FCL/sf/mw/accesssec: eapol/eapol_framework/eapol_common/am/include/tls_am


/*
* Copyright (c) 2001-2006 Nokia Corporation and/or its subsidiary(-ies).
* All rights reserved.
* This component and the accompanying materials are made available
* under the terms of the License "Eclipse Public License v1.0"
* which accompanies this distribution, and is available
* at the URL "http://www.eclipse.org/legal/epl-v10.html".
*
* Initial Contributors:
* Nokia Corporation - initial contribution.
*
* Contributors:
*
* Description:  EAP and WLAN authentication protocols.
*
*/

/*
* %version: %
*/

#if !defined(_TLS_AM_SERVICES_H_)
#define _TLS_AM_SERVICES_H_

#include "eap_tools.h"
#include "eap_variable_data.h"
#include "eap_am_export.h"
// Start: added by script change_export_macros.sh.
#if defined(EAP_NO_EXPORT_TLS_AM_SERVICES_H)
	#define EAP_CLASS_VISIBILITY_TLS_AM_SERVICES_H EAP_NONSHARABLE 
	#define EAP_FUNC_VISIBILITY_TLS_AM_SERVICES_H 
	#define EAP_C_FUNC_VISIBILITY_TLS_AM_SERVICES_H 
	#define EAP_FUNC_EXPORT_TLS_AM_SERVICES_H 
	#define EAP_C_FUNC_EXPORT_TLS_AM_SERVICES_H 
#elif defined(EAP_EXPORT_TLS_AM_SERVICES_H)
	#define EAP_CLASS_VISIBILITY_TLS_AM_SERVICES_H EAP_EXPORT 
	#define EAP_FUNC_VISIBILITY_TLS_AM_SERVICES_H EAP_FUNC_EXPORT 
	#define EAP_C_FUNC_VISIBILITY_TLS_AM_SERVICES_H EAP_C_FUNC_EXPORT 
	#define EAP_FUNC_EXPORT_TLS_AM_SERVICES_H EAP_FUNC_EXPORT 
	#define EAP_C_FUNC_EXPORT_TLS_AM_SERVICES_H EAP_C_FUNC_EXPORT 
#else
	#define EAP_CLASS_VISIBILITY_TLS_AM_SERVICES_H EAP_IMPORT 
	#define EAP_FUNC_VISIBILITY_TLS_AM_SERVICES_H EAP_FUNC_IMPORT 
	#define EAP_C_FUNC_VISIBILITY_TLS_AM_SERVICES_H EAP_C_FUNC_IMPORT 
	#define EAP_FUNC_EXPORT_TLS_AM_SERVICES_H 
	#define EAP_C_FUNC_EXPORT_TLS_AM_SERVICES_H 
#endif
// End: added by script change_export_macros.sh.
#include "abs_eap_am_type_tls_peap.h"
#include "eap_am_network_id.h"
#include "eap_array.h"
#include "tls_peap_types.h"

class abs_tls_am_services_c;

#if defined(USE_EAP_TLS_SESSION_TICKET)
class tls_extension_c;
#endif //#if defined(USE_EAP_TLS_SESSION_TICKET)


/// This class is interface to adaptation module of TLS.
class EAP_CLASS_VISIBILITY_TLS_AM_SERVICES_H tls_am_services_c
{
private:
	//--------------------------------------------------

	/// This function returns pointer to adaptation module of TLS. See abs_tls_am_services_c.
	virtual abs_tls_am_services_c * get_tls_am_partner() = 0;

	//--------------------------------------------------
protected:
	//--------------------------------------------------

	//--------------------------------------------------
public:
	//--------------------------------------------------

	virtual ~tls_am_services_c()
	{
	}

	/**
	 * Object must indicate it's validity.
	 * If object initialization fails this function must return false.
	 * @return This function returns the validity of this object.
	 */
	virtual bool get_is_valid() = 0;

	/// This function sets pointer to adaptation module of TLS. See abs_tls_am_services_c.
	virtual void set_tls_am_partner(abs_tls_am_services_c * const tls_am_partner) = 0;

	/**
	 * The configure() function is called after the constructor of the 
	 * object is successfully executed. During the function call the object 
	 * could query the configuration. Each derived class must define this function.
	 */
	virtual eap_status_e configure() = 0;

	/**
	 * The shutdown() function is called before the destructor of the 
	 * object is executed. During the function call the object 
	 * could shutdown the operations, for example cancel timers.
	 * Each derived class must define this function.
	 */
	virtual eap_status_e shutdown() = 0;

	/**
	 * This function is called when TLS-Alert message is received.
	 * Adaptation module could record this event.
	 */
	virtual eap_status_e alert_received(
		const tls_alert_level_e alert_level,
		const tls_alert_description_e alert_description) = 0;

	/**
	 * This function queries from AM cipher suites and previous session.
	 * abs_tls_am_services_c::complete_query_cipher_suites_and_previous_session() completes this query.
	 */
	virtual eap_status_e query_cipher_suites_and_previous_session() = 0;

#if defined(USE_EAP_TLS_SESSION_TICKET)
	/**
	 * This function queries from AM a new session ticket, see RFC 4507.
	 * abs_tls_am_services_c::complete_query_new_session_ticket() completes this query.
	 */
	virtual eap_status_e query_new_session_ticket() = 0;
#endif //#if defined(USE_EAP_TLS_SESSION_TICKET)

	/**
	 * This function queries AM to select cipher suite and check session id.
	 * abs_tls_am_services_c::complete_select_cipher_suite_and_check_session_id() completes this query.
	 */
	virtual eap_status_e select_cipher_suite_and_check_session_id(
		EAP_TEMPLATE_CONST eap_array_c<u16_t> * const cipher_suite_proposal,
		const eap_variable_data_c * const session_id
#if defined(USE_EAP_TLS_SESSION_TICKET)
		, const tls_extension_c * const session_ticket
#endif //#if defined(USE_EAP_TLS_SESSION_TICKET)
		) = 0; 


	/**
	 * This function queries AM to verify certificate chain.
	 * abs_tls_am_services_c::complete_verify_certificate_chain() completes this query.
	 */
	virtual eap_status_e verify_certificate_chain(
		EAP_TEMPLATE_CONST eap_array_c<eap_variable_data_c> * const certificate_chain,
		const tls_cipher_suites_e required_cipher_suite) = 0;

	/**
	 * This function queries AM certificate chain.
	 * abs_tls_am_services_c::complete_query_certificate_chain() completes this query.
	 */
	virtual eap_status_e query_certificate_chain(
		EAP_TEMPLATE_CONST eap_array_c<eap_variable_data_c> * const certificate_authorities,
		EAP_TEMPLATE_CONST eap_array_c<u8_t> * const certificate_types,
		const tls_cipher_suites_e required_cipher_suite) = 0;

	/**
	 * This function queries AM certificate authorities and certifica types.
	 * abs_tls_am_services_c::complete_query_certificate_authorities_and_types() completes this query.
	 */
	virtual eap_status_e query_certificate_authorities_and_types() = 0;

	/**
	 * This function queries AM ephemeral Diffie-Hellman parameters.
	 * abs_tls_am_services_c::complete_query_dh_parameters() completes this query.
	 */
	virtual eap_status_e query_dh_parameters(
		EAP_TEMPLATE_CONST eap_array_c<eap_variable_data_c> * const certificate_chain,
		const tls_cipher_suites_e required_cipher_suite) = 0;

	/**
	 * This function queries AM NAI realm.
	 * abs_tls_am_services_c::complete_query_realm() completes this query.
	 */
	virtual eap_status_e query_realm(
		EAP_TEMPLATE_CONST eap_array_c<eap_variable_data_c> * const certificate_chain) = 0;

	/**
	 * This function tells AM to save TLS-session ID and master secret.
	 * If AM does not support TLS-session resumption AM could dischard these paramteters.
	 * This is always syncronous call.
	 */
	virtual eap_status_e save_tls_session(
		const eap_variable_data_c * const session_id,
		const eap_variable_data_c * const master_secret,
		const tls_cipher_suites_e used_cipher_suite
#if defined(USE_EAP_TLS_SESSION_TICKET)
		, const tls_extension_c * const new_session_ticket
#endif //#if defined(USE_EAP_TLS_SESSION_TICKET)
		) = 0;

	/**
	 * This function encrypts data with own RSA private key.
	 * abs_tls_am_services_c::complete_rsa_encrypt_with_public_key() completes this query.
	 */
	virtual eap_status_e rsa_encrypt_with_public_key(
		const eap_variable_data_c * const premaster_secret) = 0;

	/**
	 * This function decrypts data with own RSA private key.
	 * abs_tls_am_services_c::complete_rsa_decrypt_with_private_key() completes this query.
	 */
	virtual eap_status_e rsa_decrypt_with_private_key(
		const eap_variable_data_c * const encrypted_premaster_secret) = 0;

	/** 
	 * Function signs data with own PKI private key.
	 * abs_tls_am_services_c::complete_sign_with_private_key() completes this query.
	 */
	virtual eap_status_e sign_with_private_key(
		const eap_variable_data_c * const message_hash) = 0;

	/**
	 * This function verifies signed data with peer PKI public key.
	 * abs_tls_am_services_c::complete_verify_with_public_key() completes this query.
	 */
	virtual eap_status_e verify_with_public_key(
		const eap_variable_data_c * const message_hash,
		const eap_variable_data_c * const signed_message_hash) = 0;


	/**
	 * This function cancels query_cipher_suites_and_previous_session() query.
	 * After this call AM must not complete related query.
	 */
	virtual eap_status_e cancel_query_cipher_suites_and_previous_session() = 0;

	/**
	 * This function cancels select_cipher_suite_and_check_session_id() query.
	 * After this call AM must not complete related query.
	 */
	virtual eap_status_e cancel_select_cipher_suite_and_check_session_id() = 0;

	/**
	 * This function cancels verify_certificate_chain() query.
	 * After this call AM must not complete related query.
	 */
	virtual eap_status_e cancel_verify_certificate_chain() = 0;

	/**
	 * This function cancels query_certificate_chain() query.
	 * After this call AM must not complete related query.
	 */
	virtual eap_status_e cancel_query_certificate_chain() = 0;

	/**
	 * This function cancels query_certificate_authorities_and_types() query.
	 * After this call AM must not complete related query.
	 */
	virtual eap_status_e cancel_query_certificate_authorities_and_types() = 0;

	/**
	 * This function cancels query_dh_parameters() query.
	 * After this call AM must not complete related query.
	 */
	virtual eap_status_e cancel_query_dh_parameters() = 0;

	/**
	 * This function cancels query_realm() query.
	 * After this call AM must not complete related query.
	 */
	virtual eap_status_e cancel_query_realm() = 0;

	/**
	 * This function cancels rsa_encrypt_with_public_key() query.
	 * After this call AM must not complete related query.
	 */
	virtual eap_status_e cancel_rsa_encrypt_with_public_key() = 0;

	/**
	 * This function cancels rsa_decrypt_with_private_key() query.
	 * After this call AM must not complete related query.
	 */
	virtual eap_status_e cancel_rsa_decrypt_with_private_key() = 0;

	/**
	 * This function cancels sign_with_private_key() query.
	 * After this call AM must not complete related query.
	 */
	virtual eap_status_e cancel_sign_with_private_key() = 0;

	/**
	 * This function cancels verify_with_public_key() query.
	 * After this call AM must not complete related query.
	 */
	virtual eap_status_e cancel_verify_with_public_key() = 0;

	/**
	 * This function sets the tunnel type.
	 */
	virtual void set_peap_version(
		const peap_version_e peap_version,
		const bool use_tppd_tls_peap,
		const bool use_tppd_peapv1_acknowledge_hack) = 0;

	virtual bool is_ttls_pap_session_valid() = 0;

	virtual eap_status_e query_ttls_pap_username_and_password(
		const eap_variable_data_c * const reply_message) = 0;

	virtual eap_status_e verify_ttls_pap_username_and_password(
		const eap_variable_data_c * const user_name,
		const eap_variable_data_c * const user_password) = 0;

	//--------------------------------------------------
}; // class tls_am_services_c


/** @file */ 

/**
 * This function creates a new instance of adaptation module of TLS.
 * @param tools is pointer to the abs_eap_am_tools class created by the adaptation module.
 * Adaptation module of TLS will callback caller using the partner pointer.
 */
EAP_C_FUNC_VISIBILITY_TLS_AM_SERVICES_H  tls_am_services_c *new_tls_am_services(
	abs_eap_am_tools_c * const tools);


#endif //#if !defined(_TLS_AM_SERVICES_H_)

//--------------------------------------------------



// End.
author	Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
	Mon, 04 Oct 2010 00:19:54 +0300
changeset 52	c23bdf5a328a
parent 33	938269283a16
permissions	-rw-r--r--