|
1 /* |
|
2 * Copyright (c) 2001-2006 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of the License "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: EAP and WLAN authentication protocols. |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 |
|
20 |
|
21 #if !defined(_TLS_PEAP_TYPES_H_) |
|
22 #define _TLS_PEAP_TYPES_H_ |
|
23 |
|
24 #include "eap_buffer.h" |
|
25 #include "eap_tools.h" |
|
26 #include "eap_am_tools.h" |
|
27 #include "eap_type_all_types.h" |
|
28 #include "eap_configuration_field.h" |
|
29 |
|
30 #if defined(USE_FAST_EAP_TYPE) |
|
31 #include "eap_fast_types.h" |
|
32 #endif //#if defined(USE_FAST_EAP_TYPE) |
|
33 |
|
34 |
|
35 /** @file tls_peap_types.h |
|
36 * @brief This file defines the constants of the TLS and PEAP. |
|
37 */ |
|
38 |
|
39 //-------------------------------------------------- |
|
40 |
|
41 /// Macro traces payload type and data. |
|
42 #define EAP_TLS_PEAP_TRACE_PAYLOAD(prefix, payload, is_client) \ |
|
43 { \ |
|
44 EAP_TRACE_DEBUG( \ |
|
45 m_am_tools, TRACE_FLAGS_DEFAULT|TRACE_TEST_VECTORS, \ |
|
46 (EAPL("- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \n"))); \ |
|
47 EAP_TRACE_DEBUG( \ |
|
48 m_am_tools, \ |
|
49 TRACE_FLAGS_DEFAULT|TRACE_TEST_VECTORS, \ |
|
50 (EAPL("- %s (0x%08x): %s, current payload 0x%04x=%s, data length 0x%04x.\n"), \ |
|
51 prefix, (payload), (is_client == true ? "client": "server"), (payload)->get_flag_tlv_type(), \ |
|
52 (payload)->get_tlv_type_string(), (payload)->get_data_length())); \ |
|
53 EAP_TRACE_DATA_DEBUG( \ |
|
54 m_am_tools, \ |
|
55 TRACE_FLAGS_DEFAULT|TRACE_TEST_VECTORS, \ |
|
56 (EAPL("- payload"), \ |
|
57 (payload)->get_header_buffer( \ |
|
58 (payload)->get_header_length()+(payload)->get_data_length()), \ |
|
59 (payload)->get_header_length()+(payload)->get_data_length())); \ |
|
60 EAP_TRACE_DEBUG( \ |
|
61 m_am_tools, TRACE_FLAGS_DEFAULT|TRACE_TEST_VECTORS, \ |
|
62 (EAPL("- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \n"))); \ |
|
63 } |
|
64 |
|
65 #define EAP_TLS_PEAP_TRACE_TTLS_PAYLOAD(prefix, payload, is_client) \ |
|
66 { \ |
|
67 EAP_TRACE_DEBUG( \ |
|
68 m_am_tools, TRACE_FLAGS_DEFAULT|TRACE_TEST_VECTORS, \ |
|
69 (EAPL("- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \n"))); \ |
|
70 EAP_TRACE_DEBUG( \ |
|
71 m_am_tools, \ |
|
72 TRACE_FLAGS_DEFAULT|TRACE_TEST_VECTORS, \ |
|
73 (EAPL("- %s (0x%08x): %s, current payload 0x%08x:0x%08x=%s, data length 0x%04x.\n"), \ |
|
74 prefix, (payload), (is_client == true ? "client": "server"), (payload)->get_avp_code().get_vendor_id(), \ |
|
75 (payload)->get_avp_code().get_vendor_code(), \ |
|
76 (payload)->get_avp_code_string(), (payload)->get_data_length())); \ |
|
77 EAP_TRACE_DATA_DEBUG( \ |
|
78 m_am_tools, \ |
|
79 TRACE_FLAGS_DEFAULT|TRACE_TEST_VECTORS, \ |
|
80 (EAPL("- payload"), \ |
|
81 (payload)->get_header_buffer( \ |
|
82 (payload)->get_header_length()+(payload)->get_data_length()), \ |
|
83 (payload)->get_header_length()+(payload)->get_data_length())); \ |
|
84 EAP_TRACE_DEBUG( \ |
|
85 m_am_tools, TRACE_FLAGS_DEFAULT|TRACE_TEST_VECTORS, \ |
|
86 (EAPL("- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \n"))); \ |
|
87 } |
|
88 |
|
89 //-------------------------------------------------- |
|
90 |
|
91 /** |
|
92 * This is the size of the local send buffer. |
|
93 */ |
|
94 const u32_t TLS_PEAP_LOCAL_PACKET_BUFFER_LENGTH = EAP_MAX_LOCAL_PACKET_BUFFER_LENGTH; |
|
95 |
|
96 /** |
|
97 * This is the default size of the TLS-record buffer. |
|
98 */ |
|
99 const u32_t TLS_PEAP_DEFAULT_RECORD_LENGTH = 4096ul; |
|
100 |
|
101 /** |
|
102 * This is the maximum size of the TLS-record fragment. |
|
103 */ |
|
104 const u32_t TLS_PEAP_MAX_RECORD_FRAGMENT_LENGTH = (2ul << 13); // 2^14 bytes = 16384 bytes. |
|
105 |
|
106 /** |
|
107 * This is the maximum size of the TLS-handshake message. |
|
108 */ |
|
109 const u32_t TLS_PEAP_MAX_HANDSHAKE_DATA_LENGTH = (2ul << 23) - 1ul; // (2^24 - 1) bytes = 16777215 bytes. |
|
110 |
|
111 /** |
|
112 * This is the default trace mask for TLS and PEAP. |
|
113 */ |
|
114 const u32_t TRACE_FLAGS_TLS_PEAP_ERROR = eap_am_tools_c::eap_trace_mask_error; |
|
115 |
|
116 |
|
117 /** |
|
118 * This is the size of the TLS-hello random. |
|
119 */ |
|
120 const u32_t TLS_HANDSHAKE_RANDOM_VALUE_SIZE = 32ul; |
|
121 |
|
122 /** |
|
123 * This is the size of the TLS-session ID. |
|
124 */ |
|
125 const u32_t TLS_SESSION_ID_SIZE = 32ul; |
|
126 |
|
127 /** |
|
128 * This is the size of the TLS-premaster secret. |
|
129 */ |
|
130 const u32_t TLS_PREMASTER_SECRET_SIZE = 48ul; |
|
131 |
|
132 /** |
|
133 * This is the size of the TLS-master secret. |
|
134 */ |
|
135 const u32_t TLS_MASTER_SECRET_SIZE = 48ul; |
|
136 |
|
137 |
|
138 enum tls_peap_protocol_field_size_e |
|
139 { |
|
140 TLS_ALERT_DESCRIPTION_FIELD_SIZE = sizeof(u8_t), |
|
141 TLS_ALERT_LEVEL_FIELD_SIZE = sizeof(u8_t), |
|
142 TLS_CERTIFICATE_AUTHORITIES_LENGTH_FIELD_SIZE = sizeof(u16_t), |
|
143 TLS_CERTIFICATE_LENGTH_FIELD_SIZE = 3UL*sizeof(u8_t), |
|
144 TLS_CERTIFICATE_TYPE_FIELD_SIZE = sizeof(u8_t), |
|
145 TLS_CERTIFICATE_TYPE_LENGTH_FIELD_SIZE = sizeof(u8_t), |
|
146 TLS_CHANGE_CIPHER_SPEC_FIELD_SIZE = sizeof(u8_t), |
|
147 TLS_CIPHER_SUITE_FIELD_SIZE = sizeof(u16_t), |
|
148 TLS_CIPHER_SUITE_LENGTH_FIELD_SIZE = sizeof(u16_t), |
|
149 TLS_COMPRESSION_FIELD_SIZE = sizeof(u8_t), |
|
150 TLS_COMPRESSION_LENGTH_FIELD_SIZE = sizeof(u8_t), |
|
151 TLS_COMPRESSION_METHOD_FIELD_SIZE = sizeof(u8_t), |
|
152 TLS_EXTENSIONS_LENGTH_FIELD_SIZE = sizeof(u16_t), |
|
153 TLS_EXTENSION_TYPE_FIELD_SIZE = sizeof(u16_t), |
|
154 TLS_EXTENSION_DATA_LENGTH_FIELD_SIZE = sizeof(u16_t), |
|
155 TLS_DHE_GROUP_GENERATOR_LENGTH_FIELD_SIZE = sizeof(u16_t), |
|
156 TLS_DHE_PRIME_LENGTH_FIELD_SIZE = sizeof(u16_t), |
|
157 TLS_ENCRYPTED_PREMASTER_SECRET_LENGTH_FIELD_SIZE = sizeof(u16_t), |
|
158 TLS_PADDINF_LENGTH_FIELD_SIZE = sizeof(u8_t), |
|
159 TLS_PUBLIC_DHE_KEY_LENGTH_FIELD_SIZE = sizeof(u16_t), |
|
160 TLS_PUBLIC_DHE_KEY_LENGTH_LENGTH_FIELD_SIZE = sizeof(u16_t), |
|
161 TLS_DSS_SHA1_SIGNATURE_LENGTH_FIELD_SIZE = sizeof(u16_t), |
|
162 TLS_SESSION_ID_LENGTH_FIELD_SIZE = sizeof(u8_t), |
|
163 TLS_SIGNATURE_LENGTH_FIELD_SIZE = sizeof(u16_t), |
|
164 TLS_VERSION_FIELD_SIZE = sizeof(u16_t), |
|
165 TLS_SESSION_TICKET_LIFETIME_HINT_FIELD_SIZE = sizeof(u32_t), |
|
166 }; |
|
167 |
|
168 |
|
169 /** |
|
170 * This is the label of the TLS-premaster secret. |
|
171 * See Chapter "8.1. Computing the master secret" in <a href="../../type/tls_peap/documentation/rfc2246.txt">RFC 2246</a>. |
|
172 */ |
|
173 const u8_t TLS_MASTER_SECRET_LABEL[] = "master secret"; |
|
174 |
|
175 /** |
|
176 * This is the length of the label of the TLS-premaster secret. |
|
177 */ |
|
178 const u32_t TLS_MASTER_SECRET_LABEL_LENGTH = sizeof(TLS_MASTER_SECRET_LABEL)-1ul; |
|
179 |
|
180 |
|
181 /** |
|
182 * This is the label of the TLS-client finished message. |
|
183 * See Chapter "7.4.9. Finished" in <a href="../../type/tls_peap/documentation/rfc2246.txt">RFC 2246</a>. |
|
184 */ |
|
185 const u8_t TLS_CLIENT_FINISHED_LABEL[] = "client finished"; |
|
186 |
|
187 /** |
|
188 * This is the length of the label of the TLS-client finished message. |
|
189 */ |
|
190 const u32_t TLS_CLIENT_FINISHED_LABEL_LENGTH = sizeof(TLS_CLIENT_FINISHED_LABEL)-1ul; |
|
191 |
|
192 /** |
|
193 * This is the label of the TLS-server finished message. |
|
194 * See Chapter "7.4.9. Finished" in <a href="../../type/tls_peap/documentation/rfc2246.txt">RFC 2246</a>. |
|
195 */ |
|
196 const u8_t TLS_SERVER_FINISHED_LABEL[] = "server finished"; |
|
197 |
|
198 /** |
|
199 * This is the length of the label of the TLS-server finished message. |
|
200 */ |
|
201 const u32_t TLS_SERVER_FINISHED_LABEL_LENGTH = sizeof(TLS_SERVER_FINISHED_LABEL)-1ul; |
|
202 |
|
203 /** |
|
204 * This is the length of the data of the TLS-finished message. |
|
205 */ |
|
206 const u32_t TLS_FINISHED_DATA_SIZE = 12ul; |
|
207 |
|
208 |
|
209 /** |
|
210 * This is the label of the TLS-key expansion function. |
|
211 * See Chapter "6.3. Key calculation" in <a href="../../type/tls_peap/documentation/rfc2246.txt">RFC 2246</a>. |
|
212 */ |
|
213 const u8_t TLS_PEAP_KEY_EXPANSION_LABEL[] = "key expansion"; |
|
214 |
|
215 /** |
|
216 * This is the length of the label of the TLS-key expansion function. |
|
217 */ |
|
218 const u32_t TLS_PEAP_KEY_EXPANSION_LABEL_LENGTH = sizeof(TLS_PEAP_KEY_EXPANSION_LABEL)-1ul; |
|
219 |
|
220 |
|
221 /** |
|
222 * This is the label of the TTLS-key expansion function. |
|
223 * See Chapter "7. Generating Keying Material" in <a href="../../type/tls_peap/documentation/draft-funk-eap-ttls-v0-00.txt">EAP-TTLSv0</a>. |
|
224 */ |
|
225 const u8_t EAP_TTLS_KEY_EXPANSION_LABEL[] = "ttls keying material"; |
|
226 |
|
227 /** |
|
228 * This is the length of the label of the TTLS-key expansion function. |
|
229 */ |
|
230 const u32_t EAP_TTLS_KEY_EXPANSION_LABEL_LENGTH = sizeof(EAP_TTLS_KEY_EXPANSION_LABEL)-1ul; |
|
231 |
|
232 |
|
233 /** |
|
234 * This is the label of the TTLS implicit challenge function. |
|
235 * See Chapter "10.1 Implicit challenge" in <a href="../../type/tls_peap/documentation/draft-funk-eap-ttls-v0-00.txt">EAP-TTLSv0</a>. |
|
236 */ |
|
237 const u8_t EAP_TTLS_IMPLICIT_CHALLENGE_LABEL[] = "ttls challenge"; |
|
238 |
|
239 /** |
|
240 * This is the length of the label of the TTLS implicit challenge function. |
|
241 */ |
|
242 const u32_t EAP_TTLS_IMPLICIT_CHALLENGE_LABEL_LENGTH = sizeof(EAP_TTLS_IMPLICIT_CHALLENGE_LABEL)-1ul; |
|
243 |
|
244 |
|
245 |
|
246 const u8_t EAP_TLS_PEAP_CLIENT_ENCRYPTION_LABEL_V1_DRAFT_5[] = "client PEAP encryption"; |
|
247 |
|
248 const u32_t EAP_TLS_PEAP_CLIENT_ENCRYPTION_LABEL_V1_DRAFT_5_LENGTH = sizeof(EAP_TLS_PEAP_CLIENT_ENCRYPTION_LABEL_V1_DRAFT_5)-1ul; |
|
249 |
|
250 |
|
251 const u8_t EAP_TLS_PEAP_CLIENT_ENCRYPTION_LABEL[] = "client EAP encryption"; |
|
252 |
|
253 const u32_t EAP_TLS_PEAP_CLIENT_ENCRYPTION_LABEL_LENGTH = sizeof(EAP_TLS_PEAP_CLIENT_ENCRYPTION_LABEL)-1ul; |
|
254 |
|
255 const u32_t EAP_TLS_PEAP_MSK_SIZE = 64ul; |
|
256 const u32_t EAP_TLS_PEAP_EMSK_SIZE = 64ul; |
|
257 const u32_t EAP_TLS_PEAP_MASTER_SESSION_KEY_SIZE = EAP_TLS_PEAP_MSK_SIZE + EAP_TLS_PEAP_EMSK_SIZE; |
|
258 |
|
259 |
|
260 /** |
|
261 * This is the label of the PEAPv2 Intermediate Combined Key. |
|
262 * See Chapter "2.5. Key derivation" in <a href="../../type/tls_peap/documentation/draft-josefsson-pppext-eap-tls-eap-07.txt">PEAPv2 draft 07</a>. |
|
263 */ |
|
264 const u8_t TLS_INTERMEDIATE_COMBINED_KEY_LABEL[] = "Intermediate PEAP MAC key"; |
|
265 |
|
266 /** |
|
267 * This is the length of the label of the PEAPv2 Intermediate Combined Key. |
|
268 */ |
|
269 const u32_t TLS_INTERMEDIATE_COMBINED_KEY_LABEL_LENGTH = sizeof(TLS_INTERMEDIATE_COMBINED_KEY_LABEL)-1ul; |
|
270 |
|
271 |
|
272 /** |
|
273 * This is the label of the PEAPv2 Compound Server MAC Key. |
|
274 * See Chapter "2.5. Key derivation" in <a href="../../type/tls_peap/documentation/draft-josefsson-pppext-eap-tls-eap-07.txt">PEAPv2 draft 07</a>. |
|
275 */ |
|
276 const u8_t TLS_INTERMEDIATE_COMPOUND_SERVER_MAC_KEY_LABEL[] = "PEAP Server B1 MAC key"; |
|
277 |
|
278 /** |
|
279 * This is the length of the label of the PEAPv2 Compound Server MAC Key. |
|
280 */ |
|
281 const u32_t TLS_INTERMEDIATE_COMPOUND_SERVER_MAC_KEY_LABEL_LENGTH = sizeof(TLS_INTERMEDIATE_COMPOUND_SERVER_MAC_KEY_LABEL)-1ul; |
|
282 |
|
283 |
|
284 /** |
|
285 * This is the label of the PEAPv2 Compound Client MAC Key. |
|
286 * See Chapter "2.5. Key derivation" in <a href="../../type/tls_peap/documentation/draft-josefsson-pppext-eap-tls-eap-07.txt">PEAPv2 draft 07</a>. |
|
287 */ |
|
288 const u8_t TLS_INTERMEDIATE_COMPOUND_CLIENT_MAC_KEY_LABEL[] = "PEAP Client B2 MAC key"; |
|
289 |
|
290 /** |
|
291 * This is the length of the label of the PEAPv2 Compound Client MAC Key. |
|
292 */ |
|
293 const u32_t TLS_INTERMEDIATE_COMPOUND_CLIENT_MAC_KEY_LABEL_LENGTH = sizeof(TLS_INTERMEDIATE_COMPOUND_CLIENT_MAC_KEY_LABEL)-1ul; |
|
294 |
|
295 |
|
296 /** |
|
297 * This is the label of the PEAPv2 Compound Session Key. |
|
298 * See Chapter "2.5. Key derivation" in <a href="../../type/tls_peap/documentation/draft-josefsson-pppext-eap-tls-eap-07.txt">PEAPv2 draft 07</a>. |
|
299 */ |
|
300 const u8_t TLS_INTERMEDIATE_COMPOUND_SESSION_KEY_LABEL[] = "PEAP compound session key"; |
|
301 |
|
302 /** |
|
303 * This is the length of the label of the PEAPv2 Compound Session Key. |
|
304 */ |
|
305 const u32_t TLS_INTERMEDIATE_COMPOUND_SESSION_KEY_LABEL_LENGTH = sizeof(TLS_INTERMEDIATE_COMPOUND_SESSION_KEY_LABEL)-1ul; |
|
306 |
|
307 |
|
308 /** |
|
309 * This is the length of the RC4 key used in TLS. |
|
310 */ |
|
311 const u32_t TLS_RC4_128_KEY_LENGTH = 16ul; |
|
312 |
|
313 /** |
|
314 * This is the length of the RC4 initialization vector used in TLS. |
|
315 */ |
|
316 const u32_t TLS_RC4_128_IV_LENGTH = 0ul; |
|
317 |
|
318 |
|
319 /** |
|
320 * The supported TLS-cipher suites are defined here. |
|
321 */ |
|
322 enum tls_cipher_suites_e |
|
323 { |
|
324 tls_cipher_suites_TLS_NULL_WITH_NULL_NULL = (0x0000), ///< No key exchange, no encryption and no authentication. |
|
325 tls_cipher_suites_TLS_RSA_WITH_RC4_128_MD5 = (0x0004), ///< RSA key exchange, RC4_128 encryption and MD5 authentication. NOTE this is included only because PEAP requires this cipher suite as a mandatory. Think carefully whether this meets your security requirements. |
|
326 tls_cipher_suites_TLS_RSA_WITH_RC4_128_SHA = (0x0005), ///< RSA key exchange, RC4_128 encryption and SHA1 authentication. NOTE this is included only because PEAP requires this cipher suite as a mandatory. Think carefully whether this meets your security requirements. |
|
327 tls_cipher_suites_TLS_RSA_WITH_3DES_EDE_CBC_SHA = (0x000a), ///< RSA key exchange, 3DES-EDE-CBC encryption and SHA1 authentication. |
|
328 // not supported: tls_cipher_suites_TLS_RSA_WITH_DES_CBC_SHA = (0x0009), |
|
329 tls_cipher_suites_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = (0x0016), ///< Diffie-Helmann RSA key exchange, 3DES-EDE-CBC encryption and SHA1 authentication. |
|
330 // not supported: tls_cipher_suites_TLS_RSA_EXPORT1024_WITH_RC4_56_SHA = (0x0064), |
|
331 // not supported: tls_cipher_suites_TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA = (0x0062), |
|
332 // not supported: tls_cipher_suites_TLS_RSA_EXPORT_WITH_RC4_40_MD5 = (0x0003), |
|
333 // not supported: tls_cipher_suites_TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = (0x0006), |
|
334 tls_cipher_suites_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = (0x0013), ///< Diffie-Helmann DSS key exchange, 3DES-EDE-CBC encryption and SHA1 authentication. |
|
335 // not supported: tls_cipher_suites_TLS_DHE_DSS_WITH_DES_CBC_SHA = (0x0012), |
|
336 // not supported: tls_cipher_suites_TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA = (0x0063), |
|
337 tls_cipher_suites_TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F, ///< RSA key exchange, AES-128 encryption and SHA1 authentication. |
|
338 // not supported: tls_cipher_suites_TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030, |
|
339 // not supported: tls_cipher_suites_TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031, |
|
340 tls_cipher_suites_TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032, ///< Diffie-Helmann DSS key exchange, AES-128-CBC encryption and SHA1 authentication. |
|
341 tls_cipher_suites_TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033, ///< Diffie-Helmann RSA key exchange, AES-128-CBC encryption and SHA1 authentication. |
|
342 #if defined(USE_FAST_EAP_TYPE) |
|
343 tls_cipher_suites_TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x0034, ///< Diffie-Helmann anonymous key exchange, AES-128-CBC encryption and SHA1 authentication. |
|
344 #endif //#if defined(USE_FAST_EAP_TYPE) |
|
345 // not supported: tls_cipher_suites_TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x0034, |
|
346 |
|
347 tls_cipher_suites_none = (0xffff), ///< Internally used initialization value. This means no cipher suite is selected. |
|
348 }; |
|
349 |
|
350 |
|
351 /** |
|
352 * The supported certificate types are defined here. |
|
353 */ |
|
354 enum tls_certificate_type_e |
|
355 { |
|
356 tls_certificate_type_rsa_sign = (1), ///< RSA |
|
357 tls_certificate_type_dss_sign = (2), ///< DSS |
|
358 // not supported: tls_certificate_type_rsa_fixed_dh = (3), |
|
359 // not supported: tls_certificate_type_dss_fixed_dh = (4), |
|
360 tls_certificate_type_none = (255), ///< Internally used value. |
|
361 }; |
|
362 |
|
363 |
|
364 /** |
|
365 * The supported compression methods are defined here. |
|
366 */ |
|
367 enum tls_compression_method_e |
|
368 { |
|
369 tls_compression_method_null = (0), ///< No compression. |
|
370 tls_compression_method_none = (255), ///< Internally used value. |
|
371 }; |
|
372 |
|
373 |
|
374 /** |
|
375 * These are the internal TLS-states. |
|
376 */ |
|
377 enum tls_peap_state_e |
|
378 { |
|
379 tls_peap_state_none, ///< Initialization value. |
|
380 tls_peap_state_wait_tls_start, ///< Waits start of TLS. |
|
381 tls_peap_state_wait_handshake_type_client_hello, ///< Waits TLS-handshake ClientHello. |
|
382 tls_peap_state_wait_handshake_type_server_hello, ///< Waits TLS-handshake ServerHello. |
|
383 tls_peap_state_wait_handshake_type_certificate, ///< Waits TLS-handshake Certificate. |
|
384 tls_peap_state_wait_handshake_type_server_key_exchange, ///< Waits TLS-handshake ServerKeyExchange. |
|
385 tls_peap_state_wait_handshake_type_certificate_request_or_server_hello_done, ///< Waits TLS-handshake CertificateRequest. |
|
386 tls_peap_state_wait_handshake_type_server_hello_done, ///< Waits TLS-handshake ServerHelloDone. |
|
387 tls_peap_state_wait_handshake_type_client_key_exchange, ///< Waits TLS-handshake ClientKeyExchange. |
|
388 tls_peap_state_wait_handshake_type_certificate_verify, ///< Waits TLS-handshake CertificateVerify. |
|
389 tls_peap_state_wait_handshake_type_finished, ///< Waits TLS-handshake Finished. |
|
390 #if defined(USE_EAP_TLS_SESSION_TICKET) |
|
391 tls_peap_state_wait_handshake_type_new_session_ticket, ///< Waits TLS-handshake NewSessionTicket. |
|
392 #endif // #if defined(USE_EAP_TLS_SESSION_TICKET) |
|
393 tls_peap_state_wait_change_cipher_spec, ///< Waits TLS-ChangeCipherSpec |
|
394 tls_peap_state_peap_tunnel_ready, ///< PEAP tunnel ready. |
|
395 tls_peap_state_full_authentication, ///< Full TLS/PEAP authentication is running. |
|
396 tls_peap_state_original_session_resumption, ///< Saved TLS/PEAP original session is being resumed. |
|
397 #if defined(USE_EAP_TLS_SESSION_TICKET) |
|
398 tls_peap_state_stateless_session_resumption, ///< Saved stateless TLS/PEAP session is being resumed, see RFC 4507. |
|
399 #endif // #if defined(USE_EAP_TLS_SESSION_TICKET) |
|
400 tls_peap_state_tppd_peapv1_waits_eap_success_or_tunneled_packet, ///< PEAPv1 waits EAP-Success or tunneled packet. |
|
401 #if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
402 tls_peap_state_client_send_ttls_plain_ms_chap_v2_empty_ack, |
|
403 tls_peap_state_server_waits_ttls_plain_ms_chap_v2_empty_ack, |
|
404 #endif //#if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) |
|
405 tls_peap_state_wait_tunneled_authentication_start, ///< Server waits the lower layer start tunneled authentication. |
|
406 tls_peap_state_wait_application_data, ///< Waits TLS-ApplicationData, this will include the tunneled EAP-type. |
|
407 tls_peap_state_process_pending_tls_completions, ///< This is state process the pending completions. |
|
408 tls_peap_state_pending_tls_messages_processed, ///< This is indication to lower layer that pending TLS-messages are processed, new messages could be accepted. |
|
409 tls_peap_state_tls_success, ///< TLS authentication success. |
|
410 tls_peap_state_failure, ///< Authentication failure. |
|
411 tls_peap_state_peap_tunnel_ready_wait_request, ///< Tunnel ready waits new request. |
|
412 }; |
|
413 |
|
414 enum tls_identity_privacy_handshake_state_e |
|
415 { |
|
416 tls_identity_privacy_handshake_state_none, |
|
417 tls_identity_privacy_handshake_state_negotiates, |
|
418 tls_identity_privacy_handshake_state_runs, |
|
419 }; |
|
420 |
|
421 /** |
|
422 * This enumeration tells which authentication mode is used. |
|
423 */ |
|
424 enum tls_session_type_e |
|
425 { |
|
426 tls_session_type_none, ///< Initial value. |
|
427 tls_session_type_full_authentication, ///< Full authentication is performed. |
|
428 tls_session_type_original_session_resumption, ///< Session is being resumed. |
|
429 tls_session_type_stateless_session_resumption, ///< Stateless session is being resumed, see RFC 4507. |
|
430 #if defined(USE_FAST_EAP_TYPE) |
|
431 tls_session_type_eap_fast_pac_session_resumption, ///< EAP-FAST stateless session using PAC is being resumed, see RFC 4851. |
|
432 tls_session_type_eap_fast_server_unauthenticated_provisioning_mode_ADHP, ///< EAP-FAST server unauthenticated provisioning mode (ADHP), see draft-cam-winget-eap-fast-provisioning-**. |
|
433 #endif //#if defined(USE_FAST_EAP_TYPE) |
|
434 }; |
|
435 |
|
436 /** |
|
437 * This enumeration separates the different PEAP versions. |
|
438 */ |
|
439 enum peap_version_e |
|
440 { |
|
441 peap_version_0_xp = 0x00, ///< This version is specified in <a href="../../type/tls_peap/documentation/draft-kamath-pppext-peapv0-00.txt">draft-kamath-pppext-peapv0-00.txt</a>. |
|
442 peap_version_1 = 0x01, ///< This version is specified in <a href="../../type/tls_peap/documentation/draft-josefsson-pppext-eap-tls-eap-05.txt">draft-josefsson-pppext-eap-tls-eap-05.txt</a>. |
|
443 peap_version_2 = 0x02, ///< This version is specified in <a href="../../type/tls_peap/documentation/draft-josefsson-pppext-eap-tls-eap-07.txt">draft-josefsson-pppext-eap-tls-eap-07.txt</a>. This is not implemented yet. |
|
444 peap_version_none = 0xff, |
|
445 }; |
|
446 |
|
447 enum eap_ttls_tunneled_message_type_e |
|
448 { |
|
449 eap_ttls_tunneled_message_type_none, |
|
450 eap_ttls_tunneled_message_type_eap, ///< Client and server handles these messages. |
|
451 eap_ttls_tunneled_message_type_ms_chapv2_response, ///< Client sends and server handles these messages. |
|
452 eap_ttls_tunneled_message_type_ms_chapv2_change_password, ///< Client sends and server handles these messages. |
|
453 eap_ttls_tunneled_message_type_ms_chapv2_success, ///< Server sends and client handles these messages. |
|
454 eap_ttls_tunneled_message_type_ms_chapv2_error, ///< Server sends and client handles these messages. |
|
455 eap_ttls_tunneled_message_type_pap_response, ///< Client sends and server handles these messages. |
|
456 eap_ttls_tunneled_message_type_pap_reply_message, ///< Server sends and client handles these messages. |
|
457 }; |
|
458 |
|
459 enum eap_ttls_tunneled_message_state_e |
|
460 { |
|
461 eap_ttls_tunneled_message_state_none, |
|
462 eap_ttls_tunneled_message_state_process_identity_response, |
|
463 eap_ttls_tunneled_message_state_process_response, |
|
464 eap_ttls_tunneled_message_state_process_change_password_response, |
|
465 eap_ttls_tunneled_message_state_process_identity_request, |
|
466 eap_ttls_tunneled_message_state_process_identity_request_pending, |
|
467 eap_ttls_tunneled_message_state_process_challenge_request, |
|
468 eap_ttls_tunneled_message_state_process_success_request, |
|
469 eap_ttls_tunneled_message_state_complete_success_request, |
|
470 eap_ttls_tunneled_message_state_process_error_request, |
|
471 eap_ttls_tunneled_message_state_complete_error_request, |
|
472 }; |
|
473 |
|
474 |
|
475 const u32_t EAP_TTLS_MS_CHAPV2_IMPLICIT_CHALLENGE_OFFSET = 0ul; |
|
476 const u32_t EAP_TTLS_MS_CHAPV2_IMPLICIT_CHALLENGE_LENGTH = 16ul; |
|
477 |
|
478 const u32_t EAP_TTLS_MS_CHAPV2_IMPLICIT_CHALLENGE_IDENT_OFFSET = EAP_TTLS_MS_CHAPV2_IMPLICIT_CHALLENGE_LENGTH; |
|
479 const u32_t EAP_TTLS_MS_CHAPV2_IMPLICIT_CHALLENGE_IDENT_LENGTH = 1ul; |
|
480 |
|
481 const u32_t EAP_TTLS_MS_CHAPV2_IMPLICIT_CHALLENGE_FULL_LENGTH |
|
482 = EAP_TTLS_MS_CHAPV2_IMPLICIT_CHALLENGE_LENGTH |
|
483 + EAP_TTLS_MS_CHAPV2_IMPLICIT_CHALLENGE_IDENT_LENGTH; |
|
484 |
|
485 |
|
486 //-------------------------------------------------------------------- |
|
487 |
|
488 enum tls_alert_level_e |
|
489 { |
|
490 tls_alert_level_warning = (1), ///< if an alert with a level of warning is received, |
|
491 ///< the receiving party may decide at its discretion whether to treat this as |
|
492 ///< a fatal error or not. |
|
493 tls_alert_level_fatal = (2), ///< Alert messages with a level of fatal result |
|
494 ///< in the immediate termination of the connection. In this case, other |
|
495 ///< connections corresponding to the session may continue, but the |
|
496 ///< session identifier must be invalidated, preventing the failed session |
|
497 ///< from being used to establish new connections. |
|
498 ///< All messages which are transmitted |
|
499 ///< with a level of fatal must be treated as fatal messages. |
|
500 tls_alert_level_none = (255) |
|
501 }; |
|
502 |
|
503 enum tls_alert_description_e |
|
504 { |
|
505 tls_alert_description_close_notify = (0), ///< This message notifies the recipient that the sender will not send |
|
506 ///< any more messages on this connection. The session becomes |
|
507 ///< unresumable if any connection is terminated without proper |
|
508 ///< close_notify messages with level equal to warning. |
|
509 |
|
510 tls_alert_description_unexpected_message = (10), ///< This message is always fatal. An inappropriate message was received. |
|
511 ///< and should never be observed in communication between proper |
|
512 ///< implementations. |
|
513 |
|
514 tls_alert_description_bad_record_mac = (20), ///< This message is always fatal. |
|
515 ///<This alert is returned if a record is received with an incorrect MAC. |
|
516 |
|
517 tls_alert_description_decryption_failed = (21), ///< This message is always fatal. |
|
518 ///< A TLSCiphertext decrypted in an invalid way: either it wasn`t an |
|
519 ///< even multiple of the block length or its padding values, when |
|
520 ///< checked, weren`t correct. |
|
521 |
|
522 tls_alert_description_record_overflow = (22), ///< This message is always fatal. |
|
523 ///< A TLSCiphertext record was received which had a length more than |
|
524 ///< 2^14+2048 bytes, or a record decrypted to a TLSCompressed record |
|
525 ///< with more than 2^14+1024 bytes. |
|
526 |
|
527 tls_alert_description_decompression_failure = (30), ///< This message is always fatal. |
|
528 ///< The decompression function received improper input (e.g. data |
|
529 ///< that would expand to excessive length). |
|
530 |
|
531 tls_alert_description_handshake_failure = (40), ///< This message is always fatal. |
|
532 ///< Reception of a handshake_failure alert message indicates that the |
|
533 ///< sender was unable to negotiate an acceptable set of security |
|
534 ///< parameters given the options available. |
|
535 |
|
536 tls_alert_description_bad_certificate = (42), ///< A certificate was corrupt, contained signatures that did not |
|
537 ///< verify correctly, etc. |
|
538 |
|
539 tls_alert_description_unsupported_certificate = (43), ///< A certificate was of an unsupported type. |
|
540 |
|
541 tls_alert_description_certificate_revoked = (44), ///< A certificate was revoked by its signer. |
|
542 |
|
543 tls_alert_description_certificate_expired = (45), ///< A certificate has expired or is not currently valid. |
|
544 |
|
545 tls_alert_description_certificate_unknown = (46), ///< Some other (unspecified) issue arose in processing the |
|
546 ///< certificate, rendering it unacceptable. |
|
547 |
|
548 tls_alert_description_illegal_parameter = (47), ///< This message is always fatal. |
|
549 ///< A field in the handshake was out of range or inconsistent with |
|
550 ///< other fields. This is always fatal. |
|
551 |
|
552 tls_alert_description_unknown_ca = (48), ///< This message is always fatal. |
|
553 ///< A valid certificate chain or partial chain was received, but the |
|
554 ///< certificate was not accepted because the CA certificate could not |
|
555 ///< be located or couldn`t be matched with a known, trusted CA. |
|
556 |
|
557 tls_alert_description_access_denied = (49), ///< This message is always fatal. |
|
558 ///< A valid certificate was received, but when access control was |
|
559 ///< applied, the sender decided not to proceed with negotiation. |
|
560 |
|
561 tls_alert_description_decode_error = (50), ///< This message is always fatal. |
|
562 ///< A message could not be decoded because some field was out of the |
|
563 ///< specified range or the length of the message was incorrect. This |
|
564 ///< message is always fatal. |
|
565 |
|
566 tls_alert_description_decrypt_error = (51), ///< A handshake cryptographic operation failed, including being |
|
567 ///< unable to correctly verify a signature, decrypt a key exchange, |
|
568 ///< or validate a finished message. |
|
569 |
|
570 tls_alert_description_export_restriction = (60), ///< This message is always fatal. |
|
571 ///< A negotiation not in compliance with export restrictions was |
|
572 ///< detected, for example, attempting to transfer a 1024 bit |
|
573 ///< ephemeral RSA key for the RSA_EXPORT handshake method. |
|
574 |
|
575 tls_alert_description_protocol_version = (70), ///< This message is always fatal. |
|
576 ///< The protocol version the client has attempted to negotiate is |
|
577 ///< recognized, but not supported. (For example, old protocol |
|
578 ///< versions might be avoided for security reasons). |
|
579 |
|
580 tls_alert_description_insufficient_security = (71), ///< This message is always fatal. |
|
581 ///< Returned instead of handshake_failure when a negotiation has |
|
582 ///< failed specifically because the server requires ciphers more |
|
583 ///< secure than those supported by the client. |
|
584 |
|
585 tls_alert_description_internal_error = (80), ///< This message is always fatal. |
|
586 ///< An internal error unrelated to the peer or the correctness of the |
|
587 ///< protocol makes it impossible to continue (such as a memory |
|
588 ///< allocation failure). |
|
589 |
|
590 tls_alert_description_user_canceled = (90), ///< This handshake is being canceled for some reason unrelated to a |
|
591 ///< protocol failure. If the user cancels an operation after the |
|
592 ///< handshake is complete, just closing the connection by sending a |
|
593 ///< close_notify is more appropriate. This alert should be followed |
|
594 ///< by a close_notify. This message is generally a warning. |
|
595 |
|
596 tls_alert_description_no_renegotiation = (100), ///< Sent by the client in response to a hello request or by the |
|
597 ///< server in response to a client hello after initial handshaking. |
|
598 ///< Either of these would normally lead to renegotiation, when that |
|
599 ///< is not appropriate, the recipient should respond with this alert, |
|
600 ///< at that point, the original requester can decide whether to |
|
601 ///< proceed with the connection. One case where this would be |
|
602 ///< appropriate would be where a server has spawned a process to |
|
603 ///< satisfy a request, the process might receive security parameters |
|
604 ///< (key length, authentication, etc.) at startup and it might be |
|
605 ///< difficult to communicate changes to these parameters after that |
|
606 ///< point. This message is always a warning. |
|
607 |
|
608 tls_alert_description_none = (255) ///< This value is used on initialization and where special alert description is not used. |
|
609 }; |
|
610 |
|
611 //---------------------------------------------------------------------------- |
|
612 |
|
613 /** |
|
614 * @defgroup TLS_PEAP_config_options Configuration options of TLS_PEAP. |
|
615 * The following configuration options are read through abs_eap_base_type_c::read_configure() function. |
|
616 * @{ |
|
617 */ |
|
618 |
|
619 /** |
|
620 * This is boolean configuration option. |
|
621 * True value means on TLS-messages are set to separate TLS-records. |
|
622 * False value means on TLS-messages are combined to same TLS-records if possible. |
|
623 * Default value is false. |
|
624 */ |
|
625 EAP_CONFIGURATION_FIELD( |
|
626 cf_str_TLS_use_separate_tls_record, |
|
627 "TLS_use_separate_tls_record", |
|
628 eap_configure_type_boolean, |
|
629 false); |
|
630 |
|
631 /** |
|
632 * This is boolean configuration option. |
|
633 * True value means on TLS-server offers new session ID to client. |
|
634 * False value means on TLS-server does not offer new session id to client. |
|
635 * Default value is true. |
|
636 */ |
|
637 EAP_CONFIGURATION_FIELD( |
|
638 cf_str_TLS_server_offers_new_session_id, |
|
639 "TLS_server_offers_new_session_id", |
|
640 eap_configure_type_boolean, |
|
641 false); |
|
642 |
|
643 /** |
|
644 * NOTE this is against the RFC 2246 The TLS Protocol Version 1.0. |
|
645 * Look at chapter 7.4.4. Certificate request. |
|
646 * This is implemented for IOP reason. |
|
647 * This is boolean configuration option. |
|
648 * True value means client accepts an empty certificate authority list. |
|
649 * False value means client does NOT accept an empty certificate authority list. |
|
650 * Default value is false. |
|
651 */ |
|
652 EAP_CONFIGURATION_FIELD( |
|
653 cf_str_TLS_client_allows_empty_certificate_authorities_list, |
|
654 "TLS_client_allows_empty_certificate_authorities_list", |
|
655 eap_configure_type_boolean, |
|
656 false); |
|
657 |
|
658 /** |
|
659 * NOTE this is against the RFC 2246 The TLS Protocol Version 1.0. |
|
660 * Look at chapter 7.4.4. Certificate request. |
|
661 * This is implemented for IOP reason. |
|
662 * This is boolean configuration option. |
|
663 * True value means server sends an empty certificate authority list. |
|
664 * False value means server does NOT send an empty certificate authority list. |
|
665 * Default value is false. |
|
666 */ |
|
667 EAP_CONFIGURATION_FIELD( |
|
668 cf_str_TLS_server_sends_empty_certificate_authorities_list, |
|
669 "TLS_server_sends_empty_certificate_authorities_list", |
|
670 eap_configure_type_boolean, |
|
671 false); |
|
672 |
|
673 /** |
|
674 * This is boolean configuration option. |
|
675 * True value means server initiates mutual authentication. |
|
676 * False value means server initiates server only authentication. |
|
677 * Default value is true. |
|
678 */ |
|
679 EAP_CONFIGURATION_FIELD( |
|
680 cf_str_TLS_server_authenticates_client, |
|
681 "TLS_server_authenticates_client", |
|
682 eap_configure_type_boolean, |
|
683 false); |
|
684 |
|
685 /** |
|
686 * This is boolean configuration option. |
|
687 * True value means the client requires mutual authentication. |
|
688 * False value means the client does NOT require mutual authentication, |
|
689 * instead client allows server only authentication. |
|
690 * Default value is true. |
|
691 */ |
|
692 EAP_CONFIGURATION_FIELD( |
|
693 cf_str_TLS_server_authenticates_client_policy_in_client, |
|
694 "TLS_server_authenticates_client_policy_in_client", |
|
695 eap_configure_type_boolean, |
|
696 false); |
|
697 |
|
698 /** |
|
699 * This is boolean configuration option. |
|
700 * True value means the server requires mutual authentication. |
|
701 * False value means the server does NOT require mutual authentication, |
|
702 * instead server allows server only authentication. |
|
703 * Default value is true. |
|
704 */ |
|
705 EAP_CONFIGURATION_FIELD( |
|
706 cf_str_TLS_server_authenticates_client_policy_in_server, |
|
707 "TLS_server_authenticates_client_policy_in_server", |
|
708 eap_configure_type_boolean, |
|
709 false); |
|
710 |
|
711 /** |
|
712 * This is u32_t or hex data configuration option. |
|
713 * THis is the tunneled EAP-type run inside PEAP. |
|
714 * Default value is eap_type_none. |
|
715 */ |
|
716 EAP_CONFIGURATION_FIELD( |
|
717 cf_str_PEAP_tunneled_eap_type_hex_data, |
|
718 "PEAP_tunneled_eap_type", |
|
719 eap_configure_type_hex_data, |
|
720 false); |
|
721 EAP_CONFIGURATION_FIELD( |
|
722 cf_str_PEAP_tunneled_eap_type_u32_t, |
|
723 "PEAP_tunneled_eap_type", |
|
724 eap_configure_type_u32_t, |
|
725 false); |
|
726 |
|
727 /** |
|
728 * This option defines default EAP-type of EAP-server inside the PEAP. |
|
729 * Reason for this is we could test EAP-Core in a case where |
|
730 * EAP-client and EAP-server have different default EAP-types inside the PEAP. |
|
731 * If this is not defined EAP-server uses PEAP_tunneled_eap_type option. |
|
732 * This is u32_t or hex data configuration option. |
|
733 * THis is the tunneled EAP-type run inside PEAP. |
|
734 * Default value is eap_type_none. |
|
735 */ |
|
736 EAP_CONFIGURATION_FIELD( |
|
737 cf_str_PEAP_server_tunneled_eap_type_hex_data, |
|
738 "PEAP_server_tunneled_eap_type", |
|
739 eap_configure_type_hex_data, |
|
740 false); |
|
741 EAP_CONFIGURATION_FIELD( |
|
742 cf_str_PEAP_server_tunneled_eap_type_u32_t, |
|
743 "PEAP_server_tunneled_eap_type", |
|
744 eap_configure_type_u32_t, |
|
745 false); |
|
746 |
|
747 /** @} */ // End of group TLS_PEAP_config_options. |
|
748 //-------------------------------------------------------------------- |
|
749 |
|
750 |
|
751 /// This class includes the debug strings of the tls_cipher_suites_e, tls_certificate_type_e and tls_compression_method_e. |
|
752 class EAP_EXPORT eap_tls_trace_string_c |
|
753 { |
|
754 public: |
|
755 |
|
756 EAP_FUNC_IMPORT virtual ~eap_tls_trace_string_c(); |
|
757 |
|
758 EAP_FUNC_IMPORT eap_tls_trace_string_c(); |
|
759 |
|
760 #if defined(USE_FAST_EAP_TYPE) |
|
761 /** |
|
762 * Function returns string of eap_fast_state_e. |
|
763 * @param state is the queried string. |
|
764 */ |
|
765 EAP_FUNC_IMPORT static eap_const_string get_eap_fast_state_string(const eap_fast_state_e state); |
|
766 #endif //#if defined(USE_FAST_EAP_TYPE) |
|
767 |
|
768 /** |
|
769 * Function returns string of tls_cipher_suites_e. |
|
770 * @param suite is the queried string. |
|
771 */ |
|
772 EAP_FUNC_IMPORT static eap_const_string get_cipher_suite_string(const tls_cipher_suites_e suite); |
|
773 |
|
774 /** |
|
775 * Function returns string of tls_certificate_type_e. |
|
776 * @param suite is the queried string. |
|
777 */ |
|
778 EAP_FUNC_IMPORT static eap_const_string get_certificate_type_string(const tls_certificate_type_e certificate_type); |
|
779 |
|
780 /** |
|
781 * Function returns string of tls_compression_method_e. |
|
782 * @param suite is the queried string. |
|
783 */ |
|
784 EAP_FUNC_IMPORT static eap_const_string get_compression_method_string(const tls_compression_method_e compression_method); |
|
785 |
|
786 /** |
|
787 * Function returns string of tls_peap_state_e. |
|
788 * @param state is the queried string. |
|
789 */ |
|
790 EAP_FUNC_IMPORT static eap_const_string get_state_string(const tls_peap_state_e state); |
|
791 |
|
792 /** |
|
793 * Function returns string of peap_version_e. |
|
794 * @param peap_version is the queried string. |
|
795 */ |
|
796 EAP_FUNC_IMPORT static eap_const_string get_peap_version_string(const peap_version_e peap_version); |
|
797 |
|
798 /** |
|
799 * Function returns string of tls_alert_level_e. |
|
800 * @param alert_level is the queried string. |
|
801 */ |
|
802 EAP_FUNC_IMPORT static eap_const_string get_alert_level_string(const tls_alert_level_e alert_level); |
|
803 |
|
804 /** |
|
805 * Function returns string of tls_alert_description_e. |
|
806 * @param alert_level is the queried string. |
|
807 */ |
|
808 EAP_FUNC_IMPORT static eap_const_string get_alert_description_string(const tls_alert_description_e alert_description); |
|
809 |
|
810 /** |
|
811 * Function returns string of tls_session_type_e. |
|
812 * @param tls_session_type is the queried string. |
|
813 */ |
|
814 EAP_FUNC_IMPORT static eap_const_string get_tls_session_type_string(const tls_session_type_e tls_session_type); |
|
815 |
|
816 /** |
|
817 * Function returns string of eap_ttls_tunneled_message_state_e. |
|
818 * @param ttls_state is the queried string. |
|
819 */ |
|
820 EAP_FUNC_IMPORT static eap_const_string get_ttls_state_string(const eap_ttls_tunneled_message_state_e ttls_state); |
|
821 |
|
822 /** |
|
823 * Function returns string of tls_identity_privacy_handshake_state_e. |
|
824 * @param ttls_state is the queried string. |
|
825 */ |
|
826 EAP_FUNC_IMPORT static eap_const_string get_tls_identity_privacy_handshake_state_string(const tls_identity_privacy_handshake_state_e privacy_state); |
|
827 }; |
|
828 |
|
829 |
|
830 //-------------------------------------------------- |
|
831 |
|
832 #endif //#if !defined(_TLS_PEAP_TYPES_H_) |
|
833 |
|
834 //-------------------------------------------------- |
|
835 |
|
836 |
|
837 |
|
838 // End. |