAST_IAP_reference",
+ eap_configure_type_hex_data,
+ false);
+
+/**
+ * This hex data configuration option is the Group reference the client uses.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_FAST_Group_reference,
+ "EAP_FAST_Group_reference",
+ eap_configure_type_hex_data,
+ false);
+
+
+/**
+ * This u32_t data configuration option is the timeout of the PAC store key.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_FAST_PAC_store_key_timeout_ms,
+ "EAP_FAST_PAC_store_key_timeout_ms",
+ eap_configure_type_u32_t,
+ false);
+
+
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_FAST_test_remove_IAP_reference,
+ "EAP_FAST_test_remove_IAP_reference",
+ eap_configure_type_boolean,
+ false);
+
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_FAST_test_add_imported_PAC_file,
+ "EAP_FAST_test_add_imported_PAC_file",
+ eap_configure_type_boolean,
+ false);
+
+
+/**
+ * This u32_t data configuration option is the timeout before finish successfull authentication. This is leave time for UI.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_FAST_delay_successfull_finish_timeout,
+ "EAP_FAST_delay_successfull_finish_timeout",
+ eap_configure_type_u32_t,
+ false);
+
+/**
+ * This boolean data configuration option activate prompt to warn for ADHP auto-provisioning when
+ * there is no PAC that matches the A-ID sent by server. EAP-FAST specific.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_FAST_warn_ADHP_no_matching_PAC,
+ "EAP_FAST_warn_ADHP_no_matching_PAC",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This boolean data configuration option activate prompt to warn for ADHP (Authenticated Diffie-Hellman Protocol)
+ * auto-provisioning when there is no PAC at all. EAP-FAST specific.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_FAST_warn_ADHP_no_PAC,
+ "EAP_FAST_warn_ADHP_no_PAC",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This boolean data configuration option activate prompt to warn when client encouters a server that has provisioned
+ * the client with a PAC before but is not currently selected as the default server. EAP-FAST specific.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_FAST_warn_ADHP_not_default_server,
+ "EAP_FAST_warn_ADHP_not_default_server",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This is boolean configuration option.
+ * True value means on successfull authentication EAP-type TLS_PEAP waits the EAP-Success message.
+ * False value means on successfull authentication EAP-type TLS_PEAP does NOT wait the EAP-Success message.
+ * NOTE: True value is needed in Windows RAS.
+ * Default value is true.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_wait_eap_success_packet,
+ "EAP_TLS_PEAP_wait_eap_success_packet",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This is boolean configuration option.
+ * True value means on EAP-type TLS_PEAP must check identifier of EAP-Response/Identity message.
+ * False value means on EAP-type TLS_PEAP does not check identifier of EAP-Response/Identity message.
+ * This is not possible in cases where identifier of the EAP-Request/Identity is generated by other network entities.
+ * Default value is false.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_check_identifier_of_eap_identity_response,
+ "EAP_TLS_PEAP_check_identifier_of_eap_identity_response",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This is boolean configuration option.
+ * This flag activates NAI realm check. Default value is false.
+ * When active NAI realm muts be the same as realm given by EAP_TLS_PEAP_manual_realm option.
+ * Default value is false.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_check_nai_realm,
+ "EAP_TLS_PEAP_check_nai_realm",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This is boolean configuration option.
+ * This is for testing.
+ * True value means on test version of EAP-type TLS_PEAP is used.
+ * Test version tries to make as many authentications as it is possible.
+ * False value means on real version of EAP-type TLS_PEAP is used.
+ * Default value is false.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_test_version,
+ "EAP_TLS_test_version",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This is boolean configuration option.
+ * True value of this flag causes client return random
+ * identity on EAP-Response/Identity.
+ * False value causes client return real identity
+ * (IMSI, pseudonym or re-authentication identity)
+ * in EAP-Response/Identity.
+ * Default value is false.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_use_random_identity_on_eap_identity_response,
+ "EAP_TLS_PEAP_use_random_identity_on_eap_identity_response",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This is u32_t configuration option.
+ * Server selects the proposed PEAP version with this option.
+ * Possible values are 2, 1 and 0.
+ * See: PEAPv0 draft-kamath-pppext-peapv0-00.txt
+ * PEAPv1 draft-josefsson-pppext-eap-tls-eap-05.txt
+ * PEAPv2 draft-josefsson-pppext-eap-tls-eap-XX.txt
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_used_PEAP_version,
+ "EAP_TLS_PEAP_used_PEAP_version",
+ eap_configure_type_u32_t,
+ false);
+
+/**
+ * This is u32array configuration option.
+ * Client and server accepts and selects the PEAP version with this option.
+ * Possible values are 2, 1 and 0.
+ * See: PEAPv0 draft-kamath-pppext-peapv0-00.txt
+ * PEAPv1 draft-josefsson-pppext-eap-tls-eap-05.txt
+ * PEAPv2 draft-josefsson-pppext-eap-tls-eap-XX.txt
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_accepted_PEAP_versions,
+ "EAP_TLS_PEAP_accepted_PEAP_versions",
+ eap_configure_type_u32array,
+ false);
+
+/**
+ * This is u32array configuration option.
+ * Server accepts and selects the PEAP version with this option.
+ * Possible values are 2, 1 and 0.
+ * See: PEAPv0 draft-kamath-pppext-peapv0-00.txt
+ * PEAPv1 draft-josefsson-pppext-eap-tls-eap-05.txt
+ * PEAPv2 draft-josefsson-pppext-eap-tls-eap-XX.txt
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_server_accepted_PEAP_versions,
+ "EAP_TLS_PEAP_server_accepted_PEAP_versions",
+ eap_configure_type_u32array,
+ false);
+
+/**
+ * This is boolean configuration option.
+ * This will select whether the different TLS and PEAP version is used.
+ * Different TLS and PEAP versions use TLS message length in all first message fragments
+ * even the message fits to one fragment except EAP-TLS-start, EAP-TLS-Acknowledge and
+ * PEAP-application data. The client acknowledges tunneled EAP-Success message
+ * with empty PEAP message.
+ * Microsoft's and other's TLS and PEAP does use TLS message only
+ * in the first fragmented TLS message.
+ * True value means TLS message length is included (different style).
+ * False value means TLS message length is NOT included (normal style).
+ * Default value is true.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_use_tppd_tls_peap,
+ "EAP_TLS_PEAP_use_tppd_tls_peap",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * On fast session resume Tppd's server does not send tunneled EAP-Success.
+ * Instead it sends plain EAP-Success.
+ * This configuration flag when set true allows this functionality in client and server.
+ * False value disables this functionality in client and server.
+ * Default value is true.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_use_tppd_peapv1_acknowledge_hack,
+ "EAP_TLS_use_tppd_peapv1_acknowledge_hack",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This is for server only.
+ * On fast session resume Tppd's server does not send tunneled EAP-Success.
+ * Instead it sends plain EAP-Success.
+ * This configuration flag when set true allows this functionality in server.
+ * False value disables this functionality in server.
+ * Default value is true.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_server_use_tppd_peapv1_acknowledge_hack,
+ "EAP_TLS_server_use_tppd_peapv1_acknowledge_hack",
+ eap_configure_type_boolean,
+ false);
+
+
+/**
+ * This is boolean configuration option.
+ * This is used in simulator testing.
+ * True value means queries to AM are completed asyncronous.
+ * False value means queries to AM are completed syncronous.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_do_asyncronous_completions,
+ "EAP_TLS_PEAP_do_asyncronous_completions",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This is boolean configuration option.
+ * This is used in simulator testing.
+ * True value means queries to AM are randomly completed asyncronous.
+ * False value means queries to AM are randomly completed syncronous.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_do_asyncronous_completions_randomly,
+ "EAP_TLS_PEAP_do_asyncronous_completions_randomly",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This is u32_t configuration option.
+ * This is used in simulator testing.
+ * Value is the maximum completion time (ms) when completitions are
+ * completed randomly.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_max_tls_completion_time,
+ "EAP_TLS_PEAP_max_tls_completion_time",
+ eap_configure_type_u32_t,
+ false);
+
+/**
+ * This is boolean configuration option.
+ * This is used in client simulator testing.
+ * True value means query_certificate_chain() to AM fails always automatically in client.
+ * False value means query_certificate_chain() to AM works normally in client.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_fail_query_certificate_chain,
+ "EAP_TLS_PEAP_fail_query_certificate_chain",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This is boolean configuration option.
+ * This flag activates NAI realm check of certificate.
+ * Both client and server will check this.
+ * When this is active *server* checks the NAI realm of EAP-response/Identity is
+ * the same as realm given in the certificate of the client.
+ * When this is active *client* checks the NAI realm of EAP-response/Identity is
+ * the same as realm given in the certificate of the server.
+ * Default value is true.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_verify_certificate_realm,
+ "EAP_TLS_PEAP_verify_certificate_realm",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This is boolean configuration option.
+ * This flag activates "relaxed" NAI realm check of certificate. Realm does not have to
+ * match exactly in this mode. For example server.eapsim.foo and eapsim.foo are considered
+ * to be the same realm.
+ * Only client will check this.
+ * Default value is false.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_allow_subdomain_matching,
+ "EAP_TLS_PEAP_allow_subdomain_matching",
+ eap_configure_type_boolean,
+ false);
+
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_PEAP_use_eap_expanded_type,
+ "EAP_TLS_PEAP_use_eap_expanded_type",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This u32_t configuration value specifies the maximum session validity time in seconds.
+ * Default value is 12 hours in seconds, which is 43200 seconds.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TLS_max_session_validity_time,
+ "EAP_TLS_max_session_validity_time",
+ eap_configure_type_u32_t,
+ false);
+
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_PEAP_max_session_validity_time,
+ "EAP_PEAP_max_session_validity_time",
+ eap_configure_type_u32_t,
+ false);
+
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_TTLS_max_session_validity_time,
+ "EAP_TTLS_max_session_validity_time",
+ eap_configure_type_u32_t,
+ false);
+
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_FAST_max_session_validity_time,
+ "EAP_FAST_max_session_validity_time",
+ eap_configure_type_u32_t,
+ false);
+
+/** @} */ // End of group EAP_TLS_PEAP_config_options.
+
+//--------------------------------------------------
+
+
+#endif //#if !defined(_EAP_TYPE_TLS_PEAP_TYPES_H_)
+
+//--------------------------------------------------
+
+
+
+// End.