|
1 /* |
|
2 * Copyright (c) 2001-2006 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of the License "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: EAP and WLAN authentication protocols. |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 |
|
20 |
|
21 #if !defined(_ABS_TLS_BASE_APPLICATION_H_) |
|
22 #define _ABS_TLS_BASE_APPLICATION_H_ |
|
23 |
|
24 #if defined(USE_FAST_EAP_TYPE) |
|
25 #include "eap_fast_tlv_header.h" |
|
26 #endif //#if defined(USE_FAST_EAP_TYPE) |
|
27 |
|
28 #include "tls_record_header.h" |
|
29 #include "tls_handshake_header.h" |
|
30 |
|
31 class eap_buf_chain_wr_c; |
|
32 class eap_variable_data_c; |
|
33 class abs_eap_state_notification_c; |
|
34 class abs_eap_base_timer_c; |
|
35 class abs_eap_base_type_c; |
|
36 class eap_base_type_c; |
|
37 class eap_network_id_selector_c; |
|
38 class eap_fast_variable_data_c; |
|
39 |
|
40 |
|
41 /// The class is the interface to partner class of the tls_base_application_c class. |
|
42 /// This declares the pure virtual member functions tls_base_application_c class could call. |
|
43 class EAP_EXPORT abs_tls_base_application_c |
|
44 { |
|
45 private: |
|
46 //-------------------------------------------------- |
|
47 |
|
48 //-------------------------------------------------- |
|
49 protected: |
|
50 //-------------------------------------------------- |
|
51 |
|
52 //-------------------------------------------------- |
|
53 public: |
|
54 //-------------------------------------------------- |
|
55 |
|
56 /** |
|
57 * The destructor of the abs_tls_base_application_c class does nothing special. |
|
58 */ |
|
59 virtual ~abs_tls_base_application_c() |
|
60 { |
|
61 } |
|
62 |
|
63 /** |
|
64 * The constructor of the abs_tls_base_application_c class does nothing special. |
|
65 */ |
|
66 abs_tls_base_application_c() |
|
67 { |
|
68 } |
|
69 |
|
70 /** |
|
71 * The derived class could send packets to partner class with this function. |
|
72 * @param sent_packet includes the buffer for the whole packet and initialized |
|
73 * TLS-packet in correct offset. |
|
74 * @param header_offset is offset of the TLS-header within the sent_packet. |
|
75 * @param data_length is length in bytes of the TLS-packet. |
|
76 * @param buffer_length is length in bytes of the whole packet buffer. |
|
77 */ |
|
78 virtual eap_status_e packet_send( |
|
79 eap_buf_chain_wr_c * const sent_packet, |
|
80 const u32_t header_offset, |
|
81 const u32_t data_length, |
|
82 const u32_t buffer_length) = 0; |
|
83 |
|
84 /** |
|
85 * The get_header_offset() function obtains the header offset of PEAP-packet. |
|
86 * @param MTU_length is pointer to variable to store the maximum transfer unit (MTU). |
|
87 * MTU is the maximum PEAP-packet length in bytes |
|
88 * @param trailer_length is pointer to the variable to store length |
|
89 * of trailer needed by lower levels. |
|
90 * @return Function returns the offset of PEAP-header. |
|
91 * |
|
92 * The needed buffer length is ((offset) + (PEAP-packet length) + (trailer)) bytes. |
|
93 * Each layer adds the length of the header to offset. |
|
94 * Each layer removes the length of the header and trailer from MTU. |
|
95 * |
|
96 * Now some ascii graphics follows. |
|
97 * @code |
|
98 * |<-------------------------buffer length----------------------------------------->| |
|
99 * | | |
|
100 * | +-----+--------------------------+ | |
|
101 * | | EAP | data | | |
|
102 * | +-----+--------------------------+ | |
|
103 * |<----offset---------------------->|<----MTU----------------------->|<--trailer-->| |
|
104 * | | | | |
|
105 * | +------+--------------------------------+ | |
|
106 * | | PEAP | data | | |
|
107 * | +------+--------------------------------+ | |
|
108 * |<----offset--------------->|<----MTU------------------------------>|<--trailer-->| |
|
109 * | | | | |
|
110 * | +-----+---------------------------------------+ | |
|
111 * | | EAP | data | | |
|
112 * | +-----+---------------------------------------+ | |
|
113 * |<----offset--------->|<----MTU------------------------------------>|<--trailer-->| |
|
114 * | | | | |
|
115 * | +-------+---------------------------------------------+ | |
|
116 * | | EAPOL | data | | |
|
117 * | +-------+---------------------------------------------+ | |
|
118 * |<--offset--->|<----MTU-------------------------------------------->|<--trailer-->| |
|
119 * | | | | |
|
120 * +-------------+-----------------------------------------------------+-------------+ |
|
121 * | ETHERNET | data | trailer | |
|
122 * +-------------+-----------------------------------------------------+-------------+ |
|
123 * |<----MTU------------------------------------------------------------------------>| |
|
124 * @endcode |
|
125 * |
|
126 */ |
|
127 virtual u32_t get_header_offset( |
|
128 u32_t * const MTU_length, |
|
129 u32_t * const trailer_length) = 0; |
|
130 |
|
131 /** |
|
132 * This function restarts authentication to receive_network_id. |
|
133 * @param receive_network_id is network identity of target. |
|
134 * @param is_client_when_true indicates whether this object should act as a client (true) |
|
135 * or server (false), in terms of EAP-protocol whether this network entity is EAP-supplicant (true) |
|
136 * or EAP-authenticator (false). |
|
137 */ |
|
138 virtual eap_status_e restart_authentication( |
|
139 const eap_am_network_id_c * const receive_network_id, |
|
140 const bool is_client_when_true, |
|
141 const bool force_clean_restart, |
|
142 const bool from_timer) = 0; |
|
143 |
|
144 /** |
|
145 * The read_configure() function reads the configuration data identified |
|
146 * by the field string of field_length bytes length. Adaptation module must direct |
|
147 * the query to some persistent store. |
|
148 * @param field is generic configure string idenfying the required configure data. |
|
149 * @param field_length is length of the field string. |
|
150 * @param data is pointer to existing eap_variable_data object. |
|
151 * |
|
152 * EAP-type should store it's parameters to an own database. The own database should be accessed |
|
153 * through adaptation module of EAP-type. See eap_am_type_tls_peap_simulator_c::type_configure_read. |
|
154 */ |
|
155 virtual eap_status_e read_configure( |
|
156 const eap_configuration_field_c * const field, |
|
157 eap_variable_data_c * const data) = 0; |
|
158 |
|
159 /** |
|
160 * The write_configure() function writes the configuration data identified |
|
161 * by the field string of field_length bytes length. Adaptation module must direct |
|
162 * the action to some persistent store. |
|
163 * @param field is generic configure string idenfying the required configure data. |
|
164 * @param field_length is length of the field string. |
|
165 * @param data is pointer to existing eap_variable_data object. |
|
166 * |
|
167 * EAP-type should store it's parameters to an own database. The own database should be accessed |
|
168 * through adaptation module of EAP-type. See eap_am_type_tls_peap_simulator_c::type_configure_write. |
|
169 */ |
|
170 virtual eap_status_e write_configure( |
|
171 const eap_configuration_field_c * const field, |
|
172 eap_variable_data_c * const data) = 0; |
|
173 |
|
174 /** |
|
175 * This is notification of internal state transition. |
|
176 * This is used for notifications, debugging and protocol testing. |
|
177 * The primal notifications are eap_state_variable_e::eap_state_authentication_finished_successfully |
|
178 * and eap_state_variable_e::eap_state_authentication_terminated_unsuccessfully. EAP-type MUST send these |
|
179 * two notifications to lower layer. |
|
180 * These two notifications are sent using EAP-protocol layer (eap_protocol_layer_e::eap_protocol_layer_eap). |
|
181 * See also eap_state_notification_c. |
|
182 */ |
|
183 virtual void state_notification( |
|
184 const abs_eap_state_notification_c * const state) = 0; |
|
185 |
|
186 /** |
|
187 * The set_timer() function initializes timer to be elapsed after p_time_ms milliseconds. |
|
188 * @param initializer is pointer to object which timer_expired() function will |
|
189 * be called after timer elapses. |
|
190 * @param id is identifier which will be returned in timer_expired() function. |
|
191 * The user selects and interprets the id for this timer. |
|
192 * @param data is pointer to any user selected data which will be returned in timer_expired() function. |
|
193 * |
|
194 * Adaptation module internally implements the timer. |
|
195 */ |
|
196 virtual eap_status_e set_timer( |
|
197 abs_eap_base_timer_c * const initializer, |
|
198 const u32_t id, |
|
199 void * const data, |
|
200 const u32_t p_time_ms) = 0; |
|
201 |
|
202 /** |
|
203 * The cancel_timer() function cancels the timer id initiated by initializer. |
|
204 * |
|
205 * Adaptation module internally implements the timer. |
|
206 */ |
|
207 virtual eap_status_e cancel_timer( |
|
208 abs_eap_base_timer_c * const initializer, |
|
209 const u32_t id) = 0; |
|
210 |
|
211 /** |
|
212 * The cancel_all_timers() function cancels all timers. |
|
213 * User should use this in termination of the stack before |
|
214 * the adaptation module of tools is deleted. |
|
215 * Preferred mode is to cancel each timer directly |
|
216 * using cancel_timer() function. |
|
217 * |
|
218 * Adaptation module internally implements the timer. |
|
219 */ |
|
220 virtual eap_status_e cancel_all_timers() = 0; |
|
221 |
|
222 /** |
|
223 * This is needed by PEAP type. |
|
224 * The load_module() function function indicates the lower level to |
|
225 * load new module of EAP-type. |
|
226 * @param type is the requested EAP-type. |
|
227 * @param partner is pointer to the caller object. |
|
228 * The partner of the new created EAP-type object is the caller object. |
|
229 * @param eap_type is a pointer to a pointer of EAP-type object. |
|
230 * Adaptation module sets eap_type pointer to created EAP-type object. |
|
231 * @param is_client_when_true parameter indicates whether the network entity should |
|
232 * act as a client (true) or server (false), in terms of EAP-protocol whether |
|
233 * this network entity is EAP-supplicant (true) or EAP-authenticator (false). |
|
234 */ |
|
235 virtual eap_status_e load_module( |
|
236 const eap_type_value_e type, |
|
237 const eap_type_value_e /* tunneling_type */, |
|
238 abs_eap_base_type_c * const partner, |
|
239 eap_base_type_c ** const eap_type, |
|
240 const bool is_client_when_true, |
|
241 const eap_am_network_id_c * const receive_network_id) = 0; |
|
242 |
|
243 /** |
|
244 * This is needed by PEAP type. |
|
245 * The unload_module() function unloads the module of a EAP-type. |
|
246 * @param type is the requested EAP-type. |
|
247 */ |
|
248 virtual eap_status_e unload_module(const eap_type_value_e type) = 0; |
|
249 |
|
250 /** |
|
251 * Note this function is just an example. Parameters will change later. |
|
252 * The packet_data_crypto_keys() function gives the generated keys to lower level. |
|
253 * After EAP-authentication has generated the keys it calls this function |
|
254 * to offer the keys to lower level. |
|
255 * @see abs_eap_base_type_c::packet_data_crypto_keys(). |
|
256 */ |
|
257 virtual eap_status_e packet_data_crypto_keys( |
|
258 const eap_am_network_id_c * const send_network_id, |
|
259 const eap_master_session_key_c * const master_session_key |
|
260 ) = 0; |
|
261 |
|
262 /** |
|
263 * This is needed by PEAP type. |
|
264 * This function queries the validity of EAP-type. |
|
265 * Lower layer should return eap_status_ok if this EAP-type is supported. |
|
266 */ |
|
267 virtual eap_status_e check_is_valid_eap_type(const eap_type_value_e eap_type) = 0; |
|
268 |
|
269 /** |
|
270 * This function queries the list of supported EAP-types. |
|
271 * Lower layer should return eap_status_ok if this call succeeds. |
|
272 * @param eap_type_list will include the list of supported EAP-types. Each value in list |
|
273 * is type of u32_t and represent one supported EAP-type. List consists of subsequent u32_t type values. |
|
274 */ |
|
275 virtual eap_status_e get_eap_type_list( |
|
276 eap_array_c<eap_type_value_e> * const eap_type_list) = 0; |
|
277 |
|
278 /** |
|
279 * The get_tls_master_secret() function copies the EAP-TLS master session key. |
|
280 */ |
|
281 virtual eap_status_e get_eap_tls_master_session_key( |
|
282 eap_variable_data_c * const eap_tls_master_session_key, |
|
283 eap_variable_data_c * const mschapv2_challenges |
|
284 ) = 0; |
|
285 |
|
286 /** |
|
287 * This function gets the TTLS implicit challenge from TLS. |
|
288 */ |
|
289 virtual eap_status_e get_ttls_implicit_challenge( |
|
290 eap_variable_data_c * const ttls_implicit_challenge, |
|
291 const u32_t required_ttls_implicit_challenge_length) = 0; |
|
292 |
|
293 virtual eap_status_e add_rogue_ap(eap_array_c<eap_rogue_ap_entry_c> & rogue_ap_list) = 0; |
|
294 |
|
295 /** |
|
296 * The set_session_timeout() function changes the session timeout timer to be elapsed after session_timeout_ms milliseconds. |
|
297 */ |
|
298 virtual eap_status_e set_session_timeout( |
|
299 const u32_t session_timeout_ms) = 0; |
|
300 |
|
301 #if defined(USE_FAST_EAP_TYPE) |
|
302 |
|
303 virtual eap_status_e complete_query_tunnel_PAC( |
|
304 const eap_status_e in_completion_status, |
|
305 const eap_fast_pac_type_e in_pac_type, |
|
306 const eap_fast_variable_data_c * const in_tunnel_PAC_key_tlv, |
|
307 const eap_fast_variable_data_c * const in_tunnel_PAC_opaque_tlv) = 0; |
|
308 |
|
309 #endif //#if defined(USE_FAST_EAP_TYPE) |
|
310 |
|
311 |
|
312 virtual eap_status_e query_ttls_pap_username_and_password( |
|
313 const eap_variable_data_c * const reply_message) = 0; |
|
314 |
|
315 virtual eap_status_e verify_ttls_pap_username_and_password( |
|
316 const eap_variable_data_c * const user_name, |
|
317 const eap_variable_data_c * const user_password) = 0; |
|
318 |
|
319 // This is used in EAP-FAST to see the next TLS-handshake message protocol. |
|
320 virtual tls_record_protocol_e get_next_tls_record_message_protocol() = 0; |
|
321 |
|
322 // This is used in EAP-FAST to see the next TLS-handshake message type. |
|
323 virtual tls_handshake_type_e get_next_tls_handshake_message_type() = 0; |
|
324 |
|
325 //-------------------------------------------------- |
|
326 }; // class abs_tls_base_application_c |
|
327 |
|
328 #endif //#if !defined(_ABS_TLS_BASE_APPLICATION_H_) |
|
329 |
|
330 //-------------------------------------------------- |
|
331 |
|
332 |
|
333 |
|
334 // End. |