|
1 /* |
|
2 * Copyright (c) 2001-2006 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of the License "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: EAP and WLAN authentication protocols. |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 |
|
20 |
|
21 #if !defined(_TLS_APPLICATION_EAP_CORE_H_) |
|
22 #define _TLS_APPLICATION_EAP_CORE_H_ |
|
23 |
|
24 #include "abs_eap_core.h" |
|
25 #include "tls_base_application.h" |
|
26 #include "tls_peap_types.h" |
|
27 #include "tls_peap_tlv_header.h" |
|
28 #include "tls_peap_tlv_payloads.h" |
|
29 #include "eap_master_session_key.h" |
|
30 #include "eap_diameter_payloads.h" |
|
31 |
|
32 class abs_tls_base_application_c; |
|
33 class abs_eap_am_tools_c; |
|
34 class eap_am_network_id_c; |
|
35 class tls_record_header_c; |
|
36 class eap_core_c; |
|
37 class peap_tlv_payloads_c; |
|
38 class eap_diameter_payloads_c; |
|
39 |
|
40 |
|
41 /// The tls_application_eap_core_c class is a implementation of tls_base_application_c. |
|
42 class EAP_EXPORT tls_application_eap_core_c |
|
43 : public tls_base_application_c |
|
44 , public abs_eap_core_c |
|
45 { |
|
46 private: |
|
47 //-------------------------------------------------- |
|
48 |
|
49 /// This is pointer to the tools class. @see abs_eap_am_tools_c. |
|
50 abs_eap_am_tools_c * const m_am_tools; |
|
51 |
|
52 /// This is pointer to EAP-core. |
|
53 eap_core_c * m_eap_core; |
|
54 |
|
55 /// This flag tells whether the m_eap_core must be freed in destructor (true) or not (false). |
|
56 const bool m_free_eap_core; |
|
57 |
|
58 /// This is pointer to TLS-application. |
|
59 abs_tls_base_application_c * m_application_partner; |
|
60 |
|
61 /// This is network identity of the received packet. |
|
62 eap_am_network_id_c m_receive_network_id; |
|
63 |
|
64 /// This is the EAP-type which creates the tunnel (PEAP or TTLS). |
|
65 eap_type_value_e m_eap_type; |
|
66 |
|
67 /// This separates different PEAP versions (PEAPv2, PEAPv1 or XP PEAPv0). |
|
68 peap_version_e m_peap_version; |
|
69 |
|
70 /// This is the EAP-type which is tunneled inside PEAP. |
|
71 eap_type_value_e m_peap_tunneled_eap_type; |
|
72 |
|
73 /// This variable saves the state of the tunneled EAP-type. |
|
74 /// State is changed during packet_process() and state_notification() function calls. |
|
75 eap_state_variable_e m_tunneled_eap_type_authentication_state; |
|
76 |
|
77 |
|
78 peap_tlv_payloads_c m_peapv2_tlv_payloads; |
|
79 |
|
80 eap_variable_data_c m_peap_v2_client_nonce; |
|
81 |
|
82 eap_variable_data_c m_peap_v2_server_nonce; |
|
83 |
|
84 eap_variable_data_c m_peap_v2_IPMKn; |
|
85 |
|
86 eap_variable_data_c m_peap_v2_ISKn; |
|
87 |
|
88 eap_variable_data_c m_peap_v2_CMK_B1_server; |
|
89 |
|
90 eap_variable_data_c m_peap_v2_CMK_B2_client; |
|
91 |
|
92 eap_master_session_key_c m_peap_v2_CSK; |
|
93 |
|
94 |
|
95 eap_array_c<eap_type_value_e> m_accepted_tunneled_eap_types; |
|
96 |
|
97 eap_variable_data_c m_pseudo_ethernet_header; |
|
98 |
|
99 eap_diameter_payloads_c m_ttls_received_payloads; |
|
100 |
|
101 eap_ttls_tunneled_message_type_e m_ttls_message_type; |
|
102 |
|
103 |
|
104 eap_variable_data_c m_ttls_sent_eap_packet; |
|
105 |
|
106 #if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
107 |
|
108 eap_variable_data_c m_ttls_user_name; |
|
109 |
|
110 eap_variable_data_c m_ttls_implicit_challenge; |
|
111 |
|
112 eap_ttls_tunneled_message_state_e m_ttls_tunneled_message_state; |
|
113 |
|
114 #endif //#if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
115 |
|
116 |
|
117 u32_t m_error_probability; |
|
118 |
|
119 u8_t m_received_eap_identifier; |
|
120 |
|
121 /// This flag activates error manipulation to send tunneled packets. |
|
122 bool m_enable_random_errors; |
|
123 |
|
124 /// This flag activates error manipulation to send tunneled packets. |
|
125 bool m_manipulate_only_tunneled_messages; |
|
126 |
|
127 /// This indicates whether this object was generated successfully. |
|
128 bool m_is_valid; |
|
129 |
|
130 /// This indicates whether this object is client (true) or server (false). |
|
131 /// In terms of EAP-protocol whether this network entity is EAP-supplicant (true) or EAP-authenticator (false). |
|
132 bool m_is_client; |
|
133 |
|
134 /// This flag tells whether the shutdown() function was called (true) or not (false). |
|
135 bool m_shutdown_was_called; |
|
136 |
|
137 tls_session_type_e m_tls_session_type; |
|
138 |
|
139 bool m_peap_allow_tunneled_session_resumption; |
|
140 |
|
141 /// This configurable option selects whether the special style of TLS/PEAP |
|
142 /// is used, the length field is added to all message fragments |
|
143 /// even the message fits to one fragment except EAP-TLS-start, EAP-TLS-Acknowledge and |
|
144 /// PEAP-application data. The client acknowledges tunneled EAP-Success message |
|
145 /// with empty PEAP message. |
|
146 bool m_use_tppd_tls_peap; |
|
147 |
|
148 /// On fast session resume server does not send tunneled EAP-Success. |
|
149 /// Instead it sends plain EAP-Success. |
|
150 /// True value of this flag allows this plain EAP-Success. |
|
151 bool m_use_tppd_peapv1_acknowledge_hack; |
|
152 |
|
153 |
|
154 #if defined(USE_EAP_PEAPV1_EXTENSIONS) |
|
155 bool m_server_use_peapv1_extensions_request; |
|
156 bool m_client_send_peapv1_extensions_response; |
|
157 #endif //#if defined(USE_EAP_PEAPV1_EXTENSIONS) |
|
158 |
|
159 |
|
160 #if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
161 |
|
162 bool m_tunneled_eap_in_ttls; |
|
163 |
|
164 u8_t m_ttls_plain_ms_chap_v2_eap_identifier; |
|
165 |
|
166 #endif //#if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
167 |
|
168 bool m_use_eap_expanded_type; |
|
169 |
|
170 bool m_wait_plain_eap_success; |
|
171 |
|
172 /** |
|
173 * The set_is_valid() function sets the state of the object valid. |
|
174 * The creator of this object calls this function after it is initialized. |
|
175 */ |
|
176 EAP_FUNC_IMPORT void set_is_valid(); |
|
177 |
|
178 EAP_FUNC_IMPORT eap_status_e create_eap_success_failure_in_forward_to_tunnel( |
|
179 const eap_am_network_id_c * const receive_network_id, |
|
180 const eap_code_value_e forwarded_eap_code, |
|
181 const u8_t received_eap_identifier); |
|
182 |
|
183 EAP_FUNC_IMPORT eap_status_e check_ttls_eap_payloads( |
|
184 eap_diameter_payloads_c * const payloads, |
|
185 eap_ttls_tunneled_message_type_e * const message_type); |
|
186 |
|
187 |
|
188 EAP_FUNC_IMPORT eap_status_e ttls_server_handles_pap_response( |
|
189 eap_diameter_payloads_c * const payloads, |
|
190 const u8_t received_eap_identifier); |
|
191 |
|
192 EAP_FUNC_IMPORT eap_status_e ttls_server_handles_pap_reply_message( |
|
193 eap_diameter_payloads_c * const payloads, |
|
194 const u8_t received_eap_identifier); |
|
195 |
|
196 EAP_FUNC_IMPORT eap_status_e check_ttls_plain_pap_payloads( |
|
197 eap_diameter_payloads_c * const payloads, |
|
198 eap_ttls_tunneled_message_type_e * const message_type); |
|
199 |
|
200 EAP_FUNC_IMPORT eap_status_e handle_ttls_plain_pap_payloads( |
|
201 eap_diameter_payloads_c * const payloads, |
|
202 const eap_ttls_tunneled_message_type_e message_type, |
|
203 const u8_t received_eap_identifier); |
|
204 |
|
205 |
|
206 #if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
207 |
|
208 EAP_FUNC_IMPORT eap_status_e create_ttls_diameter_avp( |
|
209 eap_variable_data_c * const avp, |
|
210 const eap_variable_data_c * const data, |
|
211 eap_diameter_avp_code_c code, |
|
212 const bool include_vendor_id); |
|
213 |
|
214 |
|
215 EAP_FUNC_IMPORT eap_status_e check_ttls_plain_mschapv2_payloads( |
|
216 eap_diameter_payloads_c * const payloads, |
|
217 eap_ttls_tunneled_message_type_e * const message_type); |
|
218 |
|
219 EAP_FUNC_IMPORT eap_status_e handle_ttls_plain_mschapv2_payloads( |
|
220 eap_diameter_payloads_c * const payloads, |
|
221 const eap_ttls_tunneled_message_type_e message_type, |
|
222 const u8_t received_eap_identifier); |
|
223 |
|
224 |
|
225 EAP_FUNC_IMPORT eap_status_e ttls_server_handles_ms_chapv2_response( |
|
226 eap_diameter_payloads_c * const payloads, |
|
227 const u8_t received_eap_identifier); |
|
228 |
|
229 EAP_FUNC_IMPORT eap_status_e ttls_server_handles_ms_chapv2_change_password( |
|
230 eap_diameter_payloads_c * const payloads, |
|
231 const u8_t received_eap_identifier); |
|
232 |
|
233 EAP_FUNC_IMPORT eap_status_e ttls_client_handles_ms_chapv2_success( |
|
234 eap_diameter_payloads_c * const payloads, |
|
235 const u8_t received_eap_identifier); |
|
236 |
|
237 EAP_FUNC_IMPORT eap_status_e ttls_client_handles_ms_chapv2_error( |
|
238 eap_diameter_payloads_c * const payloads, |
|
239 const u8_t received_eap_identifier); |
|
240 |
|
241 |
|
242 EAP_FUNC_IMPORT eap_status_e send_ttls_ms_chapv2_packet( |
|
243 eap_header_wr_c * const sent_eap_packet); |
|
244 |
|
245 |
|
246 EAP_FUNC_IMPORT eap_status_e ttls_tunneled_message_state_process_identity_response( |
|
247 eap_header_wr_c * const sent_eap_packet); |
|
248 |
|
249 EAP_FUNC_IMPORT eap_status_e ttls_tunneled_message_state_process_response( |
|
250 eap_header_wr_c * const sent_eap_packet); |
|
251 |
|
252 EAP_FUNC_IMPORT eap_status_e ttls_tunneled_message_state_process_change_password_response( |
|
253 eap_header_wr_c * const sent_eap_packet); |
|
254 |
|
255 EAP_FUNC_IMPORT eap_status_e ttls_tunneled_message_state_process_identity_request( |
|
256 eap_header_wr_c * const sent_eap_packet); |
|
257 |
|
258 EAP_FUNC_IMPORT eap_status_e ttls_tunneled_message_state_process_challenge_request( |
|
259 eap_header_wr_c * const sent_eap_packet); |
|
260 |
|
261 EAP_FUNC_IMPORT eap_status_e ttls_tunneled_message_state_process_success_request( |
|
262 eap_header_wr_c * const sent_eap_packet); |
|
263 |
|
264 EAP_FUNC_IMPORT eap_status_e ttls_tunneled_message_state_complete_success_request( |
|
265 eap_header_wr_c * const sent_eap_packet); |
|
266 |
|
267 EAP_FUNC_IMPORT eap_status_e ttls_tunneled_message_state_process_error_request( |
|
268 eap_header_wr_c * const sent_eap_packet); |
|
269 |
|
270 EAP_FUNC_IMPORT eap_status_e ttls_tunneled_message_state_complete_error_request( |
|
271 eap_header_wr_c * const sent_eap_packet); |
|
272 |
|
273 |
|
274 #endif //#if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
275 |
|
276 |
|
277 /** |
|
278 * This function processes the received packet of TTLS. |
|
279 * @param packet includes the received packet. |
|
280 * @param received_eap_identifier is the EAP-identifier field of the PEAP packet. |
|
281 * @param forwarded_eap_packet includes created EAP-packet that is forwarded to eap_core_c object. |
|
282 */ |
|
283 EAP_FUNC_IMPORT eap_status_e packet_process_ttls( |
|
284 eap_variable_data_c * const received_eap_message, |
|
285 const u8_t received_eap_identifier, |
|
286 u32_t * const eap_packet_length); |
|
287 |
|
288 /** |
|
289 * This function processes the received packet of XP PEAPv0. |
|
290 * @param packet includes the received packet. |
|
291 * @param received_eap_identifier is the EAP-identifier field of the PEAP packet. |
|
292 * @param forwarded_eap_packet includes created EAP-packet that is forwarded to eap_core_c object. |
|
293 */ |
|
294 EAP_FUNC_IMPORT eap_status_e packet_process_xp_peap_v0( |
|
295 eap_variable_data_c * const packet, |
|
296 const u8_t received_eap_identifier, |
|
297 u32_t * const eap_packet_length); |
|
298 |
|
299 /** |
|
300 * This function processes the received packet of PEAPv1. |
|
301 */ |
|
302 EAP_FUNC_IMPORT eap_status_e packet_process_peap_v1( |
|
303 eap_variable_data_c * const received_eap_message, |
|
304 const u8_t received_eap_identifier, |
|
305 u32_t * const eap_packet_length); |
|
306 |
|
307 EAP_FUNC_IMPORT eap_status_e finish_successfull_authentication_peap_v2( |
|
308 const u8_t received_eap_identifier); |
|
309 |
|
310 EAP_FUNC_IMPORT eap_status_e store_nonce_peap_v2( |
|
311 const bool is_client_when_true, |
|
312 peap_tlv_payloads_c * const peapv2_tlv_payloads); |
|
313 |
|
314 /** |
|
315 * This function processes the received packet of PEAPv2. |
|
316 * @param packet includes the received packet. |
|
317 * @param received_eap_identifier is the EAP-identifier field of the PEAP packet. |
|
318 * @param forwarded_eap_packet includes created EAP-packet that is forwarded to eap_core_c object. |
|
319 */ |
|
320 EAP_FUNC_IMPORT eap_status_e packet_process_peap_v2( |
|
321 eap_variable_data_c * const packet, |
|
322 const u8_t received_eap_identifier, |
|
323 u32_t * const eap_packet_length); |
|
324 |
|
325 /** |
|
326 * This function verifies the previously received and parsed packet of PEAPv2. |
|
327 */ |
|
328 EAP_FUNC_IMPORT eap_status_e verify_tunneled_acknowledge_peap_v2(); |
|
329 |
|
330 |
|
331 /** |
|
332 * This function sends XP-PEAPv0 protected EAP-Success or EAP-Failure messages. |
|
333 */ |
|
334 EAP_FUNC_IMPORT eap_status_e send_tunneled_acknowledge_xp_peap_v0( |
|
335 const eap_code_value_e result_eap_code, |
|
336 const u8_t eap_identifier); |
|
337 |
|
338 /** |
|
339 * This function sends PEAPv2 protected EAP-Success or EAP-Failure messages. |
|
340 */ |
|
341 EAP_FUNC_IMPORT eap_status_e send_tunneled_acknowledge_peap_v2( |
|
342 const eap_code_value_e result_eap_code, |
|
343 const u8_t eap_identifier); |
|
344 |
|
345 |
|
346 EAP_FUNC_IMPORT eap_status_e create_nonce( |
|
347 eap_variable_data_c * const nonce); |
|
348 |
|
349 EAP_FUNC_IMPORT eap_status_e create_nonce_peap_v2( |
|
350 const bool create_client_nonce_when_true); |
|
351 |
|
352 EAP_FUNC_IMPORT eap_status_e create_compound_mac_key_peap_v2( |
|
353 const bool create_client_CMK_when_true); |
|
354 |
|
355 EAP_FUNC_IMPORT eap_status_e create_compound_session_key_peap_v2(); |
|
356 |
|
357 |
|
358 EAP_FUNC_IMPORT eap_status_e create_crypto_binding_compound_mac( |
|
359 const eap_variable_data_c * const peap_v2_CMK, |
|
360 const tls_peap_tlv_header_c * const crypto_binding_tlv, |
|
361 eap_variable_data_c * const mac_data); |
|
362 |
|
363 |
|
364 EAP_FUNC_IMPORT eap_status_e create_result_tlv_message( |
|
365 eap_buf_chain_wr_c * const packet, |
|
366 const eap_code_value_e result_eap_code, |
|
367 const u8_t eap_identifier, |
|
368 const tls_peap_tlv_type_e tlv_type); |
|
369 |
|
370 EAP_FUNC_IMPORT eap_status_e create_intermediate_result_tlv_message( |
|
371 eap_buf_chain_wr_c * const packet, |
|
372 const eap_code_value_e result_eap_code, |
|
373 const u8_t eap_identifier); |
|
374 |
|
375 EAP_FUNC_IMPORT eap_status_e create_eap_payload_tlv_message( |
|
376 eap_buf_chain_wr_c * const packet, |
|
377 const eap_header_wr_c * const sent_eap_packet, |
|
378 const u8_t eap_identifier); |
|
379 |
|
380 EAP_FUNC_IMPORT eap_status_e create_crypto_binding_tlv_message( |
|
381 eap_buf_chain_wr_c * const packet, |
|
382 const eap_code_value_e result_eap_code, |
|
383 const u8_t eap_identifier, |
|
384 const eap_variable_data_c * const nonce, |
|
385 const u8_t received_version); |
|
386 |
|
387 EAP_FUNC_IMPORT eap_status_e create_eap_diameter_avp_message( |
|
388 eap_buf_chain_wr_c * const packet, |
|
389 const eap_header_wr_c * const sent_eap_packet, |
|
390 const u8_t eap_identifier); |
|
391 |
|
392 EAP_FUNC_IMPORT eap_status_e parse_generic_payload( |
|
393 const tls_peap_tlv_type_e current_payload, |
|
394 const tls_peap_tlv_header_c * const payload, |
|
395 peap_tlv_payloads_c * const p_peap_tlv_payloads); |
|
396 |
|
397 EAP_FUNC_IMPORT eap_status_e parse_peap_tlv_payload( |
|
398 u8_t * const buffer, |
|
399 u32_t * const buffer_length, |
|
400 peap_tlv_payloads_c * const peap_tlv_payloads); |
|
401 |
|
402 EAP_FUNC_IMPORT void trace_tunneled_packet( |
|
403 eap_const_string prefix, |
|
404 const eap_header_wr_c * const eap_packet); |
|
405 |
|
406 EAP_FUNC_IMPORT eap_status_e packet_forward_to_tunnel( |
|
407 const eap_am_network_id_c * const receive_network_id, |
|
408 eap_header_wr_c * const forwarded_eap_packet, |
|
409 const u32_t eap_packet_length); |
|
410 |
|
411 #if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
412 |
|
413 eap_ttls_tunneled_message_state_e get_ttls_tunneled_message_state(); |
|
414 |
|
415 void set_ttls_tunneled_message_state(eap_ttls_tunneled_message_state_e ttls_state); |
|
416 |
|
417 #endif //#if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
418 |
|
419 //-------------------------------------------------- |
|
420 protected: |
|
421 //-------------------------------------------------- |
|
422 |
|
423 //-------------------------------------------------- |
|
424 public: |
|
425 //-------------------------------------------------- |
|
426 |
|
427 /** |
|
428 * The destructor of the tls_application_eap_core_c class does nothing special. |
|
429 */ |
|
430 EAP_FUNC_IMPORT virtual ~tls_application_eap_core_c(); |
|
431 |
|
432 /** |
|
433 * The constructor of the tls_application_eap_core_c class simply initializes the attributes. |
|
434 * @param tools is pointer to the tools class. @see abs_eap_am_tools_c. |
|
435 * @param partner is back pointer to object which created this object. |
|
436 * @param eap_core is pointer to EAP-core object. |
|
437 * The tls_application_eap_core_c object sends packets to the network using m_type_partner object. |
|
438 */ |
|
439 EAP_FUNC_IMPORT tls_application_eap_core_c( |
|
440 abs_eap_am_tools_c * const tools, |
|
441 eap_core_c * const eap_core, |
|
442 const bool free_eap_core, |
|
443 const bool is_client_when_true, |
|
444 const eap_type_value_e eap_type, |
|
445 const eap_am_network_id_c * const receive_network_id); |
|
446 |
|
447 /** |
|
448 * This function sets the PEAP version. |
|
449 */ |
|
450 EAP_FUNC_IMPORT void set_peap_version( |
|
451 const peap_version_e peap_version, |
|
452 const bool use_tppd_tls_peap, |
|
453 const bool use_tppd_peapv1_acknowledge_hack); |
|
454 |
|
455 /** |
|
456 * The configure() function is called after the constructor of the |
|
457 * object is successfully executed. During the function call the object |
|
458 * could query the configuration. Each derived class must define this function. |
|
459 */ |
|
460 EAP_FUNC_IMPORT eap_status_e configure(); |
|
461 |
|
462 /** |
|
463 * The shutdown() function is called before the destructor of the |
|
464 * object is executed. During the function call the object |
|
465 * could shutdown the operations, for example cancel timers. |
|
466 * Each derived class must define this function. |
|
467 */ |
|
468 EAP_FUNC_IMPORT eap_status_e shutdown(); |
|
469 |
|
470 /** |
|
471 * This function processes the received packet. |
|
472 * @param packet includes the received packet. |
|
473 * @param received_eap_identifier is the EAP-identifier field of the PEAP packet. |
|
474 */ |
|
475 EAP_FUNC_IMPORT eap_status_e packet_process( |
|
476 eap_variable_data_c * const packet, |
|
477 const u8_t received_eap_identifier); |
|
478 |
|
479 /** |
|
480 * This function indicates the plain text EAP-Success or EAP-Failure packet is received. |
|
481 * @param receive_network_id includes the addresses (network identity) and packet type. |
|
482 * @param received_eap_identifier is the EAP-Identifier of the received EAP-Success packet. |
|
483 */ |
|
484 EAP_FUNC_IMPORT eap_status_e plain_eap_success_failure_packet_received( |
|
485 const eap_am_network_id_c * const receive_network_id, |
|
486 const eap_code_value_e received_eap_code, |
|
487 const u8_t received_eap_identifier); |
|
488 |
|
489 /** |
|
490 * This function indicates the empty Ack packet is received. |
|
491 * This is used in TTLS. |
|
492 * @param receive_network_id includes the addresses (network identity) and packet type. |
|
493 * @param received_eap_identifier is the EAP-Identifier of the received EAP-Success packet. |
|
494 */ |
|
495 EAP_FUNC_IMPORT eap_status_e empty_ack_packet_received( |
|
496 const eap_am_network_id_c * const receive_network_id, |
|
497 const u8_t received_eap_identifier); |
|
498 |
|
499 /** |
|
500 * This function starts TTLS tunneled authentication. |
|
501 */ |
|
502 EAP_FUNC_IMPORT eap_status_e start_ttls_tunneled_authentication( |
|
503 const eap_am_network_id_c * const receive_network_id, |
|
504 const u8_t received_eap_identifier); |
|
505 |
|
506 /** |
|
507 * Object must indicate it's validity. |
|
508 * If object initialization fails this function must return false. |
|
509 * @return This function returns the validity of this object. |
|
510 */ |
|
511 EAP_FUNC_IMPORT bool get_is_valid(); |
|
512 |
|
513 /** |
|
514 * This function must reset the state of object to same as |
|
515 * state was after the configure() function call. |
|
516 * If object reset succeeds this function must return eap_status_ok. |
|
517 * If object reset fails this function must return corresponding error status. |
|
518 * @return This function returns the status of reset operation. |
|
519 */ |
|
520 EAP_FUNC_IMPORT eap_status_e reset(); |
|
521 |
|
522 |
|
523 /** |
|
524 * This function starts the tunneled EAP-type within PEAP. |
|
525 */ |
|
526 EAP_FUNC_IMPORT eap_status_e start_peap_tunneled_authentication( |
|
527 const eap_am_network_id_c * const receive_network_id, |
|
528 const bool is_client_when_true, |
|
529 const u8_t received_eap_identifier, |
|
530 const tls_session_type_e tls_session_type, |
|
531 const bool tls_peap_server_authenticates_client_action); |
|
532 |
|
533 /// @see abs_eap_core_c::packet_send(). |
|
534 EAP_FUNC_IMPORT eap_status_e packet_send( |
|
535 const eap_am_network_id_c * const network_id, |
|
536 eap_buf_chain_wr_c * const sent_packet, |
|
537 const u32_t header_offset, |
|
538 const u32_t data_length, |
|
539 const u32_t buffer_length); |
|
540 |
|
541 /// @see abs_eap_core_c::get_header_offset(). |
|
542 EAP_FUNC_IMPORT u32_t get_header_offset( |
|
543 u32_t * const MTU, |
|
544 u32_t * const trailer_length); |
|
545 |
|
546 /// @see abs_eap_core_c::load_module(). |
|
547 EAP_FUNC_IMPORT eap_status_e load_module( |
|
548 const eap_type_value_e type, |
|
549 const eap_type_value_e /* tunneling_type */, |
|
550 abs_eap_base_type_c * const partner, |
|
551 eap_base_type_c ** const eap_type, |
|
552 const bool is_client_when_true, |
|
553 const eap_am_network_id_c * const receive_network_id); |
|
554 |
|
555 /// @see abs_eap_core_c::unload_module(). |
|
556 EAP_FUNC_IMPORT eap_status_e unload_module(const eap_type_value_e type); |
|
557 |
|
558 /// @see abs_eap_core_c::restart_authentication(). |
|
559 EAP_FUNC_IMPORT eap_status_e restart_authentication( |
|
560 const eap_am_network_id_c * const receive_network_id, |
|
561 const bool is_client_when_true, |
|
562 const bool force_clean_restart, |
|
563 const bool from_timer = false); |
|
564 |
|
565 /// @see abs_eap_core_c::packet_data_crypto_keys(). |
|
566 EAP_FUNC_IMPORT eap_status_e packet_data_crypto_keys( |
|
567 const eap_am_network_id_c * const send_network_id, |
|
568 const eap_master_session_key_c * const master_session_key |
|
569 ); |
|
570 |
|
571 /// @see abs_eap_core_c::read_configure(). |
|
572 EAP_FUNC_IMPORT eap_status_e read_configure( |
|
573 const eap_configuration_field_c * const field, |
|
574 eap_variable_data_c * const data); |
|
575 |
|
576 /// @see abs_eap_core_c::write_configure(). |
|
577 EAP_FUNC_IMPORT eap_status_e write_configure( |
|
578 const eap_configuration_field_c * const field, |
|
579 eap_variable_data_c * const data); |
|
580 |
|
581 /// @see abs_eap_core_c::state_notification(). |
|
582 EAP_FUNC_IMPORT void state_notification( |
|
583 const abs_eap_state_notification_c * const state); |
|
584 |
|
585 /// @see abs_eap_core_c::asynchronous_init_remove_eap_session(). |
|
586 EAP_FUNC_IMPORT eap_status_e asynchronous_init_remove_eap_session( |
|
587 const eap_am_network_id_c * const send_network_id); |
|
588 |
|
589 /// @see abs_eap_core_c::set_timer(). |
|
590 EAP_FUNC_IMPORT eap_status_e set_timer( |
|
591 abs_eap_base_timer_c * const initializer, |
|
592 const u32_t id, |
|
593 void * const data, |
|
594 const u32_t p_time_ms); |
|
595 |
|
596 /// @see abs_eap_core_c::cancel_timer(). |
|
597 EAP_FUNC_IMPORT eap_status_e cancel_timer( |
|
598 abs_eap_base_timer_c * const initializer, |
|
599 const u32_t id); |
|
600 |
|
601 /// @see abs_eap_core_c::cancel_all_timers(). |
|
602 EAP_FUNC_IMPORT eap_status_e cancel_all_timers(); |
|
603 |
|
604 /// @see abs_eap_core_c::check_is_valid_eap_type(). |
|
605 EAP_FUNC_IMPORT eap_status_e check_is_valid_eap_type(const eap_type_value_e eap_type); |
|
606 |
|
607 /// @see abs_eap_core_c::get_eap_type_list(). |
|
608 EAP_FUNC_IMPORT eap_status_e get_eap_type_list( |
|
609 eap_array_c<eap_type_value_e> * const eap_type_list); |
|
610 |
|
611 /// @see tls_base_application_c::get_application_partner(). |
|
612 EAP_FUNC_IMPORT abs_tls_base_application_c * get_application_partner(); |
|
613 |
|
614 /// @see tls_base_application_c::set_application_partner(). |
|
615 EAP_FUNC_IMPORT eap_status_e set_application_partner(abs_tls_base_application_c * const partner); |
|
616 |
|
617 /// @see tls_base_application_c::peap_tunnel_ready(). |
|
618 EAP_FUNC_IMPORT eap_status_e peap_tunnel_ready(); |
|
619 |
|
620 EAP_FUNC_IMPORT eap_status_e add_rogue_ap(eap_array_c<eap_rogue_ap_entry_c> & rogue_ap_list); |
|
621 |
|
622 // This is documented in tls_base_application_c::set_session_timeout(). |
|
623 EAP_FUNC_IMPORT eap_status_e set_session_timeout( |
|
624 const u32_t session_timeout_ms); |
|
625 |
|
626 EAP_FUNC_IMPORT void set_tunneled_state( |
|
627 const tls_session_type_e tls_session_type); |
|
628 |
|
629 // This is commented in tls_base_record_c::read_authority_identity(). |
|
630 EAP_FUNC_IMPORT eap_status_e read_authority_identity(eap_variable_data_c * const authority_identity_payload); |
|
631 |
|
632 // This is commented in tls_base_record_c::save_user_authorization_pac_opaque(). |
|
633 EAP_FUNC_IMPORT eap_status_e save_user_authorization_pac_opaque(const tls_extension_c * const extension); |
|
634 |
|
635 // This is commented in tls_base_record_c::query_tunnel_PAC(). |
|
636 EAP_FUNC_IMPORT eap_status_e query_tunnel_PAC( |
|
637 const eap_fast_variable_data_c * const in_A_ID_TLV); |
|
638 |
|
639 // This is commented in tls_base_record_c::cancel_query_tunnel_PAC(). |
|
640 EAP_FUNC_IMPORT eap_status_e cancel_query_tunnel_PAC(); |
|
641 |
|
642 EAP_FUNC_IMPORT eap_status_e complete_query_ttls_pap_username_and_password( |
|
643 const eap_variable_data_c * const ttls_pap_username, |
|
644 const eap_variable_data_c * const ttls_pap_password, |
|
645 const eap_status_e query_result); |
|
646 |
|
647 EAP_FUNC_IMPORT eap_status_e complete_verify_ttls_pap_username_and_password( |
|
648 const eap_status_e authentication_result, |
|
649 const eap_variable_data_c * const ttls_pap_reply_message); |
|
650 |
|
651 /** |
|
652 * This function is called when TLS-Alert message is received. |
|
653 * Adaptation module could record this event. |
|
654 */ |
|
655 EAP_FUNC_IMPORT eap_status_e alert_received( |
|
656 const tls_alert_level_e alert_level, |
|
657 const tls_alert_description_e alert_description); |
|
658 |
|
659 //-------------------------------------------------- |
|
660 }; // class tls_application_eap_core_c |
|
661 |
|
662 #endif //#if !defined(_TLS_APPLICATION_EAP_CORE_H_) |
|
663 |
|
664 //-------------------------------------------------- |
|
665 |
|
666 |
|
667 |
|
668 // End. |