/*
* Copyright (c) 2001-2006 Nokia Corporation and/or its subsidiary(-ies).
* All rights reserved.
* This component and the accompanying materials are made available
* under the terms of the License "Eclipse Public License v1.0"
* which accompanies this distribution, and is available
* at the URL "http://www.eclipse.org/legal/epl-v10.html".
*
* Initial Contributors:
* Nokia Corporation - initial contribution.
*
* Contributors:
*
* Description: EAP and WLAN authentication protocols.
*
*/
/*
* %version: 15 %
*/
/**
* @mainpage EAP Core documentation.
*
* @section intro Introduction
* This is a EAP Core documentation generated by doxygen.
* First read <a href="../S60_3_1_EAP_Core.doc">S60_3_1_EAP_Core.doc</a>
* file from <a href="..">EAPOL/documentation</a> directory.
* Release notes are in file <a href="../../../../../wlan_linux/wlaneapol_linux/release_notes.txt">release_notes.txt</a>
*
* @section install Installation
* Installation instructions are in file <a href="../../../../../wlan_linux/wlaneapol_linux/readme.txt">EAPOL/readme.txt</a>.
*
* @section classes Most crucial classes
* The most crucial classes are eap_core_c, abs_eap_core_c,
* eap_base_type_c and abs_eap_base_type_c.
*
* Header files are stored to a directory <a href="../../../include">EAPOL/include</a>.
* Implementation of eap_core_c class is in a file <a href="../../../core/eap_core.cpp">
* EAPOL/core/eap_core.cpp</a>. Implementation of eap_base_type_c class is in a file
* <a href="../../../common/eap_base_type.cpp">EAPOL/common/eap_base_type.cpp</a>.
*
* @section eap_types Implemented EAP-types
*
* @subsection GSMSIM EAP/SIM
* EAP/SIM implementation is in a directory
* <a href="../../../type/gsmsim">EAPOL/type/gsmsim</a>.
* EAP/SIM is specified in draft-haverinen-pppext-eap-sim-xx.txt.
* The most current is
* <a href="../../type/gsmsim/doc/rfc4186.txt">
* RFC 4186</a>.
* IETF drafts and RFC are stored to a directory <a href="../../type/gsmsim/doc">
* EAPOL/type/gsmsim/documentation</a>.
* The document
* <a href="../../type/gsmsim/doc/GSMSIM.doc">GSMSIM.doc</a>
* includes implementation notes of GSMSIM.
*
* @subsection EAP_AKA EAP/AKA
* EAP/AKA implementation is in a directory
* <a href="../../../type/aka">EAPOL/type/aka</a>.
* EAP/AKA is specified in draft-arkko-pppext-eap-aka-xx.txt.
* The most current is
* <a href="../../type/aka/doc/rfc4187.txt">
* RFC 4187</a>.
* IETF drafts are stored to a directory <a href="../../type/aka/doc">
* EAPOL/type/aka/documentation</a>.
*
* @subsection EAP_TLS_PEAP EAP/TLS, PEAP and TTLS
* Implementation design and architecture of EAP/TLS, PEAP and TTLS is in
* <a href="../../type/tls_peap/doc/EAP_TLS_PEAP.doc">EAP_TLS_PEAP.doc</a>
* file in <a href="../../type/tls_peap/doc">EAPOL/type/tls_peap/documentation</a> directory.
* EAP/TLS and PEAP implementation will be in a directory
* <a href="../../../type/tls_peap">EAPOL/type/tls_peap</a>.
* TLS is specified in <a href="../../type/tls_peap/doc/rfc2246.txt">rfc2246.txt</a>.
* EAP/TLS is specified in <a href="../../type/tls_peap/doc/rfc2716.txt">rfc2716.txt</a>.
* PEAPv2 is specified in <a href="../../type/tls_peap/doc/draft-josefsson-pppext-eap-tls-eap-08.txt">draft-josefsson-pppext-eap-tls-eap-08.txt</a>.
* PEAPv1 is specified in <a href="../../type/tls_peap/doc/draft-josefsson-pppext-eap-tls-eap-05.txt">draft-josefsson-pppext-eap-tls-eap-05.txt</a>.
* Windows XP- PEAPv0 is specified in <a href="../../type/tls_peap/doc/draft-kamath-pppext-peapv0-00.txt">draft-kamath-pppext-peapv0-00.txt</a>.
* TTLS is specified in <a href="../../type/tls_peap/doc/draft-ietf-pppext-eap-ttls-04.txt">draft-ietf-pppext-eap-ttls-04.txt</a>.
*
* @subsection EAP_MsChapv2 EAP/MsChapv2
* EAP/MsChapv2 implementation is in a directory
* <a href="../../../type/mschapv2">EAPOL/type/mschapv2</a>.
* EAP/MsChapv2 is specified in draft-kamath-pppext-eap-mschapv2-XX.txt, rfc2433.txt and rfc2759.txt.
* The most current is
* <a href="../../type/mschapv2/doc/draft-kamath-pppext-eap-mschapv2-01.txt">
* EAP/MsChapv2 draft version 2</a>.
* See also <a href="../../type/mschapv2/doc/rfc2433.txt">rfc2433.txt</a>
* and <a href="../../type/mschapv2/doc/rfc2759.txt">rfc2759.txt</a>.
* IETF drafts are stored to a directory <a href="../../type/mschapv2/doc">
* EAPOL/type/mschapv2/doc</a>.
*
* @subsection EAP_SecurID_GTC EAP/SecurID and GTC
* EAP/SecurID implementation is in a directory
* <a href="../../../type/securid">EAPOL/type/securid</a>.
* EAP/SecurID is specified in draft-josefsson-eap-securid-XX.txt.
* The most current is
* <a href="../../type/securid/doc/draft-josefsson-eap-securid-01.txt">
* EAP/SecurID draft version 1</a>.
* IETF drafts are stored to a directory <a href="../../type/securid/doc">
* EAPOL/type/securid/documentation</a>.
*
* @subsection EAP_LEAP EAP/LEAP
* EAP/LEAP implementation is in a directory
* <a href="../../../type/leap">EAPOL/type/leap</a>.
* EAP/LEAP documentation is not included here.
*
* @subsection SAE Experimental Security Association for EAPOL (not used)
* SAE implementation is in a directory <a href="../../../../../wlan_testing/wlaneapol_testing/SAE">EAPOL/SAE</a>.
* Document defining SAE is <a href="../../../../../wlan_testing/wlaneapol_testing/SAE/documentation/EAPOL_SA.doc">EAPOL_SA.doc</a>.
* This is a very experimental test implementation.
* Idea is to use Diffie-Hellman to create keys for a anonymous EAPOL tunnel.
* Any EAP-type could then run inside the tunnel.
* This fixes the problem of current EAPOL over WLAN.
* EAP was designed for poin to point environment and EAPOL to non-shared environment.
*
* NOTE SAE is not used anywhere.
*
* @section Symbian Symbian Plug-in
* EAP Type Plug-in Architecture for Symbian is specified in
* <a href="../../am/type/symbian/plugin/doc/eap_plugin_architecture.doc">
* eap_plugin_architecture.doc</a>.
*
*/
#if !defined(_EAP_CORE_H_)
#define _EAP_CORE_H_
#include "eap_am_export.h"
#include "abs_eap_base_type.h"
#include "eap_core_map.h"
#include "eap_am_network_id.h"
#include "abs_eap_stack_interface.h"
#include "eap_configuration_field.h"
#include "abs_eap_core_map.h"
class abs_eap_core_c;
class abs_eap_am_tools_c;
class eap_core_retransmission_c;
class eap_base_type_c;
class eap_variable_data_c;
//--------------------------------------------------------------------------------------------------
/**
* @defgroup EAP_Core_config_options Configuration options of EAP Core.
* The following configuration options are read through abs_eap_base_type_c::read_configure() function.
* @{
*/
/**
* This is u32_t configuration option.
* This is the maximum count EAP CORE Authenticator resents message again.
* This is used in simulator testing.
*/
EAP_CONFIGURATION_FIELD(
cf_str_EAP_CORE_retransmission_counter,
"EAP_CORE_retransmission_counter",
eap_configure_type_u32_t,
false);
/**
* This is u32_t configuration option.
* This is the time after EAP CORE Authenticator resents message again.
* This is used in simulator testing.
*/
EAP_CONFIGURATION_FIELD(
cf_str_EAP_CORE_retransmission_time,
"EAP_CORE_retransmission_time",
eap_configure_type_u32_t,
false);
/**
* This is u32_t configuration option.
* This is the maximum time EAP authentication could succeed.
* This timeout is same for every EAP-type.
* You must define EAP-type spesific configuration
* if you need different timeout for your EAP-type.
* Authentication is terminated after this time elapses.
* Time is in milli secons.
*/
EAP_CONFIGURATION_FIELD(
cf_str_EAP_CORE_session_timeout,
"EAP_CORE_session_timeout",
eap_configure_type_u32_t,
false);
/**
* This is optional and only valid for server.
* This allows different values for client and server.
* This is u32_t configuration option.
* This is the maximum time EAP authentication could succeed.
* This timeout is same for every EAP-type.
* You must define EAP-type spesific configuration
* if you need different timeout for your EAP-type.
* Authentication is terminated after this time elapses.
* Time is in milli secons.
*/
EAP_CONFIGURATION_FIELD(
cf_str_EAP_CORE_server_session_timeout,
"EAP_CORE_server_session_timeout",
eap_configure_type_u32_t,
false);
/**
* This is optional and only valid for server.
* This is boolean configuration option.
* This flag selects whether EAP-Success is send after state notification is forwarded to lower layer (true)
* or EAP-Success is send before state notification is forwarded to lower layer (false).
* Default value is false.
*/
EAP_CONFIGURATION_FIELD(
cf_str_EAP_CORE_send_eap_success_after_notification,
"EAP_CORE_send_eap_success_after_notification",
eap_configure_type_boolean,
false);
/**
* This is u32_t configuration option.
* This is the time after EAP-Failure is handled.
* Zero means EAP-Failure is handled immediately.
* Time is in milli secons.
* The default value is EAP_CORE_FAILURE_RECEIVED_TIMEOUT.
*/
EAP_CONFIGURATION_FIELD(
cf_str_EAP_CORE_failure_received_timeout,
"EAP_CORE_failure_received_timeout",
eap_configure_type_u32_t,
false);
#if defined(USE_EAP_CORE_WAIT_REQUEST_TYPE_TIMER)
/**
* This is u32_t configuration option.
* This is the maximum time client wait EAP-Request/Identity and EAP-Request/type packets.
* See EAP_CORE_WAIT_EAP_REQUEST_TYPE_ID.
* Time is in milli seconds.
* The default value is EAP_CORE_WAIT_EAP_REQUEST_TYPE_TIMEOUT.
*/
EAP_CONFIGURATION_FIELD(
cf_str_EAP_CORE_wait_eap_request_type_timeout,
"EAP_CORE_wait_eap_request_type_timeout",
eap_configure_type_u32_t,
false);
/**
* This is optional and only valid for server.
* This is boolean configuration option.
* This flag selects whether EAP-Request/Identity is send (true) or not (false).
* Default value is false.
*/
EAP_CONFIGURATION_FIELD(
cf_str_EAP_CORE_skip_eap_request_identity,
"EAP_CORE_skip_eap_request_identity",
eap_configure_type_boolean,
false);
#endif //#if defined(USE_EAP_CORE_WAIT_REQUEST_TYPE_TIMER)
/** @} */ // End of group EAP_Core_config_options.
//--------------------------------------------------------------------------------------------------
/**
* This is the timer ID used with abs_eap_am_tools_c::set_timer() and abs_eap_am_tools_c::cancel_timer().
*/
enum eap_core_timer_id
{
EAP_CORE_TIMER_RETRANSMISSION_ID, ///< This is time after a EAP-Request message is resent again. This is for testing purposes. See USE_EAP_CORE_RETRANSMISSION compilation flag.
#if defined(USE_EAP_CORE_SERVER)
EAP_CORE_DELAYED_EAP_NAK_PROCESS_ID, ///< See EAP_CORE_DELAYED_EAP_NAK_PROCESS_TIMEOUT.
#endif //#if defined(USE_EAP_CORE_SERVER)
EAP_CORE_SESSION_TIMEOUT_ID, ///< See EAP_CORE_TIMER_HANDLER_TIMEOUT_TIMEOUT.
EAP_CORE_FAILURE_RECEIVED_ID, ///< See EAP_CORE_FAILURE_RECEIVED_TIMEOUT.
EAP_CORE_REMOVE_SESSION_TIMEOUT_ID, ///< See EAP_CORE_REMOVE_SESSION_TIMEOUT.
#if defined(USE_EAP_CORE_WAIT_REQUEST_TYPE_TIMER)
EAP_CORE_WAIT_EAP_REQUEST_TYPE_ID, ///< See EAP_CORE_WAIT_EAP_REQUEST_TYPE_TIMEOUT.
#endif //#if defined(USE_EAP_CORE_WAIT_REQUEST_TYPE_TIMER)
};
/**
* This is time after a EAP-Failure message is handled.
*/
const u32_t EAP_CORE_FAILURE_RECEIVED_TIMEOUT = 2000ul;
#if defined(USE_EAP_CORE_SERVER)
/**
* This is time after a EAP-Response/Nak message is processes.
* We could wait if more suitable message is received.
*/
const u32_t EAP_CORE_DELAYED_EAP_NAK_PROCESS_TIMEOUT = 2000u;
#endif //#if defined(USE_EAP_CORE_SERVER)
/**
* This is the size of the local send buffer. Please use atleast minimum ethernet packet length 60 bytes.
*/
const u32_t EAP_CORE_PACKET_BUFFER_LENGTH = 512u;
/**
* Re-transmission is used to test protocols.
* This is the maximum count EAP message is resent again.
* This is used in simulator testing.
* This is configurable parameter. See eap.conf EAP_CORE_retransmission_counter.
*/
const u32_t EAP_CORE_RETRANSMISSION_COUNTER = 5;
/**
* Re-transmission is used to test protocols.
* This is the time after EAP message is resent again.
* This is used in simulator testing.
* This is configurable parameter. See eap.conf EAP_CORE_retransmission_time.
*/
const u32_t EAP_CORE_RETRANSMISSION_TIME = 1000u; /* milli seconds */
/**
* This is the maximum time EAP authentication could succeed.
* Authentication is terminated after this time elapses.
* This is configurable parameter. See eap.conf EAP_CORE_session_timeout.
* See EAP_CORE_SESSION_TIMEOUT_ID.
* Time is in milli seconds.
*/
const u32_t EAP_CORE_SESSION_TIMEOUT = 120000u; /* milli seconds */
/**
* This is the delay time after EAP-session is removed after authentication finished.
* This is configurable parameter.
* See EAP_CORE_REMOVE_SESSION_TIMEOUT_ID.
* Time is in milli seconds.
*/
const u32_t EAP_CORE_REMOVE_SESSION_TIMEOUT = 10000ul; /* milli seconds */
#if defined(USE_EAP_CORE_WAIT_REQUEST_TYPE_TIMER)
/**
* This is the maximum time client wait EAP-Request/Identity and EAP-Request/type packets.
* See EAP_CORE_WAIT_EAP_REQUEST_TYPE_ID.
* Time is in milli seconds.
*/
const u32_t EAP_CORE_WAIT_EAP_REQUEST_TYPE_TIMEOUT = 5000ul; /* milli seconds */
#endif //#if defined(USE_EAP_CORE_WAIT_REQUEST_TYPE_TIMER)
#if defined(USE_EAP_CORE_SERVER)
/**
* This is default policy of EAP-Nak message.
* False value means EAP-Nak is prosessed after a timeout.
* True value means EAP-NAk is prosessed immediately.
*/
const bool EAP_CORE_PROCESS_EAP_NAK_IMMEDIATELY = true;
#endif //#if defined(USE_EAP_CORE_SERVER)
/// A eap_core_c class implements the basic functionality of EAP-type.
class EAP_EXPORT eap_core_c
: public abs_eap_core_map_c
, public abs_eap_base_type_c
, public abs_eap_base_timer_c
, public abs_eap_stack_interface_c
{
private:
//--------------------------------------------------
/// This is back pointer to object which created this object.
/// Packets are sent to the partner.
abs_eap_core_c *m_partner;
/// This is pointer to the tools class.
abs_eap_am_tools_c * const m_am_tools;
/// This stores eap_base_type objects using eap_variable_data selector.
eap_core_map_c<eap_base_type_c, abs_eap_core_map_c, eap_variable_data_c> m_type_map;
/// This stores the current EAP-type. When requested, we send our ID using
/// our default EAP-type. This is our best quess of other peer's EAP-type.
/// Other peer will sent the real EAP-type later and we can NAK it then
/// and send our own EAP-type. This is due the limitations of EAP-protocol.
eap_type_value_e m_current_eap_type;
/// This is our default EAP-type.
eap_type_value_e m_default_eap_type;
/// This is the queried EAP-identity.
/// This is saved because other EAP-types may be load afterwards
/// and they may query EAP-identity.
eap_variable_data_c m_eap_identity;
/// This is offset in bytes of the EAP-type header.
u32_t m_eap_header_offset;
/// This is maximum transfer unit in bytes.
u32_t m_MTU;
/// This is length of the trailer in bytes.
u32_t m_trailer_length;
/// This is network identity of the received packet.
eap_am_network_id_c m_receive_network_id;
/// Re-transmission is used to test protocols.
/// This stores the information to resent a message. This is used for testing purposes.
eap_core_retransmission_c *m_retransmission;
/// Re-transmission is used to test protocols.
/// This is the time after resent a message. This is used for testing purposes.
u32_t m_retransmission_time;
/// Re-transmission is used to test protocols.
/// This is the maximum count of retransmission of one message. This is used for testing purposes.
u32_t m_retransmission_counter;
/// This is the maximum time authentication could succeed.
/// Authentication is terminated after this time elapses.
/// The EAP-type could change the timeout by calling set_session_timeout() function.
u32_t m_session_timeout;
u32_t m_eap_core_failure_received_timeout;
u32_t m_remove_session_timeout;
#if defined(USE_EAP_CORE_WAIT_REQUEST_TYPE_TIMER)
u32_t m_wait_eap_request_type_timeout;
bool m_wait_eap_request_type_timeout_set;
#endif //#if defined(USE_EAP_CORE_WAIT_REQUEST_TYPE_TIMER)
/// Latest received EAP-identifier. Used only for EAP-Request/Identity handling in client.
/// Ensures that the EAP-Response/Identity is sent with the latest EAP-identifier.
u8_t m_eap_identity_request_identifier_client;
/// This indicates whether this object is client (true) or server (false).
/// In terms of EAP-protocol whether this network entity is EAP-supplicant (true) or EAP-authenticator (false).
bool m_is_client;
/// This indicates whether the authentication role of this object is client (true) or server (false).
/// In terms of EAP-protocol whether this network entitys authentication role is EAP-supplicant (true) or EAP-authenticator (false).
/// NOTE the LEAP type changes authentication role during the authentication session.
bool m_is_client_role;
/// This indicates whether this object was generated successfully.
bool m_is_valid;
/// Client has initiated restart.
bool m_client_restart_authentication_initiated;
/// This flag indicates that this object is marked to removed asynchronously.
/// The very same object could be taken use before the removing timer elapses.
bool m_marked_removed;
/// This flag prevents server receiving of multiple EAP-Response/Identity message.
/// This is set true after the server accepts EAP-Response/Identity message.
bool m_eap_identity_response_accepted;
/// Function shutdown() is called already.
bool m_shutdown_was_called;
/// Server received EAP-Response from client. Server must not sent any other EAP-type. Server could send EAP-Failure or EAP-Success.
/// Client sent a response. Client must not accept any other EAP-type.
bool m_eap_type_response_sent;
/// Tells whether this is tunneled EAP-session. For example inside PEAP or TTLS tunnel.
/// This causes some changes to timeouts.
bool m_is_tunneled_eap;
#if defined(USE_EAP_CORE_SERVER)
/// If this flag is true EAP-Response/Nak is processed immediately.
/// If this flag is false EAP-Response/Nak is processed after a timeout.
/// There might be received more suitable EAP-Response.
bool m_process_eap_nak_immediately;
/// EAP-Response/Nak is initiated.
bool m_nak_process_timer_active;
/// This flag prevents server sending of multiple EAP-Request/Identity message.
bool m_eap_identity_request_send;
/// This is set true after the server receives EAP-Response/Identity message.
bool m_eap_identity_response_received;
/// This flag is set true after a EAP-Failure is sent.
bool m_eap_failure_sent;
/// This flag selects whether EAP-Success is send after state notification is forwarded to lower layer (true)
/// or EAP-Success is send before state notification is forwarded to lower layer (false).
bool m_send_eap_success_after_notification;
#if defined(USE_EAP_CORE_WAIT_REQUEST_TYPE_TIMER)
// This flag selects whether EAP-Request/Identity is send (true) or not (false).
bool m_skip_eap_request_identity;
#endif //#if defined(USE_EAP_CORE_WAIT_REQUEST_TYPE_TIMER)
#endif //#if defined(USE_EAP_CORE_SERVER)
bool m_use_eap_expanded_type;
/// Some of the protocols terminates with EAP-Failure. This flag tells to ignore EAP-Failure.
bool m_ignore_eap_failure;
bool m_ignore_notifications;
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/**
* Re-transmission is used to test protocols.
* This function resends the packet.
*/
EAP_FUNC_IMPORT eap_status_e resend_packet(
const eap_am_network_id_c * const send_network_id,
eap_buf_chain_wr_c * const sent_packet,
const u32_t header_offset,
const u32_t data_length,
const u32_t buffer_free,
const u32_t retransmission_counter
);
/**
* Re-transmission is used to test protocols.
* This function cancels retransmissions.
*/
EAP_FUNC_IMPORT eap_status_e cancel_retransmission();
/**
* Re-transmission is used to test protocols.
* This function inits retransmission of sent packet.
*/
EAP_FUNC_IMPORT eap_status_e init_retransmission(
const eap_am_network_id_c * const send_network_id,
eap_buf_chain_wr_c * const sent_packet,
const u32_t header_offset,
const u32_t data_length,
const eap_code_value_e eap_code,
const u8_t eap_identifier,
const eap_type_value_e eap_type
);
/**
* This function cancels previous session timeout and initializes new timeout for the session.
*/
EAP_FUNC_IMPORT eap_status_e initialize_session_timeout(
const u32_t session_timeout_ms);
/**
* This function cancels timeout for a session.
*/
EAP_FUNC_IMPORT eap_status_e cancel_session_timeout();
/**
* This function calls shutdown() for one eap_base_type_c object.
*/
EAP_FUNC_IMPORT static eap_status_e shutdown_operation(
eap_base_type_c * const value,
abs_eap_am_tools_c * const m_am_tools);
/**
* This function calls reset() for one eap_base_type_c object.
*/
EAP_FUNC_IMPORT static eap_status_e reset_operation(
eap_base_type_c * const handler,
abs_eap_am_tools_c * const m_am_tools);
EAP_FUNC_IMPORT eap_status_e client_proposes_eap_types(
const eap_am_network_id_c * const receive_network_id,
const u8_t eap_identifier);
/**
* This function processes EAP-packet with known EAP-type.
*/
EAP_FUNC_IMPORT eap_status_e packet_process_type(
const eap_type_value_e used_eap_type,
const eap_am_network_id_c * const receive_network_id,
eap_general_header_base_c * const packet_data,
const u32_t packet_length);
#if defined(USE_EAP_CORE_SERVER)
/**
* This function re-starts authentication with new EAP-type.
* Only server calls this function.
*/
EAP_FUNC_IMPORT eap_status_e restart_with_new_type(
const eap_type_value_e used_eap_type,
const eap_am_network_id_c * const receive_network_id,
const u8_t eap_identifier);
#endif //#if defined(USE_EAP_CORE_SERVER)
#if defined(USE_EAP_CORE_SERVER)
EAP_FUNC_IMPORT eap_status_e handle_eap_identity_response(
eap_base_type_c * const handler,
const eap_type_value_e used_eap_type,
const eap_am_network_id_c * const receive_network_id,
eap_header_wr_c * const eap,
const u32_t packet_length);
#endif //#if defined(USE_EAP_CORE_SERVER)
/**
* This function handles EAP-Request/Identity.
*/
EAP_FUNC_IMPORT eap_status_e handle_eap_identity_request(
const eap_type_value_e used_eap_type,
const u8_t eap_identifier,
const eap_am_network_id_c * const receive_network_id);
/**
* This function creates EAP-Response/Identity.
*/
EAP_FUNC_IMPORT eap_status_e create_eap_identity_response(
eap_buf_chain_wr_c * const response_packet,
const eap_variable_data_c * const identity,
const u8_t eap_identifier
);
/**
* This function sends EAP-Response/Identity.
*/
EAP_FUNC_IMPORT eap_status_e send_eap_identity_response(
const eap_am_network_id_c * const send_network_id,
const eap_variable_data_c * const identity,
const u8_t eap_identifier);
/**
* This function sends EAP-Response/Notification.
*/
EAP_FUNC_IMPORT eap_status_e send_eap_notification_response(
const eap_am_network_id_c * const send_network_id,
const u8_t eap_identifier);
/**
* This function initializes timeout for received EAP-Failure.
*/
EAP_FUNC_IMPORT eap_status_e set_eap_failure_timeout();
/**
* This function cancels timeout for received EAP-Failure.
*/
EAP_FUNC_IMPORT eap_status_e cancel_eap_failure_timeout();
#if defined(USE_EAP_CORE_WAIT_REQUEST_TYPE_TIMER)
eap_status_e set_wait_eap_request_type_timeout();
eap_status_e cancel_wait_eap_request_type_timeout();
#endif //#if defined(USE_EAP_CORE_WAIT_REQUEST_TYPE_TIMER)
EAP_FUNC_IMPORT eap_status_e asynchronous_init_remove_eap_session();
EAP_FUNC_IMPORT eap_status_e initialize_asynchronous_init_remove_eap_session(
const u32_t remove_session_timeout);
EAP_FUNC_IMPORT eap_status_e cancel_asynchronous_init_remove_eap_session();
eap_status_e init_end_of_session(
const abs_eap_state_notification_c * const state);
eap_status_e set_eap_identity_routing_info_and_nai_decoration(
eap_variable_data_c * const identity);
//--------------------------------------------------
protected:
//--------------------------------------------------
//--------------------------------------------------
public:
//--------------------------------------------------
/**
* The destructor of the eap_core class does nothing special.
*/
EAP_FUNC_IMPORT virtual ~eap_core_c();
/**
* The constructor initializes member attributes using parameters passed to it.
* @param tools is pointer to the tools class. @see abs_eap_am_tools_c.
* @param partner is back pointer to object which created this object.
* @param is_client_when_true indicates whether the network entity should act
* @param is_tunneled_eap tells the EAP is run in tunnel (PEAP or other).
* as a client (true) or server (false), in terms of EAP-protocol
* whether this network entity is EAP-supplicant (true) or EAP-authenticator (false).
*/
EAP_FUNC_IMPORT eap_core_c(
abs_eap_am_tools_c * const tools,
abs_eap_core_c * const partner,
const bool is_client_when_true,
const eap_am_network_id_c * const receive_network_id,
const bool is_tunneled_eap);
/**
* The load_type() function function indicates the lower level to load
* new module including EAP-type. The type parameter is the requested EAP-type.
* @param type is the identifier of the required EAP type.
* @return Function returns pointer to the EAP type object.
*/
EAP_FUNC_IMPORT eap_base_type_c * load_type(
const eap_type_value_e type,
const eap_type_value_e tunneling_type,
const eap_am_network_id_c * const receive_network_id);
EAP_FUNC_IMPORT void trace_eap_packet(
eap_const_string prefix,
const eap_header_wr_c * const eap_header);
// This is documented in abs_eap_stack_interface_c::packet_process().
EAP_FUNC_IMPORT eap_status_e packet_process(
const eap_am_network_id_c * const receive_network_id,
eap_general_header_base_c * const packet_data,
const u32_t packet_length);
// This is documented in abs_eap_base_type_c::packet_send().
EAP_FUNC_IMPORT eap_status_e packet_send(
const eap_am_network_id_c * const send_network_id,
eap_buf_chain_wr_c * const sent_packet,
const u32_t header_offset,
const u32_t data_length,
const u32_t buffer_length);
/**
* The get_partner() function returns pointer to partner class.
*/
EAP_FUNC_IMPORT abs_eap_core_c * get_partner();
/**
* The set_partner() function sets pointer to partner class.
*/
EAP_FUNC_IMPORT void set_partner(abs_eap_core_c * const partner);
// This is documented in abs_eap_base_type_c::get_header_offset().
EAP_FUNC_IMPORT u32_t get_header_offset(
u32_t * const MTU,
u32_t * const trailer_length);
// This is documented in abs_eap_base_type_c::load_module().
EAP_FUNC_IMPORT eap_status_e load_module(
const eap_type_value_e type,
const eap_type_value_e /* tunneling_type */,
abs_eap_base_type_c * const partner,
eap_base_type_c ** const eap_type,
const bool is_client_when_true,
const eap_am_network_id_c * const receive_network_id);
// This is documented in abs_eap_base_type_c::unload_module().
EAP_FUNC_IMPORT eap_status_e unload_module(
const eap_type_value_e type);
/**
* The adaptation module calls the eap_acknowledge() function after
* any Network Protocol packet is received. This is used as a success indication.
* This is described in RFC 2284 "PPP Extensible Authentication Protocol (EAP)".
* Mostly there is only one session in the client.
* The server does not need eap_acknowledge() function because
* server (EAP-authenticator) sends the EAP-success message.
*/
EAP_FUNC_IMPORT eap_status_e eap_acknowledge(
const eap_am_network_id_c * const receive_network_id);
// This is documented in abs_eap_base_type_c::restart_authentication().
EAP_FUNC_IMPORT eap_status_e restart_authentication(
const eap_am_network_id_c * const send_network_id,
const bool is_client_when_true);
/**
* The EAP Core calls the send_eap_nak_response() function
* when EAP-authentication with requested EAP type is not possible.
* @param receive_network_id includes the addresses (network identity) and packet type.
* @param eap_identifier is the EAP-Identifier to be used with EAP-Nak message.
* @param preferred_eap_type is the acceptable EAP-Type to be informed with an other peer.
*/
EAP_FUNC_IMPORT eap_status_e send_eap_nak_response(
const eap_am_network_id_c * const receive_network_id,
const u8_t eap_identifier,
const eap_array_c<eap_type_value_e> * const eap_type_list);
#if defined(USE_EAP_CORE_SERVER)
/**
* The EAP Core calls the send_eap_identity_request() function
* when EAP-authentication is needed with another peer.
* @param network_id includes the addresses (network identity) and packet type.
*/
EAP_FUNC_IMPORT eap_status_e send_eap_identity_request(
const eap_am_network_id_c * const network_id);
/**
* This function sends EAP-Success.
*/
EAP_FUNC_IMPORT eap_status_e send_eap_success(
const eap_am_network_id_c * const send_network_id,
const u8_t eap_identifier);
/**
* This function sends EAP-Failure.
*/
EAP_FUNC_IMPORT eap_status_e send_eap_failure(
const eap_am_network_id_c * const send_network_id,
const u8_t eap_identifier);
#endif //#if defined(USE_EAP_CORE_SERVER)
// This is documented in abs_eap_base_type_c::packet_data_crypto_keys().
EAP_FUNC_IMPORT eap_status_e packet_data_crypto_keys(
const eap_am_network_id_c * const send_network_id,
const eap_master_session_key_c * const master_session_key
);
// This is documented in abs_eap_stack_interface_c::configure().
EAP_FUNC_IMPORT eap_status_e configure();
// This is documented in abs_eap_stack_interface_c::shutdown().
EAP_FUNC_IMPORT eap_status_e shutdown();
// This is documented in abs_eap_base_type_c::read_configure().
EAP_FUNC_IMPORT virtual eap_status_e read_configure(
const eap_configuration_field_c * const field,
eap_variable_data_c * const data);
// This is documented in abs_eap_base_type_c::write_configure().
EAP_FUNC_IMPORT virtual eap_status_e write_configure(
const eap_configuration_field_c * const field,
eap_variable_data_c * const data);
// This is documented in abs_eap_stack_interface_c::set_is_valid().
EAP_FUNC_IMPORT void set_is_valid();
// This is documented in abs_eap_stack_interface_c::get_is_valid().
EAP_FUNC_IMPORT bool get_is_valid();
// This is documented in abs_eap_base_type_c::state_notification().
EAP_FUNC_IMPORT void state_notification(
const abs_eap_state_notification_c * const state);
// See abs_eap_base_timer_c::timer_expired().
EAP_FUNC_IMPORT eap_status_e timer_expired(
const u32_t id, void *data);
// See abs_eap_base_timer_c::timer_delete_data().
EAP_FUNC_IMPORT eap_status_e timer_delete_data(
const u32_t id, void *data);
/**
* eap_core_map_c class increases reference count each time reference to stored object is get.
* Here is always just one state for one session so no references are used.
*/
EAP_FUNC_IMPORT void object_increase_reference_count();
/**
* eap_core_map_c class increases reference count each time reference to stored object is get.
* Here is always just one state for one session so no references are used.
*/
EAP_FUNC_IMPORT u32_t object_decrease_reference_count();
/**
* @{ Add configuration of accepted EAP-types. }
*/
// This is documented in abs_eap_base_type_c::check_is_valid_eap_type().
EAP_FUNC_IMPORT eap_status_e check_is_valid_eap_type(const eap_type_value_e eap_type);
// This is commented in abs_eap_base_type_c::get_eap_type_list().
EAP_FUNC_IMPORT eap_status_e get_eap_type_list(
eap_array_c<eap_type_value_e> * const eap_type_list);
/**
* Gets flag whether this session is marked removed.
* Session is removed later if it is not reused.
*/
EAP_FUNC_IMPORT bool get_marked_removed();
/**
* Marks this session removed.
* Session is removed later if it is not reused.
*/
EAP_FUNC_IMPORT void set_marked_removed();
/**
* Marks this session not removed.
* Session is not removed it is reused.
*/
EAP_FUNC_IMPORT void unset_marked_removed();
/**
* Prevents all notifications.
*/
EAP_FUNC_IMPORT void ignore_notifications();
/**
* This function must reset the state of object to same as
* state was after the configure() function call.
* If object reset succeeds this function must return eap_status_ok.
* If object reset fails this function must return corresponding error status.
* @return This function returns the status of reset operation.
*/
EAP_FUNC_IMPORT eap_status_e reset();
// This is documented in abs_eap_base_type_c::complete_eap_identity_query().
EAP_FUNC_IMPORT eap_status_e complete_eap_identity_query(
const eap_am_network_id_c * const send_network_id,
const eap_variable_data_c * const identity,
const u8_t eap_identifier);
// This is documented in abs_eap_base_type_c::get_saved_eap_identity().
EAP_FUNC_IMPORT eap_status_e get_saved_eap_identity(eap_variable_data_c * const identity);
// This is documented in abs_eap_base_type_c::set_session_timeout().
EAP_FUNC_IMPORT eap_status_e set_session_timeout(
const u32_t session_timeout_ms);
// This is documented in abs_eap_base_type_c::set_timer().
EAP_FUNC_IMPORT eap_status_e set_timer(
abs_eap_base_timer_c * const p_initializer,
const u32_t p_id,
void * const p_data,
const u32_t p_time_ms);
// This is documented in abs_eap_base_type_c::cancel_timer().
EAP_FUNC_IMPORT eap_status_e cancel_timer(
abs_eap_base_timer_c * const p_initializer,
const u32_t p_id);
// This is documented in abs_eap_base_type_c::cancel_all_timers().
EAP_FUNC_IMPORT eap_status_e cancel_all_timers();
// This is documented in abs_eap_base_type_c::set_authentication_role().
EAP_FUNC_IMPORT eap_status_e set_authentication_role(const bool when_true_set_client);
// This is documented in abs_eap_base_type_c::add_rogue_ap().
EAP_FUNC_IMPORT eap_status_e add_rogue_ap(eap_array_c<eap_rogue_ap_entry_c> & rogue_ap_list);
// This is documented in abs_eap_base_type_c::get_is_tunneled().
EAP_FUNC_IMPORT bool get_is_tunneled_eap() const;
//--------------------------------------------------
}; // class eap_core_c
#endif //#if !defined(_EAP_CORE_H_)
//--------------------------------------------------
// End.