|
1 /* |
|
2 * Copyright (c) 2001-2006 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of the License "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: EAP and WLAN authentication protocols. |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 |
|
20 |
|
21 #if !defined(_EAPOL_CORE_H_) |
|
22 #define _EAPOL_CORE_H_ |
|
23 |
|
24 #include "eap_tools.h" |
|
25 #include "eap_am_export.h" |
|
26 #include "abs_eap_core.h" |
|
27 #include "eap_core.h" |
|
28 #include "abs_eapol_core.h" |
|
29 #include "eap_base_type.h" |
|
30 #include "eap_variable_data.h" |
|
31 #include "abs_eap_am_mutex.h" |
|
32 #if !defined(NO_EAP_SESSION_CORE) |
|
33 #include "eap_session_core.h" |
|
34 #endif |
|
35 #include "abs_eap_stack_interface.h" |
|
36 #include "abs_eapol_key_state.h" |
|
37 #include "eapol_rsna_key_header.h" |
|
38 #if defined(USE_EAPOL_KEY_STATE) |
|
39 #include "eapol_key_state.h" |
|
40 #include "abs_eapol_key_state_map.h" |
|
41 #endif //#if defined(USE_EAPOL_KEY_STATE) |
|
42 |
|
43 |
|
44 /** @file */ |
|
45 |
|
46 /** |
|
47 * This is the timer ID used with abs_eap_am_tools_c::set_timer() and abs_eap_am_tools_c::cancel_timer(). |
|
48 */ |
|
49 enum eapol_core_timer_id |
|
50 { |
|
51 EAPOL_CORE_TIMER_SEND_START_AGAIN_ID, ///< See EAPOL_CORE_TIMER_SEND_START_AGAIN_TIMEOUT. |
|
52 EAPOL_REMOVE_EAPOL_KEY_HANDSHAKE_ID, |
|
53 }; |
|
54 |
|
55 /** |
|
56 * This is the default time after a EAPOL-Start message is sent again from client. |
|
57 */ |
|
58 const u32_t EAPOL_CORE_TIMER_SEND_START_AGAIN_TIMEOUT = 2000u; |
|
59 |
|
60 /** |
|
61 * This is the time after a EAPOL-Key Handshake will be removed. |
|
62 */ |
|
63 const u32_t EAPOL_REMOVE_EAPOL_KEY_HANDSHAKE_TIMEOUT = 0ul; |
|
64 |
|
65 /** |
|
66 * This is the default value for how many time EAPOL-Start is sent. |
|
67 */ |
|
68 const u32_t EAPOL_CORE_MAX_EAPOL_START_SENDINGS = 3u; |
|
69 |
|
70 |
|
71 class eapol_RC4_key_header_c; |
|
72 |
|
73 |
|
74 /// A eapol_core_c class implements the basic functionality of EAPOL. |
|
75 class EAP_EXPORT eapol_core_c |
|
76 : public abs_eap_core_c |
|
77 , public abs_eap_base_timer_c |
|
78 , public abs_eap_stack_interface_c |
|
79 #if defined(USE_EAPOL_KEY_STATE) |
|
80 , public abs_eapol_key_state_c |
|
81 , public abs_eapol_key_state_map_c |
|
82 #endif //#if defined(USE_EAPOL_KEY_STATE) |
|
83 { |
|
84 |
|
85 private: |
|
86 //-------------------------------------------------- |
|
87 |
|
88 /// This is back pointer to object which created this object. |
|
89 abs_eapol_core_c * const m_partner; |
|
90 |
|
91 /// This is pointer to the eap_core object. The eapol_core object gives |
|
92 /// the received packets to the eap_core object. The eap_core object sends |
|
93 /// packets through the eapol_core object. |
|
94 #if !defined(NO_EAP_SESSION_CORE) |
|
95 eap_session_core_c * const m_eap_core; |
|
96 #else |
|
97 eap_core_c * const m_eap_core; |
|
98 #endif |
|
99 |
|
100 #if defined(USE_EAPOL_KEY_STATE) |
|
101 /// This stores eapol_key_state_c objects using eap_variable_data selector. |
|
102 /// Selector data includes send addresses of the Ethernet packet. |
|
103 eap_core_map_c<eapol_key_state_c, abs_eapol_key_state_map_c, eap_variable_data_c> m_eapol_key_state_map; |
|
104 #endif //#if defined(USE_EAPOL_KEY_STATE) |
|
105 |
|
106 /// This is pointer to the tools class. |
|
107 abs_eap_am_tools_c * const m_am_tools; |
|
108 |
|
109 /// This is the master session key derived from a successful authentication |
|
110 eap_variable_data_c m_master_session_key; |
|
111 |
|
112 eapol_key_authentication_type_e m_authentication_type; |
|
113 |
|
114 /// This is offset in bytes of the EAPOL header. |
|
115 u32_t m_eapol_header_offset; |
|
116 |
|
117 /// This is maximum transfer unit in bytes. |
|
118 u32_t m_MTU; |
|
119 |
|
120 /// This is length of the trailer in bytes. |
|
121 u32_t m_trailer_length; |
|
122 |
|
123 /// This indicates the maximum number of EAPOL-starts to be sent. |
|
124 u32_t m_max_eapol_starts; |
|
125 |
|
126 /// This indicates the interval for EAPOL-start sending. |
|
127 u32_t m_eapol_start_interval; |
|
128 |
|
129 /// This is the counter for EAPOL-start sending. |
|
130 u32_t m_eapol_starts_sent; |
|
131 |
|
132 /// This indicates whether this object is client (true) or server (false). |
|
133 /// In terms of EAP-protocol whether this network entity is EAP-supplicant (true) or EAP-authenticator (false). |
|
134 bool m_is_client; |
|
135 |
|
136 /// This indicates whether this object was generated successfully. |
|
137 bool m_is_valid; |
|
138 |
|
139 bool m_shutdown_was_called; |
|
140 |
|
141 bool m_block_state_notifications; |
|
142 |
|
143 #if defined(USE_EAPOL_KEY_STATE) |
|
144 /// This flag will skip start of 4-Way Handshake with true value. |
|
145 bool m_skip_start_4_way_handshake; |
|
146 #endif //#if defined(USE_EAPOL_KEY_STATE) |
|
147 |
|
148 |
|
149 #if defined(USE_EAPOL_KEY_STATE) |
|
150 EAP_FUNC_IMPORT eap_status_e indicate_eapol_key_state_started_eap_authentication( |
|
151 const eap_am_network_id_c * const send_network_id); |
|
152 |
|
153 EAP_FUNC_IMPORT eap_status_e init_eapol_key_pmksa_caching_timeout( |
|
154 const eap_am_network_id_c * const send_network_id); |
|
155 |
|
156 EAP_FUNC_IMPORT eap_status_e remove_eapol_key_state( |
|
157 const eap_am_network_id_c * const send_network_id); |
|
158 |
|
159 eap_status_e copy_eapol_key_state( |
|
160 const eap_am_network_id_c * const old_receive_network_id, ///< source includes remote address, destination includes local address. |
|
161 const eap_am_network_id_c * const new_receive_network_id ///< source includes remote address, destination includes local address. |
|
162 ); |
|
163 |
|
164 eap_status_e generate_new_pmksa( |
|
165 eapol_key_state_c * * const eapol_key_state, |
|
166 const eap_am_network_id_c * const old_receive_network_id, ///< source includes remote address, destination includes local address. |
|
167 const eap_am_network_id_c * const new_receive_network_id ///< source includes remote address, destination includes local address. |
|
168 ); |
|
169 #endif //#if defined(USE_EAPOL_KEY_STATE) |
|
170 |
|
171 //-------------------------------------------------- |
|
172 protected: |
|
173 //-------------------------------------------------- |
|
174 |
|
175 //-------------------------------------------------- |
|
176 public: |
|
177 //-------------------------------------------------- |
|
178 |
|
179 /** |
|
180 * The destructor deletes the m_eap_core object. |
|
181 */ |
|
182 EAP_FUNC_IMPORT virtual ~eapol_core_c(); |
|
183 |
|
184 /** |
|
185 * The constructor creates the eap_core object and initializes the m_eap_core |
|
186 * to point the eap_core object. |
|
187 * @param tools is pointer to the tools class. @see abs_eap_am_tools_c. |
|
188 * @param partner is back pointer to object which created this object. |
|
189 * @param is_client_when_true indicates whether the network entity should act |
|
190 * as a client (true) or server (false), in terms of EAP-protocol whether |
|
191 * this network entity is EAP-supplicant (true) or EAP-authenticator (false). |
|
192 */ |
|
193 EAP_FUNC_IMPORT eapol_core_c( |
|
194 abs_eap_am_tools_c * const tools, |
|
195 abs_eapol_core_c * const partner, |
|
196 const bool is_client_when_true); |
|
197 |
|
198 /** |
|
199 * This function removes all authentication sessions. |
|
200 * If this succeeds this function must return eap_status_ok. |
|
201 * If this fails this function must return corresponding error status. |
|
202 * @return This function returns the status of operation. |
|
203 */ |
|
204 EAP_FUNC_IMPORT eap_status_e cancel_all_authentication_sessions(); |
|
205 |
|
206 // This is documented in abs_eap_stack_interface_c::packet_process(). |
|
207 EAP_FUNC_IMPORT eap_status_e packet_process( |
|
208 const eap_am_network_id_c * const receive_network_id, |
|
209 eap_general_header_base_c * const packet_data, |
|
210 const u32_t packet_length); |
|
211 |
|
212 /** |
|
213 * The class could send packets to partner class with this function. |
|
214 * eapol_core_c adds EAPOL header to the send packet. |
|
215 * @param send_network_id carries the addresses (network identity) and type of the packet. |
|
216 * @param sent_packet includes the buffer for the whole packet and initialized |
|
217 * EAP-packet in correct offset. |
|
218 * @param header_offset is offset of the EAP-header within the sent_packet. |
|
219 * @param data_length is length in bytes of the EAP-packet. |
|
220 * @param buffer_length is length in bytes of the whole packet buffer. |
|
221 */ |
|
222 EAP_FUNC_IMPORT eap_status_e packet_send( |
|
223 const eap_am_network_id_c * const send_network_id, |
|
224 eap_buf_chain_wr_c * const sent_packet, |
|
225 const u32_t header_offset, |
|
226 const u32_t data_length, |
|
227 const u32_t buffer_length); |
|
228 |
|
229 /** |
|
230 * The get_header_offset() function obtains the header offset of EAP-packet. |
|
231 * @param MTU_length is pointer to variable to store the maximum transfer unit (MTU). |
|
232 * MTU is the maximum EAP-packet length in bytes |
|
233 * @param trailer_length is pointer to the variable to store length |
|
234 * of trailer needed by lower levels. |
|
235 * @return Function returns the offset of EAP-header. |
|
236 * @see abs_eap_core_c::get_header_offset(). |
|
237 */ |
|
238 EAP_FUNC_IMPORT u32_t get_header_offset( |
|
239 u32_t * const MTU, |
|
240 u32_t * const trailer_length); |
|
241 |
|
242 /** |
|
243 * The adaptation module calls the eap_acknowledge() function after |
|
244 * any Network Protocol packet is received. This is used as a success indication. |
|
245 * This is described in RFC 2284 "PPP Extensible Authentication Protocol (EAP)". |
|
246 * @param connection_handle separates the context of the acknowledged session. |
|
247 * Mostly there is only one session in the client. |
|
248 * The server does not need eap_acknowledge() function because |
|
249 * server (EAP-authenticator) sends the EAP-success message. |
|
250 */ |
|
251 EAP_FUNC_IMPORT eap_status_e eap_acknowledge( |
|
252 const eap_am_network_id_c * const receive_network_id); |
|
253 |
|
254 /** |
|
255 * The load_module() function function indicates the lower level to |
|
256 * load new module of EAP-type. |
|
257 * @see abs_eap_core_c::load_module(). |
|
258 */ |
|
259 EAP_FUNC_IMPORT eap_status_e load_module( |
|
260 const eap_type_value_e type, |
|
261 const eap_type_value_e /* tunneling_type */, |
|
262 abs_eap_base_type_c * const partner, |
|
263 eap_base_type_c ** const eap_type, |
|
264 const bool is_client_when_true, |
|
265 const eap_am_network_id_c * const receive_network_id); |
|
266 |
|
267 /** |
|
268 * The unload_module() function unloads the module of a EAP-type. |
|
269 * @see abs_eap_core_c::unload_module(). |
|
270 */ |
|
271 EAP_FUNC_IMPORT eap_status_e unload_module( |
|
272 const eap_type_value_e type); |
|
273 |
|
274 /** |
|
275 * This function checks whether PMKSA is cached to each eap_am_network_id_c object. |
|
276 * Function removes eap_am_network_id_c object from bssid_sta_receive_network_ids if there are |
|
277 * no cached PMKSA for removes eap_am_network_id_c object. |
|
278 * All eap_am_network_id_c objects that exist in bssid_sta_receive_network_ids |
|
279 * after function returns have PMKSA cached and read_reassociation_parameters() can be called |
|
280 * with those eap_am_network_id_c objects. |
|
281 */ |
|
282 EAP_FUNC_IMPORT eap_status_e check_pmksa_cache( |
|
283 eap_array_c<eap_am_network_id_c> * const bssid_sta_receive_network_ids, |
|
284 const eapol_key_authentication_type_e selected_eapol_key_authentication_type, |
|
285 const eapol_RSNA_key_header_c::eapol_RSNA_cipher_e pairwise_key_cipher_suite, |
|
286 const eapol_RSNA_key_header_c::eapol_RSNA_cipher_e group_key_cipher_suite); |
|
287 |
|
288 /** |
|
289 * This function removes PMKSA from cache. |
|
290 * @param receive_network_id carries the MAC addresses. |
|
291 * MAC address of Authenticator should be in source address. |
|
292 * MAC address of Supplicant should be in destination address. |
|
293 */ |
|
294 EAP_FUNC_IMPORT eap_status_e remove_pmksa_from_cache( |
|
295 const eap_am_network_id_c * const receive_network_id); |
|
296 |
|
297 /** |
|
298 * This function starts the EAP-authentication. |
|
299 * The first parameter includes the network addresses of the protocol |
|
300 * over the EAP-packets are transmitted. |
|
301 * The type attribute of the eap_am_network_id_c object MUST be set |
|
302 * either eapol_ethernet_type_e::eapol_ethernet_type_pae. |
|
303 * Value eapol_ethernet_type_e::eapol_ethernet_type_pae is used in normal EA-authentication. |
|
304 * The second parameter is_client_when_true tells whether this stack |
|
305 * is client (true) or server (false). |
|
306 * The adaptation module calls the restart_authentication() function |
|
307 * when EAP-authentication is needed with another peer. |
|
308 * @see abs_eap_core_c::restart_authentication(). |
|
309 */ |
|
310 EAP_FUNC_IMPORT eap_status_e restart_authentication( |
|
311 const eap_am_network_id_c * const receive_network_id, |
|
312 const bool is_client_when_true, |
|
313 const bool force_clean_restart, |
|
314 const bool from_timer = false); |
|
315 |
|
316 /** |
|
317 * This function starts the preauthentication. |
|
318 * The first parameter includes the network addresses of the protocol |
|
319 * over the EAP-packets are transmitted. |
|
320 * The type attribute of the eap_am_network_id_c object MUST be set |
|
321 * eapol_ethernet_type_e::eapol_ethernet_type_preauthentication. |
|
322 * Value eapol_ethernet_type_e::eapol_ethernet_type_preauthentication is used 802.11i preauthentication. |
|
323 * The adaptation module calls the start_preauthentication() function |
|
324 * when preauthentication is needed with another AP. |
|
325 */ |
|
326 EAP_FUNC_IMPORT eap_status_e start_preauthentication( |
|
327 const eap_am_network_id_c * const receive_network_id, |
|
328 const eapol_key_authentication_type_e authentication_type); |
|
329 |
|
330 EAP_FUNC_IMPORT eap_status_e read_reassociation_parameters( |
|
331 const eap_am_network_id_c * const old_receive_network_id, ///< source includes remote address, destination includes local address. |
|
332 const eap_am_network_id_c * const new_receive_network_id, ///< source includes remote address, destination includes local address. |
|
333 const eapol_key_authentication_type_e authentication_type, |
|
334 eap_variable_data_c * const PMKID, |
|
335 const eap_variable_data_c * const received_WPA_ie, |
|
336 const eap_variable_data_c * const sent_WPA_ie); |
|
337 |
|
338 EAP_FUNC_IMPORT eap_status_e start_reassociation( |
|
339 const eap_am_network_id_c * const receive_network_id, |
|
340 const eapol_key_authentication_type_e authentication_type, |
|
341 const eap_variable_data_c * const PMKID); |
|
342 |
|
343 EAP_FUNC_IMPORT eap_status_e complete_reassociation( |
|
344 const eapol_wlan_authentication_state_e reassociation_result, |
|
345 const eap_am_network_id_c * const receive_network_id, |
|
346 const eapol_key_authentication_type_e authentication_type, |
|
347 const eap_variable_data_c * const received_WPA_IE, // WLM must give only the WPA IE to EAPOL |
|
348 const eap_variable_data_c * const sent_WPA_IE, |
|
349 const eapol_RSNA_key_header_c::eapol_RSNA_cipher_e pairwise_key_cipher_suite, |
|
350 const eapol_RSNA_key_header_c::eapol_RSNA_cipher_e group_key_cipher_suite); |
|
351 |
|
352 EAP_FUNC_IMPORT eap_status_e start_WPXM_reassociation( |
|
353 const eap_am_network_id_c * const receive_network_id, |
|
354 const eapol_key_authentication_type_e authentication_type, |
|
355 eap_variable_data_c * const send_reassociation_request_ie); |
|
356 |
|
357 EAP_FUNC_IMPORT eap_status_e complete_WPXM_reassociation( |
|
358 const eapol_wlan_authentication_state_e reassociation_result, |
|
359 const eap_am_network_id_c * const receive_network_id, |
|
360 const eapol_key_authentication_type_e authentication_type, |
|
361 const eap_variable_data_c * const received_reassociation_ie); |
|
362 |
|
363 /** |
|
364 * he adaptation module calls the send_logoff() function to send a EAPOL-Logoff message. |
|
365 */ |
|
366 EAP_FUNC_IMPORT eap_status_e send_logoff( |
|
367 const eap_am_network_id_c * const receive_network_id); |
|
368 |
|
369 /** |
|
370 * Note this function is just an example. Parameters will change later. |
|
371 * The packet_data_crypto_keys() function gives the generated keys to lower level. |
|
372 * After EAP-authentication has generated the keys it calls this function |
|
373 * to offer the keys to lower level. |
|
374 * @see abs_eap_base_type_c::packet_data_crypto_keys(). |
|
375 */ |
|
376 EAP_FUNC_IMPORT eap_status_e packet_data_crypto_keys( |
|
377 const eap_am_network_id_c * const send_network_id, |
|
378 const eap_master_session_key_c * const master_session_key |
|
379 ); |
|
380 |
|
381 // See abs_eapol_key_state_c::packet_data_session_key(). |
|
382 EAP_FUNC_IMPORT eap_status_e packet_data_session_key( |
|
383 const eap_am_network_id_c * const send_network_id, |
|
384 const eapol_session_key_c * const key); |
|
385 |
|
386 // This is documented in abs_eap_stack_interface_c::configure(). |
|
387 EAP_FUNC_IMPORT eap_status_e configure(); |
|
388 |
|
389 // This is documented in abs_eap_stack_interface_c::shutdown(). |
|
390 EAP_FUNC_IMPORT eap_status_e shutdown(); |
|
391 |
|
392 /** |
|
393 * The read_configure() function reads the configuration data identified |
|
394 * by the field string of field_length bytes length. Adaptation module must direct |
|
395 * the query to some persistent store. |
|
396 * @see abs_eap_base_type_c::read_configure(). |
|
397 */ |
|
398 EAP_FUNC_IMPORT eap_status_e read_configure( |
|
399 const eap_configuration_field_c * const field, |
|
400 eap_variable_data_c * const data); |
|
401 |
|
402 /** |
|
403 * The write_configure() function writes the configuration data identified |
|
404 * by the field string of field_length bytes length. Adaptation module must direct |
|
405 * the action to some persistent store. |
|
406 * @see abs_eap_base_type_c::write_configure(). |
|
407 */ |
|
408 EAP_FUNC_IMPORT eap_status_e write_configure( |
|
409 const eap_configuration_field_c * const field, |
|
410 eap_variable_data_c * const data); |
|
411 |
|
412 // This is documented in abs_eap_stack_interface_c::set_is_valid(). |
|
413 EAP_FUNC_IMPORT void set_is_valid(); |
|
414 |
|
415 // This is documented in abs_eap_stack_interface_c::get_is_valid(). |
|
416 EAP_FUNC_IMPORT bool get_is_valid(); |
|
417 |
|
418 // See abs_eap_base_type_c::state_notification(). |
|
419 EAP_FUNC_IMPORT void state_notification( |
|
420 const abs_eap_state_notification_c * const state); |
|
421 |
|
422 // See abs_eap_base_timer_c::timer_expired(). |
|
423 EAP_FUNC_IMPORT eap_status_e timer_expired( |
|
424 const u32_t id, void *data); |
|
425 |
|
426 // See abs_eap_base_timer_c::timer_delete_data(). |
|
427 EAP_FUNC_IMPORT eap_status_e timer_delete_data( |
|
428 const u32_t id, void *data); |
|
429 |
|
430 /** |
|
431 * This function tells lower layer to remove EAP session object asyncronously. |
|
432 * @param send_network_id is pointer to network id that identifies the removed EAP session. |
|
433 */ |
|
434 EAP_FUNC_IMPORT eap_status_e asynchronous_init_remove_eap_session( |
|
435 const eap_am_network_id_c * const send_network_id); |
|
436 |
|
437 /** |
|
438 * The upper layer calls the asynchronous_start_authentication() function |
|
439 * when EAP-authentication is needed with another peer. |
|
440 * @see abs_eap_core_c::asynchronous_start_authentication(). |
|
441 */ |
|
442 EAP_FUNC_IMPORT eap_status_e asynchronous_start_authentication( |
|
443 const eap_am_network_id_c * const /* receive_network_id */, |
|
444 const bool /* is_client_when_true */); |
|
445 |
|
446 // |
|
447 EAP_FUNC_IMPORT eap_status_e set_timer( |
|
448 abs_eap_base_timer_c * const p_initializer, |
|
449 const u32_t p_id, |
|
450 void * const p_data, |
|
451 const u32_t p_time_ms); |
|
452 |
|
453 EAP_FUNC_IMPORT eap_status_e cancel_timer( |
|
454 abs_eap_base_timer_c * const p_initializer, |
|
455 const u32_t p_id); |
|
456 |
|
457 // |
|
458 EAP_FUNC_IMPORT eap_status_e cancel_all_timers(); |
|
459 |
|
460 // |
|
461 EAP_FUNC_IMPORT eap_status_e check_is_valid_eap_type(const eap_type_value_e eap_type); |
|
462 |
|
463 // See abs_eap_core_c::get_eap_type_list(). |
|
464 EAP_FUNC_IMPORT eap_status_e get_eap_type_list( |
|
465 eap_array_c<eap_type_value_e> * const eap_type_list); |
|
466 |
|
467 #if defined(USE_EAPOL_KEY_STATE) |
|
468 // See abs_eapol_key_state_c::get_and_increment_global_key_counter(). |
|
469 EAP_FUNC_IMPORT eap_status_e get_and_increment_global_key_counter( |
|
470 eap_variable_data_c * const key_counter); |
|
471 #endif //#if defined(USE_EAPOL_KEY_STATE) |
|
472 |
|
473 |
|
474 #if defined(USE_EAPOL_KEY_STATE) && defined(USE_EAPOL_KEY_STATE_OPTIMIZED_4_WAY_HANDSHAKE) |
|
475 |
|
476 /** |
|
477 * Function creates a state for later use. This is for optimazing 4-Way Handshake. |
|
478 * @param receive_network_id carries the MAC addresses. |
|
479 * MAC address of Authenticator should be in source address. MAC address of |
|
480 * Supplicant should be in destination address. |
|
481 * @param authentication_type is the selected authentication type. |
|
482 */ |
|
483 EAP_FUNC_IMPORT eap_status_e create_state( |
|
484 const eap_am_network_id_c * const receive_network_id, |
|
485 const eapol_key_authentication_type_e authentication_type |
|
486 ); |
|
487 |
|
488 #endif //#if defined(USE_EAPOL_KEY_STATE) && defined(USE_EAPOL_KEY_STATE_OPTIMIZED_4_WAY_HANDSHAKE) |
|
489 |
|
490 |
|
491 #if defined(USE_EAPOL_KEY_STATE) |
|
492 |
|
493 /** |
|
494 * This function need to be called when client STA (re)associates to AP. |
|
495 * @param receive_network_id carries the MAC addresses. |
|
496 * MAC address of Authenticator should be in source address. MAC address of Supplicant should be in destination address. |
|
497 * @param authentication_type is the authentication type. One of RSNA, WPA or 802.1X. |
|
498 * @param authenticator_RSNA_IE is RSN IE of authenticator. Authenticator sends this in Beacon or Probe message. |
|
499 * @param supplicant_RSNA_IE is RSN IE of supplicant. Supplicant sends this in (re)association request message. |
|
500 * @param eapol_pairwise_cipher is the selected pairwise cipher. |
|
501 * @param eapol_group_cipher is the selected group cipher. |
|
502 */ |
|
503 EAP_FUNC_IMPORT eap_status_e association( |
|
504 const eap_am_network_id_c * const receive_network_id, |
|
505 const eapol_key_authentication_type_e authentication_type, |
|
506 const eap_variable_data_c * const authenticator_RSNA_IE, |
|
507 const eap_variable_data_c * const supplicant_RSNA_IE, |
|
508 const eapol_RSNA_key_header_c::eapol_RSNA_cipher_e eapol_pairwise_cipher, |
|
509 const eapol_RSNA_key_header_c::eapol_RSNA_cipher_e eapol_group_cipher, |
|
510 const eap_variable_data_c * const pre_shared_key); |
|
511 |
|
512 #endif //#if defined(USE_EAPOL_KEY_STATE) |
|
513 |
|
514 |
|
515 #if defined(USE_EAPOL_KEY_STATE) |
|
516 /** |
|
517 * This function need to be called when client STA disassociates from AP. |
|
518 * @param receive_network_id carries the MAC addresses. |
|
519 * MAC address of Authenticator should be in source address. MAC address of Supplicant should be in destination address. |
|
520 */ |
|
521 EAP_FUNC_IMPORT eap_status_e disassociation( |
|
522 const eap_am_network_id_c * const receive_network_id); |
|
523 #endif //#if defined(USE_EAPOL_KEY_STATE) |
|
524 |
|
525 #if defined(USE_EAPOL_KEY_STATE) |
|
526 EAP_FUNC_IMPORT eap_status_e asynchronous_init_remove_eapol_key_state( |
|
527 const eap_am_network_id_c * const send_netword_id); |
|
528 #endif //#if defined(USE_EAPOL_KEY_STATE) |
|
529 |
|
530 #if defined(USE_EAPOL_KEY_STATE) |
|
531 EAP_FUNC_IMPORT static eap_status_e shutdown_operation( |
|
532 eapol_key_state_c * const handler, |
|
533 abs_eap_am_tools_c * const m_am_tools); |
|
534 #endif //#if defined(USE_EAPOL_KEY_STATE) |
|
535 |
|
536 #if defined(USE_EAPOL_KEY_STATE) |
|
537 EAP_FUNC_IMPORT static eap_status_e cancel_authentication_session( |
|
538 eapol_key_state_c * const handler, |
|
539 abs_eap_am_tools_c * const m_am_tools); |
|
540 #endif //#if defined(USE_EAPOL_KEY_STATE) |
|
541 |
|
542 /// @see abs_eap_core_c::add_rogue_ap(). |
|
543 EAP_FUNC_IMPORT eap_status_e add_rogue_ap(eap_array_c<eap_rogue_ap_entry_c> & rogue_ap_list); |
|
544 |
|
545 EAP_FUNC_IMPORT eap_status_e tkip_mic_failure( |
|
546 const eap_am_network_id_c * const receive_network_id, |
|
547 const bool fatal_failure_when_true, |
|
548 const eapol_RSNA_key_header_c::eapol_tkip_mic_failure_type_e tkip_mic_failure_type); |
|
549 |
|
550 // This is documented in abs_eap_core_c::set_session_timeout(). |
|
551 EAP_FUNC_IMPORT eap_status_e set_session_timeout( |
|
552 const u32_t session_timeout_ms); |
|
553 |
|
554 private: |
|
555 |
|
556 |
|
557 #if !defined(USE_EAPOL_KEY_STATE) |
|
558 /** |
|
559 * The handle_RC4_key_descriptor() function parses the EAPOL-Key frame |
|
560 * that includes RC4 Key Descriptor. |
|
561 * This function retrieves the traffic encryption key from it. It forwards the key |
|
562 * to lower layers. The format of EAPOL-Key frame is described in |
|
563 * draft-congdon-radius-8021x-23.txt (RFC ????) |
|
564 * @param eapol is the received packet |
|
565 * @param packet_length is the length of the packet |
|
566 */ |
|
567 eap_status_e handle_RC4_key_descriptor( |
|
568 const eap_am_network_id_c * const receive_network_id, |
|
569 eapol_RC4_key_header_c * const eapol, |
|
570 const u32_t packet_length); |
|
571 #endif //#if !defined(USE_EAPOL_KEY_STATE) |
|
572 |
|
573 //-------------------------------------------------- |
|
574 }; // class eapol_core_c |
|
575 |
|
576 #endif //#if !defined(_EAPOL_CORE_H_) |
|
577 |
|
578 //-------------------------------------------------- |
|
579 |
|
580 |
|
581 |
|
582 // End. |