|
1 /* |
|
2 * Copyright (c) 2001-2006 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of the License "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: EAP and WLAN authentication protocols. |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 |
|
20 |
|
21 #if !defined(_EAP_AM_TYPE_RADIUS_H_) |
|
22 #define _EAP_AM_TYPE_RADIUS_H_ |
|
23 |
|
24 #include "eap_tools.h" |
|
25 #include "eap_variable_data.h" |
|
26 #include "eap_am_export.h" |
|
27 #include "abs_eap_am_radius.h" |
|
28 #include "eap_sim_triplets.h" |
|
29 #include "eap_am_network_id.h" |
|
30 #include "eap_radius_types.h" |
|
31 |
|
32 |
|
33 /// This class is interface to adaptation module of RADIUS. |
|
34 class EAP_EXPORT eap_am_radius_c |
|
35 { |
|
36 private: |
|
37 //-------------------------------------------------- |
|
38 |
|
39 abs_eap_am_radius_c *m_am_partner; |
|
40 abs_eap_am_tools_c *m_am_tools; |
|
41 |
|
42 bool m_is_valid; |
|
43 |
|
44 //-------------------------------------------------- |
|
45 protected: |
|
46 //-------------------------------------------------- |
|
47 |
|
48 //-------------------------------------------------- |
|
49 public: |
|
50 //-------------------------------------------------- |
|
51 |
|
52 // |
|
53 virtual ~eap_am_radius_c() |
|
54 { |
|
55 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
56 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
57 } |
|
58 |
|
59 // |
|
60 eap_am_radius_c(abs_eap_am_tools_c * const tools /*, abs_eap_am_radius_c * const partner */) |
|
61 : m_am_partner(0) |
|
62 , m_am_tools(tools) |
|
63 , m_is_valid(false) |
|
64 { |
|
65 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
66 set_is_valid(); |
|
67 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
68 } |
|
69 |
|
70 /** Function returns partner object of adaptation module of RADIUS. |
|
71 * Partner object is the RADIUS object. |
|
72 */ |
|
73 abs_eap_am_radius_c * const get_am_partner() |
|
74 { |
|
75 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
76 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
77 return m_am_partner; |
|
78 } |
|
79 |
|
80 /** Function sets partner object of adaptation module of RADIUS. |
|
81 * Partner object is the RADIUS object. |
|
82 */ |
|
83 void set_am_partner(abs_eap_am_radius_c * const partner) |
|
84 { |
|
85 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
86 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
87 m_am_partner = partner; |
|
88 } |
|
89 |
|
90 void set_is_valid() |
|
91 { |
|
92 m_is_valid = true; |
|
93 } |
|
94 |
|
95 bool get_is_valid() |
|
96 { |
|
97 return m_is_valid; |
|
98 } |
|
99 |
|
100 virtual eap_status_e configure() = 0; |
|
101 |
|
102 virtual eap_status_e reset() = 0; |
|
103 |
|
104 /** |
|
105 * The shutdown() function is called before the destructor of the |
|
106 * object is executed. During the function call the object |
|
107 * could shutdown the operations, for example cancel timers. |
|
108 * Each derived class must define this function. |
|
109 */ |
|
110 virtual eap_status_e shutdown() = 0; |
|
111 |
|
112 /** RADIUS client calls this function. |
|
113 * RADIUS AM could store copy of pseudonym identity to favourite place for future use. |
|
114 * If parameter pseudonym is NULL pointer, AM should reset the existing pseudonym. |
|
115 */ |
|
116 virtual eap_status_e store_pseudonym_id( |
|
117 const eap_am_network_id_c * const send_network_id, |
|
118 const eap_variable_data_c * const pseudonym) = 0; |
|
119 |
|
120 /** RADIUS client calls this function. |
|
121 * RADIUS AM could store copy of reauthentication identity to favourite place for future use. |
|
122 * If parameter reauthentication_identity is NULL pointer, AM should reset the existing reauthentication identity. |
|
123 */ |
|
124 virtual eap_status_e store_reauthentication_id( |
|
125 const eap_am_network_id_c * const send_network_id, |
|
126 const eap_variable_data_c * const reauthentication_identity) = 0; |
|
127 |
|
128 /** RADIUS server and client calls this function. |
|
129 * In order to use re-authentication, the client and the server need to |
|
130 * store the following values: original XKEY, K_aut, K_encr, latest |
|
131 * counter value and the next re-authentication identity. |
|
132 * This function stores original XKEY, K_aut and K_encr. |
|
133 */ |
|
134 virtual eap_status_e store_reauth_parameters( |
|
135 const eap_variable_data_c * const XKEY, |
|
136 const eap_variable_data_c * const K_aut, |
|
137 const eap_variable_data_c * const K_encr, |
|
138 const u32_t reauth_counter) = 0; |
|
139 |
|
140 /** RADIUS client calls this function. |
|
141 * RADIUS AM could do finishing operations to databases etc. based on authentication status and type. |
|
142 */ |
|
143 virtual eap_status_e authentication_finished( |
|
144 const bool true_when_successfull, |
|
145 const eap_radius_authentication_type_e authentication_type, |
|
146 const eap_radius_identity_type identity_type) = 0; |
|
147 |
|
148 /** RADIUS server and client calls this function. |
|
149 * In order to use re-authentication, the client and the server need to |
|
150 * store the following values: original XKEY, K_aut, K_encr, latest |
|
151 * counter value and the next re-authentication identity. |
|
152 */ |
|
153 virtual eap_status_e query_reauth_parameters( |
|
154 eap_variable_data_c * const XKEY, |
|
155 eap_variable_data_c * const K_aut, |
|
156 eap_variable_data_c * const K_encr, |
|
157 u32_t * const reauth_counter) = 0; |
|
158 |
|
159 /** RADIUS server and client calls this function. |
|
160 * This function increases re-authentication counter after a successfull re-authentication. |
|
161 */ |
|
162 virtual eap_status_e increase_reauth_counter() = 0; |
|
163 |
|
164 /** RADIUS client calls this function. |
|
165 * This call cancels asyncronous query_SIM_IMSI_or_pseudonym_or_reauthentication_id() function call. |
|
166 * AM must not complete query_SIM_IMSI_or_pseudonym_or_reauthentication_id() |
|
167 * with abs_eap_am_radius_c::complete_SIM_IMSI_or_pseudonym_or_reauthentication_id_query() after |
|
168 * cancel_SIM_IMSI_or_pseudonym_or_reauthentication_id_query() call. |
|
169 */ |
|
170 virtual eap_status_e cancel_SIM_IMSI_or_pseudonym_or_reauthentication_id_query() = 0; |
|
171 |
|
172 |
|
173 /** RADIUS client calls this function. |
|
174 * Input parameter n_rands includes n RANDs as input to SIM algorithm. |
|
175 * AM could copy n_kc or n_sres to output parameters. |
|
176 * This function could be completed asyncronously with abs_eap_am_radius_c::complete_SIM_kc_sres() function call. |
|
177 */ |
|
178 virtual eap_status_e query_SIM_kc_sres( |
|
179 const bool must_be_synchronous, |
|
180 const eap_variable_data_c * const n_rands, |
|
181 eap_variable_data_c * const n_kc, |
|
182 eap_variable_data_c * const n_sres) = 0; |
|
183 |
|
184 /** RADIUS client calls this function. |
|
185 * This call cancels asyncronous query_SIM_kc_sres() function call. |
|
186 * AM must not complete query_SIM_kc_sres() |
|
187 * with abs_eap_am_radius_c::complete_SIM_kc_sres() after |
|
188 * cancel_SIM_kc_sres_query() call. |
|
189 */ |
|
190 virtual eap_status_e cancel_SIM_kc_sres_query() = 0; |
|
191 |
|
192 |
|
193 /** RADIUS client calls this function. |
|
194 * Received AT_NOTIFICATION is handled in AM of RADIUS. |
|
195 * AM could show localized message to user. |
|
196 */ |
|
197 virtual eap_status_e handle_radius_notification(eap_radius_notification_codes_e radius_notification_code) = 0; |
|
198 |
|
199 |
|
200 #if defined(USE_EAP_TYPE_SERVER_RADIUS) |
|
201 /** RADIUS server calls this function. |
|
202 * AM could copy triplets to output parameters. |
|
203 * This function could be completed asyncronously with abs_eap_am_radius_c::complete_SIM_triplets() function call. |
|
204 */ |
|
205 virtual eap_status_e query_SIM_triplets( |
|
206 const bool must_be_synchronous, |
|
207 const eap_variable_data_c * const username, ///< // This is payload AT_IDENTITY. If this is uninitialized then imsi must be initialized. |
|
208 eap_variable_data_c * const imsi, ///< This is the real IMSI. If this is uninitialized then username must be initialized and imsi will be initialized after this call. |
|
209 eap_type_sim_triplet_array_c * const triplets, |
|
210 eap_radius_identity_type * const type) = 0; |
|
211 #endif //#if defined(USE_EAP_TYPE_SERVER_RADIUS) |
|
212 |
|
213 |
|
214 #if defined(USE_EAP_TYPE_SERVER_RADIUS) |
|
215 /** RADIUS server calls this function. |
|
216 * This call cancels asyncronous query_SIM_triplets() function call. |
|
217 * AM must not complete query_SIM_triplets() with abs_eap_am_radius_c::complete_SIM_triplets() after |
|
218 * cancel_SIM_triplets_query() call. |
|
219 */ |
|
220 virtual eap_status_e cancel_SIM_triplets_query() = 0; |
|
221 #endif //#if defined(USE_EAP_TYPE_SERVER_RADIUS) |
|
222 |
|
223 /** RADIUS server calls this function. |
|
224 * This function call generates with a good source of |
|
225 * randomness the initialization vector (AT_IV payload). |
|
226 */ |
|
227 virtual eap_status_e generate_encryption_IV( |
|
228 eap_variable_data_c * const encryption_IV, |
|
229 const u32_t IV_length) = 0; |
|
230 |
|
231 /** RADIUS server calls this function. |
|
232 * New pseudonym identity is generated for IMSI. |
|
233 * Algorithm is freely selected. Look at query_imsi_from_username(). |
|
234 * Pseudonym identity is copied to pseudonym_identity parameter. |
|
235 * Maximum length of pseudonym is maximum_pseudonym_length bytes. |
|
236 */ |
|
237 virtual eap_status_e generate_pseudonym_id( |
|
238 const eap_am_network_id_c * const send_network_id, |
|
239 const eap_variable_data_c * const imsi, |
|
240 eap_variable_data_c * const pseudonym_identity, |
|
241 const u32_t maximum_pseudonym_length) = 0; |
|
242 |
|
243 /** RADIUS server calls this function. |
|
244 * New reauthentication identity is generated for IMSI. |
|
245 * Algorithm is freely selected. Look at query_imsi_from_username(). |
|
246 * Reauthentication identity is copied to pseudonym parameter. |
|
247 * Maximum length of pseudonym is maximum_reauthentication_identity_length bytes. |
|
248 */ |
|
249 virtual eap_status_e generate_reauthentication_id( |
|
250 const eap_am_network_id_c * const send_network_id, |
|
251 const eap_variable_data_c * const imsi, |
|
252 eap_variable_data_c * const reauthentication_identity, |
|
253 const u32_t maximum_reauthentication_identity_length) = 0; |
|
254 |
|
255 |
|
256 #if defined(USE_EAP_TYPE_SERVER_RADIUS) |
|
257 /** RADIUS server calls this function. |
|
258 * Server queries IMSI with username. |
|
259 * Username could be IMSI, pseudonym or re-authentication identity. |
|
260 * Adaptation module must verify which username is. |
|
261 * Adaptation module could map IMSI and username as it wish. |
|
262 * It can select any algorithm. Look at generate_pseudonym_id() and generate_reauthentication_id(). |
|
263 * Function must return IMSI and set the identity type of received username. |
|
264 */ |
|
265 virtual eap_status_e query_imsi_from_username( |
|
266 const bool must_be_synchronous, |
|
267 const u8_t next_eap_identifier, |
|
268 const eap_am_network_id_c * const send_network_id, |
|
269 const eap_variable_data_c * const username, |
|
270 eap_variable_data_c * const imsi, |
|
271 eap_radius_identity_type * const type, |
|
272 const eap_radius_complete_e completion_action) = 0; |
|
273 #endif //#if defined(USE_EAP_TYPE_SERVER_RADIUS) |
|
274 |
|
275 |
|
276 /** RADIUS server calls this function. |
|
277 * This call cancels asyncronous query_imsi_from_username() function call. |
|
278 * AM must not complete query_imsi_from_username() |
|
279 * with abs_eap_am_radius_c::complete_imsi_from_username() after |
|
280 * cancel_imsi_from_username_query() call. |
|
281 */ |
|
282 virtual eap_status_e cancel_imsi_from_username_query() = 0; |
|
283 |
|
284 /** RADIUS client calls this function. |
|
285 * This call could check whether the RANDs are already used. |
|
286 * For example Bloom algorithm couls be used. |
|
287 * Function must return eap_status_ok when RAND is not used before. |
|
288 */ |
|
289 virtual eap_status_e check_is_rand_unused(const eap_variable_data_c * const n_rands) = 0; |
|
290 |
|
291 /** RADIUS client calls this function. |
|
292 * This call could set the RANDs used. |
|
293 * For example Bloom algorithm couls be used. |
|
294 * Function must return eap_status_ok when operation is successfull. |
|
295 */ |
|
296 virtual eap_status_e set_rand_is_used(const eap_variable_data_c * const n_rands) = 0; |
|
297 |
|
298 /** |
|
299 * The type_configure_read() function reads the configuration data identified |
|
300 * by the field string of field_length bytes length. Adaptation module must direct |
|
301 * the query to some persistent store. |
|
302 * @param field is generic configure string idenfying the required configure data. |
|
303 * @param field_length is length of the field string. |
|
304 * @param data is pointer to existing eap_variable_data object. |
|
305 */ |
|
306 virtual eap_status_e type_configure_read( |
|
307 const eap_configuration_field_c * const field, |
|
308 eap_variable_data_c * const data) = 0; |
|
309 |
|
310 /** |
|
311 * The type_configure_write() function writes the configuration data identified |
|
312 * by the field string of field_length bytes length. Adaptation module must direct |
|
313 * the action to some persistent store. |
|
314 * @param field is generic configure string idenfying the required configure data. |
|
315 * @param field_length is length of the field string. |
|
316 * @param data is pointer to existing eap_variable_data object. |
|
317 */ |
|
318 virtual eap_status_e type_configure_write( |
|
319 const eap_configuration_field_c * const field, |
|
320 eap_variable_data_c * const data) = 0; |
|
321 |
|
322 //-------------------------------------------------- |
|
323 }; // class eap_am_radius_c |
|
324 |
|
325 |
|
326 /** @file */ |
|
327 |
|
328 /** |
|
329 * This function creates a new instance of adaptation module of RADIUS EAP-type. |
|
330 * @param tools is pointer to the abs_eap_am_tools class created by the adaptation module. |
|
331 * RADIUS EAP-type will callback caller using the partner pointer. |
|
332 */ |
|
333 EAP_C_FUNC_IMPORT eap_am_radius_c *new_eap_am_radius( |
|
334 abs_eap_am_tools_c * const tools, |
|
335 abs_eap_base_type_c * const partner, |
|
336 const bool is_client_when_true); |
|
337 |
|
338 |
|
339 #endif //#if !defined(_EAP_AM_TYPE_RADIUS_H_) |
|
340 |
|
341 //-------------------------------------------------- |
|
342 |
|
343 |
|
344 |
|
345 // End. |