--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/eapol/eapol_framework/eapol_symbian/am/include/eap_am_type_aka_symbian.h	Thu Dec 17 08:47:43 2009 +0200
@@ -0,0 +1,513 @@
+/*
+* Copyright (c) 2001-2006 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of the License "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description:  EAP and WLAN authentication protocols.
+*
+*/
+
+
+
+
+#if !defined(_EAP_AM_TYPE_AKA_SYMBIAN_H_)
+#define _EAP_AM_TYPE_AKA_SYMBIAN_H_
+
+
+//  INCLUDES
+
+#include <EapType.h>
+#include <d32dbms.h>
+#include "eap_tools.h"
+#include "eap_am_export.h"
+#include "abs_eap_base_type.h"
+
+#include "eap_am_type_aka.h"
+#include "abs_eap_am_aka_algorithm.h"
+
+// FORWARD DECLARATIONS
+class eap_am_tools_symbian_c;
+class CEapAkaInterface;
+
+// For the server side.
+const u32_t MAX_PSEUDONYM_USE_COUNT = 1;
+const u32_t MAX_REAUTH_USE_COUNT = 3;
+
+
+// CLASS DECLARATION
+
+/**
+* Class that implements the operating system dependent portion of 
+* EAP AKA protocol for Symbian OS.
+*/
+
+
+class EAP_EXPORT eap_am_type_aka_symbian_c
+: public CBase, public eap_am_type_aka_c
+{
+public:
+	//--------------------------------------------------
+	
+	EAP_FUNC_IMPORT static eap_am_type_aka_symbian_c* NewL(
+		abs_eap_am_tools_c * const aTools,
+		abs_eap_base_type_c * const aPartner,
+		const TIndexType aIndexType,
+		const TInt aIndex,
+		const eap_type_value_e aTunnelingType,
+		const bool aIsClient,
+		const eap_am_network_id_c * const receive_network_id);
+		
+	// 
+	EAP_FUNC_IMPORT virtual ~eap_am_type_aka_symbian_c();	
+	
+	
+	/**  From the parent eap_am_type_aka_c **/
+
+	EAP_FUNC_IMPORT eap_status_e configure();
+
+	EAP_FUNC_IMPORT eap_status_e reset();
+
+	/**
+	 * The shutdown() function is called before the destructor of the 
+	 * object is executed. During the function call the object 
+	 * could shutdown the operations, for example cancel timers.
+	 * Each derived class must define this function.
+	 */
+	EAP_FUNC_IMPORT eap_status_e shutdown();
+
+	/** AKA client calls this function.
+	 *  AKA AM could store copy of pseudonym identity to favourite place for future use.
+	 *  If parameter pseudonym is NULL pointer, AM should reset the existing pseudonym.
+	 */
+	EAP_FUNC_IMPORT eap_status_e store_pseudonym_id(
+		const eap_am_network_id_c * const send_network_id,
+		const eap_variable_data_c * const pseudonym);
+
+	/** AKA client calls this function.
+	 *  AKA AM could store copy of reauthentication identity to favourite place for future use.
+	 *  If parameter reauthentication_identity is NULL pointer, AM should reset the existing reauthentication identity.
+	 */
+	EAP_FUNC_IMPORT eap_status_e store_reauthentication_id(
+		const eap_am_network_id_c * const send_network_id,
+		const eap_variable_data_c * const reauthentication_identity);
+
+	/** AKA server and client calls this function.
+	 * In order to use re-authentication, the client and the server need to
+	 * store the following values: original XKEY, K_aut, K_encr, latest
+	 * counter value and the next re-authentication identity.
+	 * This function stores original XKEY, K_aut, K_encr and latest
+	 * counter value.
+	 */
+	EAP_FUNC_IMPORT eap_status_e store_reauth_parameters(
+		const eap_variable_data_c * const XKEY,
+		const eap_variable_data_c * const K_aut,
+		const eap_variable_data_c * const K_encr,
+		const u32_t reauth_counter);
+
+	/** AKA client calls this function.
+	 *  AKA AM could do finishing operations to databases etc. based on authentication status and type.
+	 */
+	EAP_FUNC_IMPORT eap_status_e authentication_finished(
+		const bool true_when_successfull,
+		const eap_aka_authentication_type_e authentication_type,
+		const eap_type_aka_identity_type identity_type);
+
+	/** AKA server and client calls this function.
+	 * In order to use re-authentication, the client and the server need to
+	 * store the following values: original XKEY, K_aut, K_encr, latest
+	 * counter value and the next re-authentication identity.
+	 */
+	EAP_FUNC_IMPORT eap_status_e query_reauth_parameters(
+		eap_variable_data_c * const XKEY,
+		eap_variable_data_c * const K_aut,
+		eap_variable_data_c * const K_encr,
+		u32_t * const reauth_counter);
+
+	/** AKA server and client calls this function.
+	 *  This function increases re-authentication counter after a successfull re-authentication.
+	 */
+	EAP_FUNC_IMPORT eap_status_e increase_reauth_counter();
+
+	/** AKA client calls this function.
+	 *  AM could copy IMSI or pseudonym to output parameters.
+	 *  AM must copy IMSI or pseudonym to output parameters.
+	 *  This function could be completed asyncronously with abs_eap_am_type_aka_c::complete_AKA_IMSI_or_pseudonym_or_reauthentication_id_query() function call.
+	 */
+	EAP_FUNC_IMPORT eap_status_e query_AKA_IMSI_or_pseudonym_or_reauthentication_id(
+		eap_variable_data_c * const IMSI,
+		eap_variable_data_c * const pseudonym_identity,
+		eap_variable_data_c * const reauthentication_identity,
+		eap_variable_data_c * const automatic_realm, ///< If this is not used, do not add any data to this parameter.
+		u32_t * const length_of_mnc,
+		const aka_payload_AT_type_e required_identity, ///< This parameter indicated the type of identity required.
+		const eap_type_aka_complete_e required_completion, ///< This parameter tells the required completion after this call is completed, if this is asyncronous. Use this value with abs_eap_am_type_aka_c::complete_AKA_IMSI_or_pseudonym_or_reauthentication_id_query() function call.
+		const u8_t received_eap_identifier ///< This is the EAP-identifier of the received EAP-request message. Use this value with abs_eap_am_type_aka_c::complete_AKA_IMSI_or_pseudonym_or_reauthentication_id_query() function call.
+		);
+
+	/** AKA client calls this function.
+	 *  This call cancels asyncronous query_AKA_IMSI_or_pseudonym_or_reauthentication_id() function call.
+	 *  AM must not complete query_AKA_IMSI_or_pseudonym_or_reauthentication_id()
+	 *  with abs_eap_am_type_aka_c::complete_AKA_IMSI_or_pseudonym_or_reauthentication_id_query() after
+	 *  cancel_AKA_IMSI_or_pseudonym_or_reauthentication_id_query() call.
+	 */
+	EAP_FUNC_IMPORT eap_status_e cancel_AKA_IMSI_or_pseudonym_or_reauthentication_id_query();
+
+
+	/** AKA client calls this function.
+	 *  Input parameter RAND and AUTN as input to AKA algorithm.
+	 *  AM could copy CK, IK and RES to output parameters.
+	 *  This function could be completed asyncronously with abs_eap_am_type_aka_c::complete_AKA_RES_query() function call.
+	 */
+	EAP_FUNC_IMPORT eap_status_e query_AKA_RES(
+		eap_type_aka_authentication_vector_c * const authentication_vector);
+
+	/** AKA client calls this function.
+	 *  This call cancels asyncronous query_AKA_RES() function call.
+	 *  AM must not complete query_AKA_RES()
+	 *  with abs_eap_am_type_aka_c::complete_AKA_RES_query() after
+	 *  cancel_AKA_RES_query() call.
+	 */
+	EAP_FUNC_IMPORT eap_status_e cancel_AKA_RES_query();
+
+	/** AKA client calls this function.
+	 *  Received AT_NOTIFICATION is handled in AM of AKA.
+	 *  AM could show localized message to user.
+	 */
+	EAP_FUNC_IMPORT eap_status_e handle_aka_notification(eap_aka_notification_codes_e aka_notification_code);
+
+	/** AKA server calls this function.
+	 *  AM could copy triplets to output parameters.
+	 *  This function could be completed asyncronously with abs_eap_am_type_aka_c::complete_AKA_authentication_vector_query() function call.
+	 */
+	EAP_FUNC_IMPORT eap_status_e query_AKA_authentication_vector(
+		const eap_variable_data_c * const username, ///< // This is payload AT_IDENTITY. If this is uninitialized then imsi must be initialized.
+		const u8_t next_eap_identifier,
+		eap_variable_data_c * const imsi, ///< This is the real IMSI. If this is uninitialized then username must be initialized and imsi will be initialized after this call.
+		eap_type_aka_authentication_vector_c * const authentication_vector,
+		eap_type_aka_identity_type * const type);
+
+	/** AKA server calls this function.
+	 *  This call cancels asyncronous query_AKA_authentication_vector() function call.
+	 *  AM must not complete query_AKA_authentication_vector() with abs_eap_am_type_aka_c::complete_AKA_authentication_vector_query() after
+	 *  cancel_AKA_authentication_vector_query() call.
+	 */
+	EAP_FUNC_IMPORT eap_status_e cancel_AKA_authentication_vector_query();
+
+	/** AKA server/client calls this function.
+	 *  This function call generates with a good source of
+	 *  randomness the initialization vector (AT_IV payload).
+	 */
+	EAP_FUNC_IMPORT eap_status_e generate_encryption_IV(
+		eap_variable_data_c * const encryption_IV,
+		const u32_t IV_length);
+
+	/** AKA server calls this function.
+	 *  New pseudonym identity is generated for IMSI.
+	 *  Algorithm is freely selected. Look at query_imsi_from_username().
+	 *  Pseudonym identity is copied to pseudonym_identity parameter.
+	 *  Maximum length of pseudonym is maximum_pseudonym_length bytes.
+	 */
+	EAP_FUNC_IMPORT eap_status_e generate_pseudonym_id(
+		const eap_am_network_id_c * const send_network_id,
+		const eap_variable_data_c * const imsi,
+		eap_variable_data_c * const pseudonym_identity,
+		const u32_t maximum_pseudonym_length);
+
+	/** AKA server calls this function.
+	 *  New reauthentication identity is generated for IMSI.
+	 *  Algorithm is freely selected. Look at query_imsi_from_username().
+	 *  Reauthentication identity is copied to pseudonym parameter.
+	 *  Maximum length of pseudonym is maximum_reauthentication_identity_length bytes.
+	 */
+	EAP_FUNC_IMPORT eap_status_e generate_reauthentication_id(
+		const eap_am_network_id_c * const send_network_id,
+		const eap_variable_data_c * const imsi,
+		eap_variable_data_c * const reauthentication_identity,
+		const u32_t maximum_reauthentication_identity_length);
+
+	/** AKA server calls this function.
+	 *  Server queries IMSI with username.
+	 *  Username could be IMSI, pseudonym or re-authentication identity.
+	 *  Adaptation module must verify which username is.
+	 *  Adaptation module could map IMSI and username as it wish.
+	 *  It can select any algorithm. Look at generate_pseudonym_id() and generate_reauthentication_id().
+	 *  Function must return IMSI and set the identity type of received username.
+	 */
+	EAP_FUNC_IMPORT eap_status_e query_imsi_from_username(
+		const u8_t next_eap_identifier,
+		const eap_am_network_id_c * const send_network_id,
+		const eap_variable_data_c * const username,
+		eap_variable_data_c * const imsi,
+		eap_type_aka_identity_type * const type,
+		const eap_type_aka_complete_e completion_action);
+
+	/** AKA server calls this function.
+	 *  Server queries re-syncronization.
+	 *  This function call is completed by complete_re_syncronization_query() function.
+	 */
+	EAP_FUNC_IMPORT eap_status_e query_re_syncronization(
+		const u8_t next_eap_identifier,
+		eap_type_aka_authentication_vector_c * const authentication_vector
+		);
+
+	/** AKA server calls this function.
+	 *  This call cancels asyncronous query_imsi_from_username() function call.
+	 *  AM must not complete query_imsi_from_username()
+	 *  with abs_eap_am_type_aka_c::complete_imsi_from_username() after
+	 *  cancel_imsi_from_username_query() call.
+	 */
+	EAP_FUNC_IMPORT eap_status_e cancel_imsi_from_username_query();
+
+	/**
+	 * The type_configure_read() function reads the configuration data identified
+	 * by the field string of field_length bytes length. Adaptation module must direct
+	 * the query to some persistent store.
+	 * @param field is generic configure string idenfying the required configure data.
+	 * @param field_length is length of the field string.
+	 * @param data is pointer to existing eap_variable_data object.
+	 */
+	EAP_FUNC_IMPORT eap_status_e type_configure_read(
+		const eap_configuration_field_c * const field,
+		eap_variable_data_c * const data);
+
+	/**
+	 * The type_configure_write() function writes the configuration data identified
+	 * by the field string of field_length bytes length. Adaptation module must direct
+	 * the action to some persistent store.
+	 * @param field is generic configure string idenfying the required configure data.
+	 * @param field_length is length of the field string.
+	 * @param data is pointer to existing eap_variable_data object.
+	 */
+	EAP_FUNC_IMPORT eap_status_e type_configure_write(
+		const eap_configuration_field_c * const field,
+		eap_variable_data_c * const data);		
+
+	EAP_FUNC_IMPORT void set_is_valid();
+
+	EAP_FUNC_IMPORT bool get_is_valid();
+	
+#if defined(__WINS__)
+	
+	EAP_FUNC_IMPORT eap_status_e query_SIM_imsi(
+		u8_t * const imsi, const u32_t max_length, u32_t * const imsi_length);
+		
+#endif //#if defined(__WINS__)
+	
+	EAP_FUNC_IMPORT eap_status_e complete_AKA_imsi_L(
+		const eap_variable_data_c * const IMSI,
+		const eap_status_e completion_status = eap_status_ok);
+		
+	EAP_FUNC_IMPORT eap_status_e complete_AKA_RES_L(
+		eap_variable_data_c * const aRES, 
+		eap_variable_data_c * const aCK,
+		eap_variable_data_c * const aIK,
+		eap_variable_data_c * const aAUTS,
+		eap_status_e authenticationStatus = eap_status_ok,
+		const eap_status_e completion_status = eap_status_ok);
+		
+	/**
+	 * Returns true if the full authenticated session is valid.
+	 * It finds the difference between current time and the 
+	 * last full authentication time. If the difference is less than the
+	 * Maximum Session Validity Time, then session is valid, returns true.
+	 * Otherwise returns false. 
+	 * Full authentication should be done if the session is not valid.
+	 */
+	EAP_FUNC_IMPORT bool is_session_valid();
+
+	//--------------------------------------------------
+protected:
+	//--------------------------------------------------
+
+	eap_am_type_aka_symbian_c(
+		abs_eap_am_tools_c * const tools,
+		abs_eap_base_type_c * const partner,
+		const TIndexType aIndexType,
+		const TInt aIndex,
+		const eap_type_value_e aTunnelingType,
+		const bool aIsClient,
+		const eap_am_network_id_c * const receive_network_id);
+	
+
+	void ConstructL();
+
+	//--------------------------------------------------
+
+private:
+
+	void type_configure_readL(
+		eap_config_string field,
+		const u32_t field_length,
+		eap_variable_data_c * const data);
+
+	void store_reauth_parametersL(
+		const eap_variable_data_c * const XKEY,
+		const eap_variable_data_c * const K_aut,
+		const eap_variable_data_c * const K_encr,
+		const u32_t reauth_counter);
+	
+	void query_reauth_parametersL(
+		eap_variable_data_c * const reauth_XKEY,
+		eap_variable_data_c * const reauth_K_aut,
+		eap_variable_data_c * const reauth_K_encr,
+		u32_t * const reauth_counter);
+
+	void increase_reauth_counterL();
+	
+	void query_AKA_IMSI_or_pseudonym_or_reauthentication_idL(
+		eap_variable_data_c * const IMSI,
+		eap_variable_data_c * const pseudonym_identity,
+		eap_variable_data_c * const reauthentication_identity,
+		eap_variable_data_c * const automatic_realm, ///< If this is not used, do not add any data to this parameter.
+		const aka_payload_AT_type_e required_identity,
+		const eap_type_aka_complete_e required_completion,
+		const u8_t received_eap_identifier);	
+
+	void store_pseudonym_idL(
+		const eap_am_network_id_c * const /*network_id*/,
+		const eap_variable_data_c * const pseudonym);
+
+	void store_reauthentication_idL(
+		const eap_am_network_id_c * const /*network_id*/,
+		const eap_variable_data_c * const /* reauthentication_id */);
+
+#if defined (USE_EAP_TYPE_SERVER_AKA)
+	// These functions are used only for server side.
+	
+	eap_status_e generate_identity(
+		const eap_type_aka_identity_type identity_type,
+		const eap_variable_data_c * const imsi,
+		eap_variable_data_c * const pseudonym,
+		const u32_t maximum_pseudonym_length);
+			
+	eap_status_e query_imsi_from_username_syncronous(
+		const u8_t next_eap_identifier,
+		const eap_am_network_id_c * const network_id,
+		const eap_variable_data_c * const username,
+		eap_variable_data_c * const imsi,
+		eap_type_aka_identity_type * const identity_type);		
+		
+#endif // #if defined (USE_EAP_TYPE_SERVER_AKA)		
+	
+	eap_status_e store_imsi(const eap_variable_data_c * const imsi);
+
+	void store_imsiL(const eap_variable_data_c * const imsi);
+			
+	eap_status_e check_is_valid_imsi( const eap_variable_data_c * const username );		
+
+	void send_error_notification(const eap_status_e error);
+	
+	/**
+	 * Returns true if the full authenticated session is valid.
+	 * It finds the difference between current time and the 
+	 * last full authentication time. If the difference is less than the
+	 * Maximum Session Validity Time, then session is valid, returns true.
+	 * Otherwise returns false. 
+	 * Full authentication should be done if the session is not valid.
+	 */
+	bool is_session_validL();
+	
+	/**
+	 * Stores current universal time as the the full authentication time
+	 * in the database. Returns KErrNone if storing succeeds.
+	 */
+	void store_authentication_timeL();
+
+private:
+	//--------------------------------------------------
+	RDbs m_session;
+	
+	RDbNamedDatabase m_database;	
+
+	eap_am_tools_symbian_c * const m_am_tools;
+
+	abs_eap_base_type_c * const m_partner;
+
+	eap_variable_data_c m_nai_realm;
+
+	TIndexType m_index_type;
+	
+	TInt m_index;
+
+	eap_type_value_e m_tunneling_type;
+
+	bool m_is_valid;
+
+	bool m_is_client;
+
+	eap_variable_data_c m_stored_reauth_id;
+	
+	eap_variable_data_c m_stored_pseudonym;
+	
+	eap_variable_data_c m_previous_imsi;
+
+	eap_type_aka_complete_e m_stored_required_completion;
+	
+	u8_t m_stored_received_eap_identifier;
+
+	bool m_shutdown_was_called;
+
+	abs_eap_am_aka_algorithm_c *m_aka_algorithm;
+	
+	CEapAkaInterface* m_aka_if;	
+	
+	eap_variable_data_c m_simulator_aka_K;
+	eap_variable_data_c m_simulator_aka_OP;
+	eap_variable_data_c m_simulator_aka_AMF;
+	
+	eap_type_aka_authentication_vector_c * m_authentication_vector;
+	
+	eap_variable_data_c m_pseudonym_identity;
+	eap_variable_data_c m_reauthentication_identity;
+	eap_variable_data_c m_username;
+	eap_am_network_id_c m_receive_network_id;
+
+	eap_variable_data_c m_IMSI;
+
+	aka_payload_AT_type_e m_required_identity;
+	eap_type_aka_complete_e m_required_completion;
+	eap_type_aka_identity_type m_identity_type;
+	eap_type_aka_complete_e m_completion_action;
+	u8_t m_next_eap_identifier;
+		
+	eap_aka_authentication_vector_status_e m_aka_authentication_vector_status;
+	u32_t m_pseudonym_key_index;
+	eap_variable_data_c m_pseudonym_key;
+	eap_variable_data_c m_pseudonym_MAC_key;
+	eap_variable_data_c m_prev_pseudonym_key;
+	eap_variable_data_c m_prev_pseudonym_MAC_key;
+	u32_t m_pseudonym_key_use_count;
+	
+	// These values are needed especially in the case of synchronization failure.
+	eap_variable_data_c m_RAND;
+	eap_variable_data_c m_AUTN;
+
+	// This holds the max session time read from the configuration file.
+	TInt64 m_max_session_time;
+	
+	// This is the vendor-type for tunneling EAP type.
+	// Valid for both expanded and non-expanded EAP types.
+	// This is used since m_tunneling_type can not be used in the same way 
+	// in expanded and non-expanded cases. 
+	// Unlike EAP type, Tunneling type is still non-expanded
+	// for both cases especially for using in the EAP databases.
+	u32_t m_tunneling_vendor_type;	
+	
+}; // class eap_am_type_aka_symbian_c
+
+
+#endif //#if !defined(_EAP_AM_TYPE_AKA_SYMBIAN_H_)
+
+//--------------------------------------------------
+
+
+
+// End of file