MCL/sf/mw/accesssec: comparison eapol/eapol_framework/eapol_common/type/tls_peap/eap/include/eap_type_tls_peap

equal deleted inserted replaced

--1:000000000000
+:c8830336c852
+/*
+* Copyright (c) 2001-2006 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of the License "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description:  EAP and WLAN authentication protocols.
+*
+*/
+#if !defined(_EAP_TYPE_TLS_PEAP_TYPES_H_)
+#define _EAP_TYPE_TLS_PEAP_TYPES_H_
+#include "eap_buffer.h"
+#include "eap_type_all_types.h"
+#include "tls_peap_types.h"
+#include "eap_configuration_field.h"
+/** @file eap_type_tls_peap_types.h
+*  @brief This file defines the constants of the TLS_PEAP EAP type.
+*/
+/**
+* This is the internal state of the TLS_PEAP EAP type.
+*/
+enum eap_type_tls_peap_state_variable_e
+{
+	eap_type_tls_peap_state_waiting_for_identity_request                          , ///< Client state waiting_for_identity_request
+	eap_type_tls_peap_state_pending_identity_query                                , ///< Client state pending_identity_query
+	eap_type_tls_peap_state_waiting_for_tls_start                                 , ///< Client state waiting_for_eap_start
+	eap_type_tls_peap_state_process_tls_start                                     , ///< Client state process_tls_start
+	eap_type_tls_peap_state_waiting_for_request                                   , ///< Client state waiting_for_request
+	eap_type_tls_peap_state_waiting_for_success                                   , ///< Client state waiting_for_success
+	eap_type_tls_peap_state_tppd_peapv1_waits_eap_success_or_tunneled_packet     , ///< Client state PEAPv1 waits EAP-Success or tunneled packet.
+	eap_type_tls_peap_state_waiting_for_identity_response                         , ///< Server state waiting_for_identity_response
+	eap_type_tls_peap_state_waiting_for_first_response                            , ///< Server state waiting_for_first_response, This is needed in PEAP version negotiation.
+	eap_type_tls_peap_state_waiting_for_response                                  , ///< Server state waiting_for_response
+	eap_type_tls_peap_state_waiting_for_empty_response                            , ///< Server state waiting_for_empty_response
+	eap_type_tls_peap_state_waiting_for_empty_tppd_peap_v1_acknowledge           , ///< Server state waiting_for_empty_tppd_peap_v1_response
+#if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK)
+	eap_type_tls_peap_state_server_waits_ttls_plain_ms_chap_v2_empty_ack          , ///< This is state notification to server to wait empty TTLS/plain MsChapv2 Ack.
+#endif //#if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK)
+	eap_type_tls_peap_state_process_tls_message                                   , ///< Client or server state process_tls_message
+	eap_type_tls_peap_state_success                                               , ///< State state_success
+	eap_type_tls_peap_state_failure                                               , ///< State state_failure
+	eap_type_tls_peap_state_last_value                                            , ///< Keep this enum the last one.
+};
+enum eap_type_tls_peap_reassembly_state_e
+{
+	eap_type_tls_peap_reassembly_state_none,
+	eap_type_tls_peap_reassembly_state_wait_first_message,
+	eap_type_tls_peap_reassembly_state_wait_last_fragment,
+	eap_type_tls_peap_reassembly_state_message_reassembled,
+};
+/**
+* This is the type of the TLS_PEAP authentication.
+*/
+enum eap_tls_peap_authentication_type_e
+{
+	TLS_PEAP_AUTHENTICATION_TYPE_NONE,
+	TLS_PEAP_AUTHENTICATION_TYPE_TLS,
+	TLS_PEAP_AUTHENTICATION_TYPE_PEAP,
+};
+enum eap_type_tls_peap_stored_e
+{
+	eap_type_tls_peap_stored_none,
+	eap_type_tls_peap_stored_session_id,
+	eap_type_tls_peap_stored_master_secret,
+	eap_type_tls_peap_stored_used_cipher_suite,
+	eap_type_tls_peap_stored_count_of_session_resumes,
+	eap_type_tls_peap_stored_test_every_cipher_suite_counter,
+#if defined(USE_EAP_TLS_SESSION_TICKET)
+	eap_type_tls_peap_stored_session_ticket_encryption_key,
+	eap_type_tls_peap_stored_session_ticket_authentication_key,
+	eap_type_tls_peap_stored_session_ticket_lifetime_hint,
+	eap_type_tls_peap_stored_session_ticket_data,
+#endif // #if defined(USE_EAP_TLS_SESSION_TICKET)
+#if defined(USE_FAST_EAP_TYPE)
+	eap_type_tls_peap_stored_tunnel_pac_is_fresh,
+	eap_type_tls_peap_stored_tunnel_pac,
+	eap_type_tls_peap_stored_user_authorization_pac,
+	eap_type_tls_peap_stored_provisioning_successfull,
+	eap_type_tls_peap_stored_provisioning_mode,
+	eap_type_tls_peap_stored_provisioning_pac_type,
+	eap_type_tls_peap_stored_tls_session_type,
+#endif //#if defined(USE_FAST_EAP_TYPE)
+};
+/**
+* This is the size of the local send buffer.
+*/
+const u32_t EAP_TLS_PEAP_LOCAL_PACKET_BUFFER_LENGTH = EAP_MAX_LOCAL_PACKET_BUFFER_LENGTH;
+/**
+* This is the at character used in NAI.
+*/
+const u8_t EAP_TLS_PEAP_AT_CHARACTER = '@';
+/**
+* This is the maximum size of the EAP-TLS/PEAP message.
+* This value limits the maximum size of the received EAP-TLS/PEAP message.
+*/
+const u32_t EAP_TLS_PEAP_MAX_MESSAGE_LENGTH = 65536ul;
+/**
+*  @defgroup EAP_TLS_PEAP_config_options Configuration options of EAP-TLS/PEAP.
+*  The following configuration options are read through abs_eap_base_type_c::read_configure() function.
+*  @{
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_use_manual_username,
+	"EAP_TLS_PEAP_use_manual_username",
+	eap_configure_type_boolean,
+	false);
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_manual_username,
+	"EAP_TLS_PEAP_manual_username",
+	eap_configure_type_string,
+	false);
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_use_manual_realm,
+	"EAP_TLS_PEAP_use_manual_realm",
+	eap_configure_type_boolean,
+	false);
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_manual_realm,
+	"EAP_TLS_PEAP_manual_realm",
+	eap_configure_type_string,
+	false);
+#if defined(USE_EAP_TLS_SESSION_TICKET)
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_use_session_ticket,
+	"EAP_TLS_PEAP_use_session_ticket",
+	eap_configure_type_boolean,
+	false);
+#endif //#if defined(USE_EAP_TLS_SESSION_TICKET)
+#if defined(USE_EAP_TLS_SESSION_TICKET)
+EAP_CONFIGURATION_FIELD(
+	cf_str_TLS_fail_with_illegal_session_ticket_or_pac,
+	"TLS_fail_with_illegal_session_ticket_or_pac",
+	eap_configure_type_boolean,
+	false);
+#endif //#if defined(USE_EAP_TLS_SESSION_TICKET)
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_disable_certificates,
+	"EAP_TLS_PEAP_disable_certificates",
+	eap_configure_type_boolean,
+	false);
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_ttls_pap_password_prompt,
+	"EAP_TLS_PEAP_ttls_pap_password_prompt",
+	eap_configure_type_boolean,
+	false);
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_ttls_pap_username,
+	"EAP_TLS_PEAP_ttls_pap_username",
+	eap_configure_type_string,
+	false);
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_ttls_pap_password,
+	"EAP_TLS_PEAP_ttls_pap_password",
+	eap_configure_type_string,
+	false);
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_ttls_pap_max_session_validity_time,
+	"EAP_TLS_PEAP_ttls_pap_max_session_validity_time",
+	eap_configure_type_u32_t,
+	false);
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_ttls_pap_randomly_fail_password,
+	"EAP_TLS_PEAP_ttls_pap_randomly_fail_password",
+	eap_configure_type_boolean,
+	false);
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_FAST_authority_identity,
+	"EAP_FAST_authority_identity",
+	eap_configure_type_string,
+	false);
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_FAST_authority_identity_hex_data,
+	"EAP_FAST_authority_identity",
+	eap_configure_type_hex_data,
+	false);
+/**
+* This is boolean configuration option.
+* True value means every cipher suite is tested during test run.
+* False value means only selected cipher suite is tested. See EAP_TLS_PEAP_cipher_suite.
+* Default value is false.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_test_every_cipher_suite,
+	"EAP_TLS_PEAP_test_every_cipher_suite",
+	eap_configure_type_boolean,
+	false);
+/**
+*  This u32_t configuration option is the cipher suite.
+*  Default value is 19 = 0x0013 (TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA).
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_cipher_suite,
+	"EAP_TLS_PEAP_cipher_suite",
+	eap_configure_type_u32_t,
+	false);
+/**
+*  This u32array_t configuration option is the array of accepted cipher suites.
+*  Default value is 19 = 0x0013 (TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA).
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_allowed_cipher_suites,
+	"EAP_TLS_PEAP_allowed_cipher_suites",
+	eap_configure_type_u32array,
+	false);
+/**
+*  This u32_t configuration option is the maximum count of session resumes.
+*  Default value is 0.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_max_count_of_session_resumes,
+	"EAP_TLS_PEAP_max_count_of_session_resumes",
+	eap_configure_type_u32_t,
+	false);
+/**
+*  This u32_t configuration option is the count of session resumes.
+*  Default value is 0.
+*/
+#if defined(USE_EAP_FIXED_DATABASE_FIELDS)
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_count_of_session_resumes,
+	"EAP_TLS_PEAP_count_of_session_resumes",
+	eap_configure_type_u32_t,
+	false);
+#else
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_count_of_session_resumes,
+	"session_resume_count",
+	eap_configure_type_u32_t,
+	false);
+#endif
+/**
+*  This hex data configuration option is the saved session ID.
+*  Default value is 0.
+*/
+#if defined(USE_EAP_FIXED_DATABASE_FIELDS)
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_saved_session_id,
+	"EAP_TLS_PEAP_saved_session_id",
+	eap_configure_type_hex_data,
+	false);
+#else
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_saved_session_id,
+	"session_id",
+	eap_configure_type_hex_data,
+	false);
+#endif
+/**
+* This hex data or u32array configuration option value is list of EAP-types client accepts inside PEAP.
+* Values in the u32array are type of u32_t.
+* This is used in simulator testing.
+*/
+#if defined(USE_EAP_FIXED_DATABASE_FIELDS)
+EAP_CONFIGURATION_FIELD(
+	cf_str_PEAP_accepted_tunneled_client_types_hex_data,
+	"PEAP_accepted_tunneled_client_types",
+	eap_configure_type_hex_data,
+	false);
+EAP_CONFIGURATION_FIELD(
+	cf_str_PEAP_accepted_tunneled_client_types_u32array,
+	"PEAP_accepted_tunneled_client_types",
+	eap_configure_type_u32array,
+	false);
+EAP_CONFIGURATION_FIELD(
+	cf_str_PEAP_unaccepted_tunneled_client_types_hex_data,
+	"PEAP_unaccepted_tunneled_client_types",
+	eap_configure_type_hex_data,
+	false);
+EAP_CONFIGURATION_FIELD(
+	cf_str_PEAP_unaccepted_tunneled_client_types_u32array,
+	"PEAP_unaccepted_tunneled_client_types",
+	eap_configure_type_u32array,
+	false);
+#else
+EAP_CONFIGURATION_FIELD(
+	cf_str_PEAP_accepted_tunneled_client_types_hex_data,
+	"PEAP_tunneled_types",
+	eap_configure_type_hex_data,
+	false);
+EAP_CONFIGURATION_FIELD(
+	cf_str_PEAP_accepted_tunneled_client_types_u32array,
+	"PEAP_tunneled_types",
+	eap_configure_type_u32array,
+	false);
+#endif
+/**
+* This hex data or u32array configuration option value is list of EAP-types server accepts inside PEAP.
+* Values in the array are type of u32_t.
+* This is used in simulator testing.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_PEAP_accepted_tunneled_server_types_hex_data,
+	"PEAP_accepted_tunneled_server_types",
+	eap_configure_type_hex_data,
+	false);
+EAP_CONFIGURATION_FIELD(
+	cf_str_PEAP_accepted_tunneled_server_types_u32array,
+	"PEAP_accepted_tunneled_server_types",
+	eap_configure_type_u32array,
+	false);
+/**
+*  This boolean configuration option value true allows PEAP restore tunneled session.
+*  This means PEAP does not run the tunneled EAP-type when
+*  PEAP session is resumed successfully.
+*  Default value is true.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_PEAP_allow_tunneled_session_resumption,
+	"PEAP_allow_tunneled_session_resumption",
+	eap_configure_type_boolean,
+	false);
+/**
+*  This boolean configuration option value true allows PEAP server restore tunneled session.
+*  This means PEAP version 0 does not run the tunneled EAP-type when
+*  PEAP session is resumed successfully.
+*  Default value is true.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_PEAP_server_allow_tunneled_session_resumption,
+	"PEAP_server_allow_tunneled_session_resumption",
+	eap_configure_type_boolean,
+	false);
+/**
+*  This boolean configuration option value true commands PEAPv1 server use tunneled Extensions Request message.
+*  Default value is false.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_PEAPv1_server_use_extensions_request,
+	"PEAPv1_server_use_extensions_request",
+	eap_configure_type_boolean,
+	false);
+/**
+*  This hex data configuration option is the saved master secret.
+*  Default value is 0.
+*/
+#if defined(USE_EAP_FIXED_DATABASE_FIELDS)
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_saved_master_secret,
+	"EAP_TLS_PEAP_saved_master_secret",
+	eap_configure_type_hex_data,
+	true);
+#else
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_saved_master_secret,
+	"master_secret",
+	eap_configure_type_hex_data,
+	true);
+#endif
+/**
+*  This u32_t configuration option is the saved cipher suite.
+*  Default value is 0.
+*/
+#if defined(USE_EAP_FIXED_DATABASE_FIELDS)
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_saved_cipher_suite,
+	"EAP_TLS_PEAP_saved_cipher_suite",
+	eap_configure_type_u32_t,
+	false);
+#else
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_saved_cipher_suite,
+	"saved_cipher_suite",
+	eap_configure_type_u32_t,
+	false);
+#endif
+/**
+*  This string configuration option is the filename for the client DSA certificate used
+*  in EAP-type TLS_PEAP.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_DSA_client_certificate_file,
+	"EAP_TLS_PEAP_DSA_client_certificate_file",
+	eap_configure_type_string,
+	false);
+/**
+*  This string configuration option is the filename for the client DSA private key used
+*  in EAP-type TLS_PEAP.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_DSA_client_private_key_file,
+	"EAP_TLS_PEAP_DSA_client_private_key_file",
+	eap_configure_type_string,
+	false);
+/**
+*  This string configuration option is the filename for the server DSA certificate used
+*  in EAP-type TLS_PEAP.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_DSA_server_certificate_file,
+	"EAP_TLS_PEAP_DSA_server_certificate_file",
+	eap_configure_type_string,
+	false);
+/**
+*  This string configuration option is the filename for the server DSA private key used
+*  in EAP-type TLS_PEAP.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_DSA_server_private_key_file,
+	"EAP_TLS_PEAP_DSA_server_private_key_file",
+	eap_configure_type_string,
+	false);
+/**
+*  This string configuration option is the filename for the client's CA
+*	DSA certificate used for verifying server's identity in EAP-type TLS_PEAP.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_DSA_client_ca_certificate_file,
+	"EAP_TLS_PEAP_DSA_client_ca_certificate_file",
+	eap_configure_type_string,
+	false);
+/**
+*  This string configuration option is the filename for the server's CA
+*	DSA certificate used for verifying client's identity in EAP-type TLS_PEAP.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_DSA_server_ca_certificate_file,
+	"EAP_TLS_PEAP_DSA_server_ca_certificate_file",
+	eap_configure_type_string,
+	false);
+/**
+*  This string configuration option is the filename for the client RSA certificate used
+*  in EAP-type TLS_PEAP.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_RSA_client_certificate_file,
+	"EAP_TLS_PEAP_RSA_client_certificate_file",
+	eap_configure_type_string,
+	false);
+/**
+*  This string configuration option is the filename for the client RSA private key used
+*  in EAP-type TLS_PEAP.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_RSA_client_private_key_file,
+	"EAP_TLS_PEAP_RSA_client_private_key_file",
+	eap_configure_type_string,
+	false);
+/**
+*  This string configuration option is the filename for the server RSA certificate used
+*  in EAP-type TLS_PEAP.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_RSA_server_certificate_file,
+	"EAP_TLS_PEAP_RSA_server_certificate_file",
+	eap_configure_type_string,
+	false);
+/**
+*  This string configuration option is the filename for the server RSA private key used
+*  in EAP-type TLS_PEAP.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_RSA_server_private_key_file,
+	"EAP_TLS_PEAP_RSA_server_private_key_file",
+	eap_configure_type_string,
+	false);
+/**
+*  This string configuration option is the filename for the client's CA
+*	RSA certificate used for verifying server's identity in EAP-type TLS_PEAP.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_RSA_client_ca_certificate_file,
+	"EAP_TLS_PEAP_RSA_client_ca_certificate_file",
+	eap_configure_type_string,
+	false);
+/**
+*  This string configuration option is the filename for the server's CA
+*	RSA certificate used for verifying client's identity in EAP-type TLS_PEAP.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_RSA_server_ca_certificate_file,
+	"EAP_TLS_PEAP_RSA_server_ca_certificate_file",
+	eap_configure_type_string,
+	false);
+#if defined(USE_EAP_TLS_IDENTITY_PRIVACY)
+/**
+*  This is boolean configuration option.
+*  True value means on TLS client uses privacy.
+*  False value means on TLS client does not use privacy.
+*  Default value is false.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_use_identity_privacy,
+	"EAP_TLS_PEAP_use_identity_privacy",
+	eap_configure_type_boolean,
+	false);
+/**
+*  This is boolean configuration option.
+*  True value means on TLS server uses privacy.
+*  False value means on TLS server does not use privacy.
+*  Default value is false.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_use_identity_privacy_server,
+	"EAP_TLS_PEAP_use_identity_privacy_server",
+	eap_configure_type_boolean,
+	false);
+#endif //#if defined(USE_EAP_TLS_IDENTITY_PRIVACY)
+/**
+*  This is boolean configuration option.
+*  True value means EAP-FAST server sends piggypacked EAP-Identity/Request.
+*  False value means EAP-FAST server does not send piggypacked EAP-Identity/Request, instead it waits empty Ack-message from client.
+*  Default value is true.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_FAST_send_piggypacked_eap_identity_request,
+	"EAP_FAST_send_piggypacked_eap_identity_request",
+	eap_configure_type_boolean,
+	false);
+/**
+*  This is boolean configuration option.
+*  True value means EAP-FAST can run server unauthenticated provisioning.
+*  False value means no EAP-FAST server unauthenticated provisioning is allowed.
+*  Default value is false.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_FAST_allow_server_unauthenticated_provisioning_mode_ADHP,
+	"EAP_FAST_allow_server_unauthenticated_provisioning_mode_ADHP",
+	eap_configure_type_boolean,
+	false);
+/**
+* This is boolean configuration option.
+* True value means EAP-FAST can run server authenticated provisioning.
+* False value means no EAP-FAST server authenticated provisioning is allowed.
+* Default value is false.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_FAST_allow_server_authenticated_provisioning_mode,
+	"EAP_FAST_allow_server_authenticated_provisioning_mode",
+	eap_configure_type_boolean,
+	false);
+/**
+* This is boolean configuration option.
+* True value means EAP-FAST client can provisioning User Authorization PAC.
+* False value means EAP-FAST client can not provisioning User Authorization PAC.
+* Default value is true.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_FAST_allow_user_authorization_pac_provisioning,
+	"EAP_FAST_allow_user_authorization_pac_provisioning",
+	eap_configure_type_boolean,
+	false);
+/**
+* This is boolean configuration option.
+* True value means EAP-FAST server randomly refuses provisioning User Authorization PAC.
+* False value means EAP-FAST server does provisioning User Authorization PAC.
+* Default value is true.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_FAST_randomly_does_not_provision_user_authorization_pac,
+	"EAP_FAST_randomly_does_not_provision_user_authorization_pac",
+	eap_configure_type_boolean,
+	false);
+/**
+* This is boolean configuration option.
+* True value means EAP-FAST server randomly fail successfull authentication with EAP-Failure.
+* False value means EAP-FAST server does not ramdomly fail authentication.
+* Default value is false.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_FAST_server_randomly_fail_authentication,
+	"EAP_FAST_server_randomly_fail_authentication",
+	eap_configure_type_boolean,
+	false);
+/**
+* This is boolean configuration option.
+* True value means EAP-FAST client accepts A-ID.
+* False value means no EAP-FAST client does not accept A-ID.
+* Default value is false.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_accept_a_id,
+	"EAP_TLS_PEAP_accept_a_id",
+	eap_configure_type_boolean,
+	false);
+/**
+* This is boolean configuration option.
+* True value means EAP-FAST server fail check of User Authorization PAC randomly.
+* False value means no EAP-FAST server does not fail check of User Authorization PAC randomly.
+* Default value is false.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_FAST_test_fail_user_authorization_pac_randomly,
+	"EAP_FAST_test_fail_user_authorization_pac_randomly",
+	eap_configure_type_boolean,
+	false);
+/**
+* This is boolean configuration option.
+* True value means EAP-FAST server fail check of Tunnel PAC randomly.
+* False value means no EAP-FAST server does not fail check of Tunnel PAC randomly.
+* Default value is false.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_FAST_test_fail_tunnel_pac_randomly,
+	"EAP_FAST_test_fail_tunnel_pac_randomly",
+	eap_configure_type_boolean,
+	false);
+/**
+*  This string configuration option is the password of PAC store.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_FAST_PAC_store_password,
+	"EAP_FAST_PAC_store_password",
+	eap_configure_type_string,
+	false);
+/**
+*  This string configuration option is the password of PAC file.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_FAST_tppds_PAC_file_password,
+	"EAP_FAST_tppds_PAC_file_password",
+	eap_configure_type_string,
+	false);
+/**
+*  This string configuration option is the device seed of PAC store password.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_FAST_PAC_store_device_seed,
+	"EAP_FAST_PAC_store_device_seed",
+	eap_configure_type_string,
+	false);
+/**
+*  This string configuration option is the directory path to PAC store.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_FAST_PAC_store_path,
+	"EAP_FAST_PAC_store_path",
+	eap_configure_type_string,
+	false);
+/**
+*  This string configuration option is the directory path of import directory of PAC store.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_FAST_import_path,
+	"EAP_FAST_import_path",
+	eap_configure_type_string,
+	false);
+/**
+*  This hex data configuration option is the encryption key server uses with PAC.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_FAST_PAC_encryption_key,
+	"EAP_FAST_PAC_encryption_key",
+	eap_configure_type_hex_data,
+	false);
+/**
+*  This hex data configuration option is the authentication key server uses with PAC.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_FAST_PAC_authentication_key,
+	"EAP_FAST_PAC_authentication_key",
+	eap_configure_type_hex_data,
+	false);
+/**
+*  This hex data configuration option is the IAP reference the client uses.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_FAST_IAP_reference,
+	"EAP_FAST_IAP_reference",
+	eap_configure_type_hex_data,
+	false);
+/**
+*  This hex data configuration option is the Group reference the client uses.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_FAST_Group_reference,
+	"EAP_FAST_Group_reference",
+	eap_configure_type_hex_data,
+	false);
+/**
+*  This u32_t data configuration option is the timeout of the PAC store key.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_FAST_PAC_store_key_timeout_ms,
+	"EAP_FAST_PAC_store_key_timeout_ms",
+	eap_configure_type_u32_t,
+	false);
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_FAST_test_remove_IAP_reference,
+	"EAP_FAST_test_remove_IAP_reference",
+	eap_configure_type_boolean,
+	false);
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_FAST_test_add_imported_PAC_file,
+	"EAP_FAST_test_add_imported_PAC_file",
+	eap_configure_type_boolean,
+	false);
+/**
+*  This u32_t data configuration option is the timeout before finish successfull authentication. This is leave time for UI.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_FAST_delay_successfull_finish_timeout,
+	"EAP_FAST_delay_successfull_finish_timeout",
+	eap_configure_type_u32_t,
+	false);
+/**
+*  This boolean data configuration option activate prompt to warn for ADHP auto-provisioning when
+*  there is no PAC that matches the A-ID sent by server. EAP-FAST specific.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_FAST_warn_ADHP_no_matching_PAC,
+	"EAP_FAST_warn_ADHP_no_matching_PAC",
+	eap_configure_type_boolean,
+	false);
+/**
+*  This boolean data configuration option activate prompt to warn for ADHP (Authenticated Diffie-Hellman Protocol)
+*  auto-provisioning when there is no PAC at all. EAP-FAST specific.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_FAST_warn_ADHP_no_PAC,
+	"EAP_FAST_warn_ADHP_no_PAC",
+	eap_configure_type_boolean,
+	false);
+/**
+*  This boolean data configuration option activate prompt to warn when client encouters a server that has provisioned
+*  the client with a PAC before but is not currently selected as the default server. EAP-FAST specific.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_FAST_warn_ADHP_not_default_server,
+	"EAP_FAST_warn_ADHP_not_default_server",
+	eap_configure_type_boolean,
+	false);
+/**
+*  This is boolean configuration option.
+*  True value means on successfull authentication EAP-type TLS_PEAP waits the EAP-Success message.
+*  False value means on successfull authentication EAP-type TLS_PEAP does NOT wait the EAP-Success message.
+*  NOTE: True value is needed in Windows RAS.
+*  Default value is true.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_wait_eap_success_packet,
+	"EAP_TLS_PEAP_wait_eap_success_packet",
+	eap_configure_type_boolean,
+	false);
+/**
+*  This is boolean configuration option.
+*  True value means on EAP-type TLS_PEAP must check identifier of EAP-Response/Identity message.
+*  False value means on EAP-type TLS_PEAP does not check identifier of EAP-Response/Identity message.
+*  This is not possible in cases where identifier of the EAP-Request/Identity is generated by other network entities.
+*  Default value is false.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_check_identifier_of_eap_identity_response,
+	"EAP_TLS_PEAP_check_identifier_of_eap_identity_response",
+	eap_configure_type_boolean,
+	false);
+/**
+*  This is boolean configuration option.
+*  This flag activates NAI realm check. Default value is false.
+*  When active NAI realm muts be the same as realm given by EAP_TLS_PEAP_manual_realm option.
+*  Default value is false.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_check_nai_realm,
+	"EAP_TLS_PEAP_check_nai_realm",
+	eap_configure_type_boolean,
+	false);
+/**
+*  This is boolean configuration option.
+*  This is for testing.
+*  True value means on test version of EAP-type TLS_PEAP is used.
+*  Test version tries to make as many authentications as it is possible.
+*  False value means on real version of EAP-type TLS_PEAP is used.
+*  Default value is false.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_test_version,
+	"EAP_TLS_test_version",
+	eap_configure_type_boolean,
+	false);
+/**
+*  This is boolean configuration option.
+*  True value of this flag causes client return random
+*  identity on EAP-Response/Identity.
+*  False value causes client return real identity
+*  (IMSI, pseudonym or re-authentication identity)
+*  in EAP-Response/Identity.
+*  Default value is false.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_use_random_identity_on_eap_identity_response,
+	"EAP_TLS_PEAP_use_random_identity_on_eap_identity_response",
+	eap_configure_type_boolean,
+	false);
+/**
+* This is u32_t configuration option.
+* Server selects the proposed PEAP version with this option.
+* Possible values are 2, 1 and 0.
+* See: PEAPv0 draft-kamath-pppext-peapv0-00.txt
+*      PEAPv1 draft-josefsson-pppext-eap-tls-eap-05.txt
+*      PEAPv2 draft-josefsson-pppext-eap-tls-eap-XX.txt
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_used_PEAP_version,
+	"EAP_TLS_PEAP_used_PEAP_version",
+	eap_configure_type_u32_t,
+	false);
+/**
+* This is u32array configuration option.
+* Client and server accepts and selects the PEAP version with this option.
+* Possible values are 2, 1 and 0.
+* See: PEAPv0 draft-kamath-pppext-peapv0-00.txt
+*      PEAPv1 draft-josefsson-pppext-eap-tls-eap-05.txt
+*      PEAPv2 draft-josefsson-pppext-eap-tls-eap-XX.txt
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_accepted_PEAP_versions,
+	"EAP_TLS_PEAP_accepted_PEAP_versions",
+	eap_configure_type_u32array,
+	false);
+/**
+* This is u32array configuration option.
+* Server accepts and selects the PEAP version with this option.
+* Possible values are 2, 1 and 0.
+* See: PEAPv0 draft-kamath-pppext-peapv0-00.txt
+*      PEAPv1 draft-josefsson-pppext-eap-tls-eap-05.txt
+*      PEAPv2 draft-josefsson-pppext-eap-tls-eap-XX.txt
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_server_accepted_PEAP_versions,
+	"EAP_TLS_PEAP_server_accepted_PEAP_versions",
+	eap_configure_type_u32array,
+	false);
+/**
+* This is boolean configuration option.
+* This will select whether the different TLS and PEAP version is used.
+* Different TLS and PEAP versions use TLS message length in all first message fragments
+* even the message fits to one fragment except EAP-TLS-start, EAP-TLS-Acknowledge and
+* PEAP-application data. The client acknowledges tunneled EAP-Success message
+* with empty PEAP message.
+* Microsoft's and other's TLS and PEAP does use TLS message only
+* in the first fragmented TLS message.
+* True value means TLS message length is included (different style).
+* False value means TLS message length is NOT included (normal style).
+* Default value is true.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_use_tppd_tls_peap,
+	"EAP_TLS_PEAP_use_tppd_tls_peap",
+	eap_configure_type_boolean,
+	false);
+/**
+* On fast session resume Tppd's server does not send tunneled EAP-Success.
+* Instead it sends plain EAP-Success.
+* This configuration flag when set true allows this functionality in client and server.
+* False value disables this functionality in client and server.
+* Default value is true.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_use_tppd_peapv1_acknowledge_hack,
+	"EAP_TLS_use_tppd_peapv1_acknowledge_hack",
+	eap_configure_type_boolean,
+	false);
+/**
+* This is for server only.
+* On fast session resume Tppd's server does not send tunneled EAP-Success.
+* Instead it sends plain EAP-Success.
+* This configuration flag when set true allows this functionality in server.
+* False value disables this functionality in server.
+* Default value is true.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_server_use_tppd_peapv1_acknowledge_hack,
+	"EAP_TLS_server_use_tppd_peapv1_acknowledge_hack",
+	eap_configure_type_boolean,
+	false);
+/**
+* This is boolean configuration option.
+* This is used in simulator testing.
+* True value means queries to AM are completed asyncronous.
+* False value means queries to AM are completed syncronous.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_do_asyncronous_completions,
+	"EAP_TLS_PEAP_do_asyncronous_completions",
+	eap_configure_type_boolean,
+	false);
+/**
+* This is boolean configuration option.
+* This is used in simulator testing.
+* True value means queries to AM are randomly completed asyncronous.
+* False value means queries to AM are randomly completed syncronous.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_do_asyncronous_completions_randomly,
+	"EAP_TLS_PEAP_do_asyncronous_completions_randomly",
+	eap_configure_type_boolean,
+	false);
+/**
+* This is u32_t configuration option.
+* This is used in simulator testing.
+* Value is the maximum completion time (ms) when completitions are
+* completed randomly.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_max_tls_completion_time,
+	"EAP_TLS_PEAP_max_tls_completion_time",
+	eap_configure_type_u32_t,
+	false);
+/**
+* This is boolean configuration option.
+* This is used in client simulator testing.
+* True value means query_certificate_chain() to AM fails always automatically in client.
+* False value means query_certificate_chain() to AM works normally in client.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_fail_query_certificate_chain,
+	"EAP_TLS_PEAP_fail_query_certificate_chain",
+	eap_configure_type_boolean,
+	false);
+/**
+*  This is boolean configuration option.
+*  This flag activates NAI realm check of certificate.
+*  Both client and server will check this.
+*  When this is active *server* checks the NAI realm of EAP-response/Identity is
+*  the same as realm given in the certificate of the client.
+*  When this is active *client* checks the NAI realm of EAP-response/Identity is
+*  the same as realm given in the certificate of the server.
+*  Default value is true.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_verify_certificate_realm,
+	"EAP_TLS_PEAP_verify_certificate_realm",
+	eap_configure_type_boolean,
+	false);
+/**
+*  This is boolean configuration option.
+*  This flag activates "relaxed" NAI realm check of certificate. Realm does not have to
+*  match exactly in this mode. For example server.eapsim.foo and eapsim.foo are considered
+*  to be the same realm.
+*  Only client will check this.
+*  Default value is false.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_allow_subdomain_matching,
+	"EAP_TLS_PEAP_allow_subdomain_matching",
+	eap_configure_type_boolean,
+	false);
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_PEAP_use_eap_expanded_type,
+	"EAP_TLS_PEAP_use_eap_expanded_type",
+	eap_configure_type_boolean,
+	false);
+/**
+*  This u32_t configuration value specifies the maximum session validity time in seconds.
+*  Default value is 12 hours in seconds, which is 43200 seconds.
+*/
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TLS_max_session_validity_time,
+	"EAP_TLS_max_session_validity_time",
+	eap_configure_type_u32_t,
+	false);
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_PEAP_max_session_validity_time,
+	"EAP_PEAP_max_session_validity_time",
+	eap_configure_type_u32_t,
+	false);
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_TTLS_max_session_validity_time,
+	"EAP_TTLS_max_session_validity_time",
+	eap_configure_type_u32_t,
+	false);
+EAP_CONFIGURATION_FIELD(
+	cf_str_EAP_FAST_max_session_validity_time,
+	"EAP_FAST_max_session_validity_time",
+	eap_configure_type_u32_t,
+	false);
+/** @} */ // End of group EAP_TLS_PEAP_config_options.
+//--------------------------------------------------
+#endif //#if !defined(_EAP_TYPE_TLS_PEAP_TYPES_H_)
+//--------------------------------------------------
+// End.

changeset 0	c8830336c852
child 2	1c7bc153c08e