MCL/sf/mw/accesssec: comparison eapol/eapol_framework/eapol_common/type/tls_peap/tls/include/tls

equal deleted inserted replaced

--1:000000000000
+:c8830336c852
+/*
+* Copyright (c) 2001-2006 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of the License "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description:  EAP and WLAN authentication protocols.
+*
+*/
+#if !defined(_TLS_RECORD_H_)
+#define _TLS_RECORD_H_
+#include "abs_tls_am_services.h"
+#include "tls_base_record.h"
+#include "eap_array_algorithms.h"
+#include "tls_message.h"
+#include "tls_peap_types.h"
+#include "abs_tls_message_hash.h"
+#include "tls_completion.h"
+#include "abs_tls_change_cipher_spec.h"
+#include "abs_tls_base_application.h"
+#include "tls_base_application.h"
+#include "eap_protocol_layer.h"
+#include "eap_am_network_id.h"
+#include "eap_automatic_variable.h"
+#include "eap_master_session_key.h"
+class abs_tls_base_record_c;
+class abs_eap_am_tools_c;
+class eap_am_network_id_c;
+class tls_record_header_c;
+class tls_am_services_c;
+class tls_handshake_header_c;
+class tls_record_message_c;
+class tls_handshake_message_c;
+class abs_crypto_cbc_block_algorithm_c;
+class abs_crypto_block_algorithm_c;
+class abs_crypto_stream_algorithm_c;
+#if defined(USE_FAST_EAP_TYPE)
+#if !defined(USE_EAP_TLS_SESSION_TICKET)
+#error ERROR: With USE_FAST_EAP_TYPE you must use USE_EAP_TLS_SESSION_TICKET flag too.
+#endif //#if !defined(USE_EAP_TLS_SESSION_TICKET)
+#endif //#if defined(USE_FAST_EAP_TYPE)
+//--------------------------------------------------------------------
+/**
+* The tls_record_c class implements tls_base_record_c.
+* See more detailed design and architecture document <a href="../../type/tls_peap/documentation/EAP_TLS_PEAP.doc">EAP_TLS_PEAP.doc</a>
+* and <a href="../../type/tls_peap/documentation/rfc2246.txt">RFC 2246</a>.
+*/
+class EAP_EXPORT tls_record_c
+: public tls_base_record_c
+, public abs_tls_am_services_c
+, public abs_tls_message_hash_c
+, public abs_tls_change_cipher_spec_c
+, public abs_tls_apply_cipher_spec_c
+, public abs_tls_base_application_c
+{
+private:
+	//--------------------------------------------------
+	/// This is pointer to the tools class. @see abs_eap_am_tools_c.
+	abs_eap_am_tools_c * const m_am_tools;
+	/// This is pointer to adaptation module of TLS.
+	tls_am_services_c * m_am_tls_services;
+	/// This flag tells whether the m_am_tls_services must be freed in destructor.
+	const bool m_free_am_tls_services;
+	/// This is pointer to application object. Mostly this is used in PEAP and the application is tls_application_eap_core_c object.
+	tls_base_application_c * m_application;
+	/// This flag tells whether the m_application must be freed in destructor.
+	const bool m_free_application;
+	/// This object includes pending asyncronous actions or it may be empty.
+	/// The check_sent_tls_message() function call will check and complete pending actions.
+	eap_array_c<tls_completion_c> m_completion_queue;
+	/// This object includes received message in parsed tree.
+	tls_message_c m_received_tls_message;
+	/// This object includes the new created message in parsed tree.
+	/// The send message will be generated from this.
+	tls_message_c m_new_tls_message;
+	/// This object includes MD5 HASH of received handshake messages.
+	crypto_md5_c m_message_hash_md5;
+	/// This object includes SHA1 HASH of received handshake messages.
+	crypto_sha1_c m_message_hash_sha1;
+	/// This object includes MD5 HASH for certificate verify message.
+	eap_variable_data_c m_message_hash_md5_certificate_verify;
+	/// This object includes SHA1 HASH for certificate verify message.
+	eap_variable_data_c m_message_hash_sha1_certificate_verify;
+	/// This object includes MD5 HASH of Finished message of client.
+	eap_variable_data_c m_client_message_hash_md5_finished;
+	/// This object includes SHA1 HASH of Finished message of client.
+	eap_variable_data_c m_client_message_hash_sha1_finished;
+	/// This object includes MD5 HASH of Finished message of server.
+	eap_variable_data_c m_server_message_hash_md5_finished;
+	/// This object includes SHA1 HASH of Finished message of server.
+	eap_variable_data_c m_server_message_hash_sha1_finished;
+	/// This object includes client random value for client handshake message.
+	eap_variable_data_c m_client_handshake_random_value;
+	/// This object includes server random value for server handshake message.
+	eap_variable_data_c m_server_handshake_random_value;
+	/// This object includes session ID.
+	eap_variable_data_c m_session_id;
+	/// This object includes master secret.
+	eap_variable_data_c m_master_secret;
+	/// This object includes EAP-TLS master session key.
+	eap_master_session_key_c m_eap_master_session_key;
+	/// This object includes shared secret key for MAC of send packets.
+	eap_variable_data_c m_new_send_mac_key;
+	/// This object includes shared secret key for MAC of received packets.
+	eap_variable_data_c m_new_receive_mac_key;
+	/// This object includes shared secret key for encryption of send packets.
+	eap_variable_data_c m_new_send_encryption_key;
+	/// This object includes shared secret key for decryption of received packets.
+	eap_variable_data_c m_new_receive_encryption_key;
+	/// This object includes initialization vector for block encryption of send packets.
+	eap_variable_data_c m_new_send_iv;
+	/// This object includes initialization vector for decryption of received packets.
+	eap_variable_data_c m_new_receive_iv;
+	/// This object includes shared secret key for MAC of send packets.
+	eap_variable_data_c m_send_mac_key;
+	/// This object includes shared secret key for MAC of received packets.
+	eap_variable_data_c m_receive_mac_key;
+	/// This object includes shared secret key for encryption of send packets.
+	eap_variable_data_c m_send_encryption_key;
+	/// This object includes shared secret key for decryption of received packets.
+	eap_variable_data_c m_receive_encryption_key;
+	/// This object includes initialization vector for block encryption of send packets.
+	eap_variable_data_c m_send_iv;
+	/// This object includes initialization vector for decryption of received packets.
+	eap_variable_data_c m_receive_iv;
+	/// This object includes session key seed for EAP-FAST.
+	eap_variable_data_c m_session_key_seed;
+	/// This object includes MsChapv2 challenges for EAP-FAST.
+	eap_variable_data_c m_mschapv2_challenges;
+	/// This object includes Diffie-Hellman private key of this TLS end point.
+	eap_variable_data_c m_own_private_dhe_key;
+	/// This object includes Diffie-Hellman public key of this TLS end point.
+	eap_variable_data_c m_own_public_dhe_key;
+	/// This object includes Diffie-Hellman public key of other TLS end point.
+	eap_variable_data_c m_peer_public_dhe_key;
+	/// This object includes Diffie-Hellman shared key of the TLS session.
+	eap_variable_data_c m_shared_dh_key;
+	/// This object includes Diffie-Hellman prime of the TLS session.
+	eap_variable_data_c m_dhe_prime;
+	/// This object includes Diffie-Hellman group generator of the TLS session.
+	eap_variable_data_c m_dhe_group_generator;
+	/// This object includes signed HASH. This is needed to store asyncronously completed signature creation.
+	eap_variable_data_c m_signed_message_hash;
+	/// This object includes the premaster secret.
+	/// In RSA cipher suite client generates this and and encrypts with server public key.
+	/// Server decrypts this within the client key exchange message and decrypts this with private key.
+	/// In DHE cipher suite this is the shared Diffie-Hellman secret.
+	eap_variable_data_c m_premaster_secret;
+	/// This object includes encrypted premaster secret of this TLS end point.
+	/// This is needed to store asyncronously completed result of encryption.
+	eap_variable_data_c m_own_encrypted_premaster_secret;
+#if defined(USE_FAST_EAP_TYPE)
+	/// This object includes PAC-Key of EAP-FAST.
+	/// PAC-Key is stored here before master secret can be generated.
+	eap_variable_data_c m_eap_fast_pac_key;
+#endif //#if defined(USE_FAST_EAP_TYPE)
+	/// This object includes the proposed cipher suites.
+	/// Objects are in host network order.
+	/// Client creates this list and server receives the list in client hello handshake message.
+	eap_array_c<u16_t> m_proposed_cipher_suites;
+	/// This object includes the proposed compression methods.
+	/// Client creates this list and server receives the list in client hello handshake message.
+	eap_array_c<u8_t> m_proposed_compression_methods;
+#if defined(USE_EAP_TLS_SESSION_TICKET)
+	/// All supported TLS extensions.
+	eap_array_c<tls_extension_c> m_supported_tls_extensions;
+	/// All received TLS extensions.
+	eap_array_c<tls_extension_c> m_received_tls_extensions;
+#endif // #if defined(USE_EAP_TLS_SESSION_TICKET)
+	/// This is the realm part of the NAI of the client.
+	eap_variable_data_c m_NAI_realm;
+	/// This is network identity of the sent packet from this authentication session.
+	eap_am_network_id_c m_send_network_id;
+	/// This object includes certificate chain of this TLS end point.
+	/// This is needed to store asyncronously completed result of certificate chain qyery.
+	eap_array_c<eap_variable_data_c> m_own_certificate_chain;
+	/// This object includes certificate types required by this TLS end point.
+	/// This is needed to store asyncronously completed result of certificate type qyery.
+	eap_array_c<u8_t> m_own_certificate_types;
+	/// This object includes certificate authorities required by this TLS end point.
+	/// This is needed to store asyncronously completed result of certificate authorities qyery.
+	eap_array_c<eap_variable_data_c> m_own_certificate_authorities;
+	/// This object includes certificate chain of the other TLS end point.
+	eap_array_c<eap_variable_data_c> m_peer_certificate_chain;
+	/// This variable includes validity result of certificate chain of the other TLS end point.
+	eap_status_e m_peer_certificate_chain_result;
+	/// This variable includes validity result of signature verification of the received message that includes signature.
+	eap_status_e m_verify_signature;
+	/// This object includes certificate types of the other TLS end point.
+	eap_array_c<u8_t> m_peer_certificate_types;
+	/// This object includes certificate authorities of the other TLS end point.
+	eap_array_c<eap_variable_data_c> m_peer_certificate_authorities;
+	/// This is the resumed cipher suite from previous TLS session.
+	tls_cipher_suites_e m_resumed_cipher_suite;
+	/// This is the selected cipher suite for this TLS session.
+	tls_cipher_suites_e m_selected_cipher_suite;
+	/// This is the selected compression method for this TLS session.
+	/// NOTE this is always null compression.
+	tls_compression_method_e m_selected_compression_method;
+	/// This is the active cipher suite of received packets for this TLS session.
+	tls_cipher_suites_e m_receive_cipher_suite;
+	/// This is the active compression method of received packets for this TLS session.
+	/// NOTE this is always null compression.
+	tls_compression_method_e m_receive_compression_method;
+	/// This is the active cipher suite of send packets for this TLS session.
+	tls_cipher_suites_e m_send_cipher_suite;
+	/// This is the active compression method of send packets for this TLS session.
+	/// NOTE this is always null compression.
+	tls_compression_method_e m_send_compression_method;
+	/// This is pointer to CBC block cipher algorithm of send packets when cipher suite uses block cipher.
+	abs_crypto_cbc_block_algorithm_c *m_send_block_cipher;
+	/// This is pointer to CBC block cipher algorithm of received packets when cipher suite uses block cipher.
+	abs_crypto_cbc_block_algorithm_c *m_receive_block_cipher;
+	/// This is pointer to stream cipher algorithm of send packets when cipher suite uses block cipher.
+	abs_crypto_stream_algorithm_c *m_send_stream_cipher;
+	/// This is pointer to stream cipher algorithm of received packets when cipher suite uses block cipher.
+	abs_crypto_stream_algorithm_c *m_receive_stream_cipher;
+	/// This is pointer to HMAC algorithm of send packets.
+	abs_crypto_hmac_algorithm_c *m_send_hmac_algorithm;
+	/// This is pointer to HMAC algorithm of received packets.
+	abs_crypto_hmac_algorithm_c *m_receive_hmac_algorithm;
+	/// This is the counter of send TLS-records. See chapters "6.2.3. Record payload protection"
+	/// and "6.1. Connection states" from <a href="../../type/tls_peap/documentation/rfc2246.txt">RFC 2246</a>.
+	/// Sequence number is initialized to zero and incrmented after each record is processed.
+	u64_t m_send_record_sequence_number;
+	/// This is the counter of received TLS-records. See chapters "6.2.3. Record payload protection"
+	/// and "6.1. Connection states" from <a href="../../type/tls_peap/documentation/rfc2246.txt">RFC 2246</a>.
+	/// Sequence number is initialized to zero and incrmented after each record is processed.
+	u64_t m_receive_record_sequence_number;
+	/// This variable stored the internal state of TLS-session. See tls_peap_state_e.
+	tls_peap_state_e m_tls_peap_state;
+	/// This flag tells which TLS session type is selected,
+	/// full authentication, original session resumption or stateless session resumption (RFC 4507).
+	tls_session_type_e m_tls_session_type;
+	/// This is the EAP-type (TLS, PEAP or TTLS).
+	eap_type_value_e m_eap_type;
+	/// This separates different PEAP versions (PEAPv2, PEAPv1 or XP PEAPv0).
+	peap_version_e m_peap_version;
+	/// This variable stores the state of tunneled EAP-authentication.
+	eap_state_variable_e m_tunneled_eap_type_authentication_state;
+	/// This variable saves the EAP-identifier of the last received EAP-message.
+	u8_t m_received_eap_identifier;
+	/// This indicates whether this object was generated successfully.
+	bool m_is_valid;
+	/// This indicates whether this object is client (true) or server (false).
+	const bool m_is_client;
+	/// This flag tells whether messages could be send in the check_sent_tls_message() function.
+	bool m_allow_message_send;
+	/// This flag prevents recursive calls of the completion_action_check() function.
+	bool m_already_in_completion_action_check;
+	/// This flag prevents recursive calls of the process_tls_records() function.
+	bool m_already_in_process_tls_records;
+	/// This flag tells whether this function call is pending (true value).
+	/// After this function call is completed with appropriate completion function flag is set to false value.
+	bool m_pending_query_certificate_authorities_and_types;
+	/// This flag tells whether this function call is pending (true value).
+	/// After this function call is completed with appropriate completion function flag is set to false value.
+	bool m_pending_query_certificate_chain;
+	/// This flag tells whether this function call is pending (true value).
+	/// After this function call is completed with appropriate completion function flag is set to false value.
+	bool m_pending_query_cipher_suites_and_previous_session;
+	/// This flag tells whether this function call is pending (true value).
+	/// After this function call is completed with appropriate completion function flag is set to false value.
+	bool m_pending_query_dh_parameters;
+	/// This flag tells whether this function call is pending (true value).
+	/// After this function call is completed with appropriate completion function flag is set to false value.
+	bool m_pending_query_realm;
+	/// This flag tells whether this function call is pending (true value).
+	/// After this function call is completed with appropriate completion function flag is set to false value.
+	bool m_pending_select_cipher_suite_and_check_session_id;
+	/// This flag tells whether this function call is pending (true value).
+	/// After this function call is completed with appropriate completion function flag is set to false value.
+	bool m_pending_verify_certificate_chain;
+	/// This flag tells whether this function call is pending (true value).
+	/// After this function call is completed with appropriate completion function flag is set to false value.
+	bool m_pending_rsa_decrypt_with_private_key;
+	/// This flag tells whether this function call is pending (true value).
+	/// After this function call is completed with appropriate completion function flag is set to false value.
+	bool m_pending_rsa_encrypt_with_public_key;
+	/// This flag tells whether this function call is pending (true value).
+	/// After this function call is completed with appropriate completion function flag is set to false value.
+	bool m_pending_sign_with_private_key;
+	/// This flag tells whether this function call is pending (true value).
+	/// After this function call is completed with appropriate completion function flag is set to false value.
+	bool m_pending_verify_with_public_key;
+	/// This flag tells whether this function call is pending (true value).
+	/// After this function call is completed with appropriate completion function flag is set to false value.
+	bool m_pending_query_tunnel_PAC;
+	/// This flag tells whether this instance is test version (true) or real version (false).
+	/// Test version allows many subsequent TLS-sessions.
+	bool m_tls_peap_test_version;
+	/// The flag prevents multiple call of generate_key_material() function.
+	bool m_key_material_generated;
+	/// This flag tells whether the server authenticates client (true) or not (false).
+	/// NOTE: Server and client read this value from it's configuration.
+	/// Server acts as this flag says.
+	/// Client does allow only client and server mutual authentication when this flag is true.
+	/// Client does allow server authentication too when this flag is false.
+	bool m_tls_peap_server_authenticates_client_policy_flag;
+	/// Server reads this from configure.
+	/// Server initiates mutual authentication when value is true.
+	/// Server initiates server authentication when value is false.
+	bool m_tls_peap_server_authenticates_client_config_server;
+	/// Client and server set this flag to indicate the current function.
+	/// Action is mutual authentication when value is true.
+	/// Action is server authentication when value is false.
+	bool m_tls_peap_server_authenticates_client_action;
+	/// Client uses this flag to remember the the certificate request message.
+	bool m_tls_peap_server_requested_client_certificate;
+	/// This flag tells whether we could send fatal TLS-alert message (true) or not (false).
+	/// This is set false after we receive one TLS-alert message.
+	bool m_could_send_fatal_alert_message;
+	/// This flag tells whether we could send warning TLS-alert message (true) or not (false).
+	/// This is set false after we receive one TLS-alert message.
+	bool m_could_send_warning_alert_message;
+	/// This flag tells whether the check_sent_tls_message() must send TLS-alert message (true) or not (false).
+	/// This flag is set after the TLS-alert message is generated. This flag forses send of the TLS-alert message.
+	bool m_force_tls_message_send;
+	/// This flag tells whether the shutdown() function was called (true) or not (false).
+	bool m_shutdown_was_called;
+	/// This flag tells whether TLS-messages should be set to separate TLS-records (true) or TLS-message should
+	/// be packed to same TLS-record if it is possible (false).
+	bool m_use_separate_tls_record;
+	/// This flag tells whether extra padding of block cipher should be used.
+	bool m_use_extra_padding_length;
+	/// NOTE this is against the RFC 2246 The TLS Protocol Version 1.0.
+	/// Look at chapter 7.4.4. Certificate request.
+	bool m_client_allows_empty_certificate_authorities_list;
+	/// NOTE this is against the RFC 2246 The TLS Protocol Version 1.0.
+	/// Look at chapter 7.4.4. Certificate request.
+	bool m_server_sends_empty_certificate_authorities_list;
+	/// This configurable option selects whether the special TLS/PEAP style
+	/// is used, the length field is added to all message fragments
+	/// even the message fits to one fragment except EAP-TLS-start, EAP-TLS-Acknowledge and
+	/// PEAP-application data. The client acknowledges tunneled EAP-Success message
+	/// with empty PEAP message.
+	bool m_use_tppd_tls_peap;
+	/// On fast session resume server does not send tunneled EAP-Success.
+	/// Instead it sends plain EAP-Success.
+	/// True value of this flag allows this plain EAP-Success.
+	bool m_use_tppd_peapv1_acknowledge_hack;
+	/// This configuration flag tells the server will offer new session ID to client.
+	bool m_server_offers_new_session_id;
+	/// Client will receive a new session ticket in NewSessionTicket message.
+	bool m_will_receive_new_session_ticket;
+	/// True value means EAP-FAST server sends piggypacked EAP-Identity/Request.
+	/// False value means EAP-FAST server does not send piggypacked EAP-Identity/Request, instead it waits empty Ack-message from client.
+	bool m_send_piggypacked_eap_identity_request;
+#if defined(USE_EAP_TLS_IDENTITY_PRIVACY)
+	/// Flag causes TLS client to use privacy.
+	bool m_tls_use_identity_privacy;
+	/// Variable tells state of TLS identity privacy handshake.
+	tls_identity_privacy_handshake_state_e m_tls_identity_privacy_handshake_state;
+#endif //#if defined(USE_EAP_TLS_IDENTITY_PRIVACY)
+#if defined(USE_FAST_EAP_TYPE)
+	/// This flag allows use of dynamic provisioning of PAC in Server-Unauthenticated Mode.
+	/// This is called also Authenticated Diffie-Hellman Protocol (ADHP).
+	bool m_eap_fast_allow_server_unauthenticated_provisioning_mode_ADHP;
+	/// This flag allows use of dynamic provisioning of PAC in Server-Authenticated Mode.
+	bool m_fast_allow_server_authenticated_provisioning_mode;
+	bool m_remove_tunnel_pac;
+#endif //#if defined(USE_FAST_EAP_TYPE)
+	//--------------------------------------------------
+	/**
+	 * The set_is_valid() function sets the state of the object valid.
+	 * The creator of this object calls this function after it is initialized.
+	 */
+	EAP_FUNC_IMPORT void set_is_valid();
+	EAP_FUNC_IMPORT eap_status_e allocate_handshake_message(
+		tls_handshake_message_c ** const tls_handshake_message,
+		eap_automatic_variable_c<tls_handshake_message_c> * const automatic_tls_handshake_message,
+		const tls_handshake_type_e handshake_type);
+	EAP_FUNC_IMPORT eap_status_e allocate_handshake_message_copy(
+		tls_handshake_message_c ** const tls_handshake_message,
+		eap_automatic_variable_c<tls_handshake_message_c> * const automatic_tls_handshake_message,
+		tls_handshake_header_c * const tls_handshake_header);
+	/**
+	 * This function creates TLS Handshake/HelloRequest message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e create_handshake_type_hello_request();
+	/**
+	 * This function creates TLS Handshake/ClientHello message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e create_handshake_type_client_hello();
+	/**
+	 * This function creates TLS Handshake/ServerHello message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e create_handshake_type_server_hello(
+		const u16_t selected_cipher_suite,
+		const u8_t selected_compression_method);
+	/**
+	 * This function creates TLS Handshake/Certificate message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e create_handshake_type_certificate(
+		EAP_TEMPLATE_CONST eap_array_c<eap_variable_data_c> * const certificate_chain);
+	/**
+	 * This function creates TLS Handshake/CertificateRequest message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e create_handshake_type_certificate_request(
+		EAP_TEMPLATE_CONST eap_array_c<u8_t> * const certificate_types,
+		EAP_TEMPLATE_CONST eap_array_c<eap_variable_data_c> * const certificate_authorities);
+	/**
+	 * This function creates TLS Handshake/ServerHelloDone message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e create_handshake_type_server_hello_done();
+	/**
+	 * This function completes creation of TLS Handshake/ServerKeyExchange message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e complete_create_handshake_type_server_key_exchange();
+	/**
+	 * This function creates TLS Handshake/ServerKeyExchange message.
+	 * NOTE: this function is asyncronous. complete_create_handshake_type_server_key_exchange()
+	 * completes this operation.
+	 */
+	EAP_FUNC_IMPORT eap_status_e create_handshake_type_server_key_exchange();
+	/**
+	 * This function completes creation of TLS Handshake/ClientKeyExchange message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e complete_create_handshake_type_client_key_exchange();
+	/**
+	 * This function creates TLS Handshake/ClientKeyExchange message.
+	 * NOTE: this function is asyncronous. complete_create_handshake_type_client_key_exchange()
+	 * completes this operation.
+	 */
+	EAP_FUNC_IMPORT eap_status_e create_handshake_type_client_key_exchange();
+	/**
+	 * This function completes creation of TLS Handshake/CertificateVerify message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e complete_create_handshake_type_certificate_verify();
+	/**
+	 * This function creates TLS Handshake/CertificateVerify message.
+	 * NOTE: this function is asyncronous.
+	 */
+	EAP_FUNC_IMPORT eap_status_e create_handshake_type_certificate_verify();
+	/**
+	 * This function creates TLS Handshake/Finished message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e create_handshake_type_finished();
+	/**
+	 * This function creates TLS Handshake/NewSessionTicket message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e create_handshake_type_new_session_ticket();
+	/**
+	 * This function creates TLS ChangeCipherSpec/ChangeCipherSpec message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e create_change_cipher_spec_type_change_cipher_spec();
+	/**
+	 * This function finish TLS handshake.
+	 */
+	EAP_FUNC_IMPORT eap_status_e finish_handshake();
+	/**
+	 * This function creates TLS Alert/Alert message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e create_tls_protocol_alert(
+		const tls_alert_description_e alert_description,
+		const tls_alert_level_e alert_level,
+		const eap_status_e result);
+	/**
+	 * This function creates TLS ApplicationData message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e create_tls_application_data(
+		eap_buf_chain_wr_c * const sent_packet,
+		const u32_t header_offset);
+	/**
+	 * This function starts tunneled authentication.
+	 */
+	EAP_FUNC_IMPORT eap_status_e start_peap_tunneled_authentication(
+		const eap_am_network_id_c * const receive_network_id,
+		const u8_t received_eap_identifier,
+		const tls_session_type_e tls_session_type);
+	/**
+	 * This function parses TLS extension list, see RFC 4366.
+	 */
+	EAP_FUNC_IMPORT eap_status_e parse_tls_extension_list(
+		const u32_t handshake_data_length,
+		u32_t * const data_offset,
+		const tls_handshake_header_c * const tls_handshake_header,
+		tls_handshake_message_c * const tls_handshake_message);
+	/**
+	 * This function parses TLS Handshake/HelloRequest message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e parse_handshake_type_hello_request(
+		tls_record_message_c * const received_tls_record_message,
+		tls_handshake_header_c * const tls_handshake_header,
+		const u32_t handshake_data_length);
+	/**
+	 * This function parses TLS Handshake/ClientHello message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e parse_handshake_type_client_hello(
+		tls_record_message_c * const received_tls_record_message,
+		tls_handshake_header_c * const tls_handshake_header,
+		const u32_t handshake_data_length);
+	/**
+	 * This function parses TLS Handshake/ServerHello message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e parse_handshake_type_server_hello(
+		tls_record_message_c * const received_tls_record_message,
+		tls_handshake_header_c * const tls_handshake_header,
+		const u32_t handshake_data_length);
+	/**
+	 * This function parses TLS Handshake/Certificate message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e parse_handshake_type_certificate(
+		tls_record_message_c * const received_tls_record_message,
+		tls_handshake_header_c * const tls_handshake_header,
+		const u32_t handshake_data_length);
+	/**
+	 * This function parses TLS Handshake/CertificateRequest message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e parse_handshake_type_certificate_request(
+		tls_record_message_c * const received_tls_record_message,
+		tls_handshake_header_c * const tls_handshake_header,
+		const u32_t handshake_data_length);
+	/**
+	 * This function parses TLS Handshake/ServerHelloDone message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e parse_handshake_type_server_hello_done(
+		tls_record_message_c * const received_tls_record_message,
+		tls_handshake_header_c * const tls_handshake_header,
+		const u32_t handshake_data_length);
+	/**
+	 * This function parses TLS Handshake/ServerKeyExchange message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e parse_handshake_type_server_key_exchange(
+		tls_record_message_c * const received_tls_record_message,
+		tls_handshake_header_c * const tls_handshake_header,
+		const u32_t handshake_data_length);
+	/**
+	 * This function parses TLS Handshake/ClientKeyExchange message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e parse_handshake_type_client_key_exchange(
+		tls_record_message_c * const received_tls_record_message,
+		tls_handshake_header_c * const tls_handshake_header,
+		const u32_t handshake_data_length);
+	/**
+	 * This function parses TLS Handshake/CertificateVerify message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e parse_handshake_type_certificate_verify(
+		tls_record_message_c * const received_tls_record_message,
+		tls_handshake_header_c * const tls_handshake_header,
+		const u32_t handshake_data_length);
+	/**
+	 * This function parses TLS Handshake/Finished message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e parse_handshake_type_finished(
+		tls_record_message_c * const received_tls_record_message,
+		tls_handshake_header_c * const tls_handshake_header,
+		const u32_t handshake_data_length);
+#if defined(USE_EAP_TLS_SESSION_TICKET)
+	/**
+	 * This function parses TLS Handshake/NewSessionTicket message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e parse_handshake_type_new_session_ticket(
+		tls_record_message_c * const received_tls_record_message,
+		tls_handshake_header_c * const tls_handshake_header,
+		const u32_t handshake_data_length);
+#endif // #if defined(USE_EAP_TLS_SESSION_TICKET)
+	/**
+	 * This function parses TLS ChangeCipherSpec protocol.
+	 */
+	EAP_FUNC_IMPORT eap_status_e parse_tls_protocol_change_cipher_spec(
+		tls_record_message_c * const tls_record_message,
+		eap_variable_data_c * const tls_protocols_messages_buffer);
+	/**
+	 * This function parses TLS Alert protocol.
+	 */
+	EAP_FUNC_IMPORT eap_status_e parse_tls_protocol_alert(
+		tls_record_message_c * const tls_record_message,
+		eap_variable_data_c * const tls_protocols_messages_buffer);
+	/**
+	 * This function parses TLS Handshake protocol.
+	 */
+	EAP_FUNC_IMPORT eap_status_e parse_tls_protocol_handshake(
+		tls_record_message_c * const tls_record_message,
+		eap_variable_data_c * const tls_protocols_messages_buffer);
+	/**
+	 * This function parses TLS ApplicationData protocol.
+	 */
+	EAP_FUNC_IMPORT eap_status_e parse_tls_protocol_application_data(
+		tls_record_message_c * const tls_record_message,
+		eap_variable_data_c * const tls_protocols_messages_buffer);
+	/**
+	 * This function reassembles data of received consecutive TLS-records with same protocol to tls_record_message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e reassemble_tls_records(
+		tls_record_message_c * const tls_record_message,
+		tls_record_header_c * const next_tls_record_header);
+	/**
+	 * This function processes received TLS records.
+	 */
+	EAP_FUNC_IMPORT eap_status_e process_tls_records();
+	/**
+	 * This function processes received TLS message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e process_tls_message();
+	EAP_FUNC_IMPORT tls_record_protocol_e get_next_tls_record_message_protocol();
+	EAP_FUNC_IMPORT tls_handshake_type_e get_next_tls_handshake_message_type();
+	/**
+	 * This function analyses TLS Handshake/HelloRequest message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e analyse_handshake_type_hello_request(
+		EAP_TEMPLATE_CONST tls_handshake_message_c * const handshake_message);
+	/**
+	 * This function analyses TLS Handshake/ClientHello message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e analyse_handshake_type_client_hello(
+		EAP_TEMPLATE_CONST tls_handshake_message_c * const handshake_message);
+	/**
+	 * This function analyses TLS Handshake/ServerHello message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e analyse_handshake_type_server_hello(
+		EAP_TEMPLATE_CONST tls_handshake_message_c * const handshake_message);
+	/**
+	 * This function analyses TLS Handshake/Certificate message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e analyse_handshake_type_certificate(
+		EAP_TEMPLATE_CONST tls_handshake_message_c * const handshake_message);
+	/**
+	 * This function analyses TLS Handshake/CertificateRequest message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e analyse_handshake_type_certificate_request(
+		EAP_TEMPLATE_CONST tls_handshake_message_c * const handshake_message);
+	/**
+	 * This function analyses TLS Handshake/ServerHelloDone message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e analyse_handshake_type_server_hello_done(
+		EAP_TEMPLATE_CONST tls_handshake_message_c * const handshake_message);
+	/**
+	 * This function analyses TLS Handshake/ServerKeyExchange message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e analyse_handshake_type_server_key_exchange(
+		EAP_TEMPLATE_CONST tls_handshake_message_c * const handshake_message);
+	/**
+	 * This function analyses TLS Handshake/ClientKeyExchange message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e analyse_handshake_type_client_key_exchange(
+		EAP_TEMPLATE_CONST tls_handshake_message_c * const handshake_message);
+	/**
+	 * This function analyses TLS Handshake/CertificateVerify message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e analyse_handshake_type_certificate_verify(
+		EAP_TEMPLATE_CONST tls_handshake_message_c * const handshake_message);
+	/**
+	 * This function analyses TLS Handshake/Finished message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e analyse_handshake_type_finished(
+		EAP_TEMPLATE_CONST tls_handshake_message_c * const handshake_message,
+		const u8_t received_eap_identifier);
+#if defined(USE_EAP_TLS_SESSION_TICKET)
+	/**
+	 * This function analyses TLS Handshake/NewSessionTicket message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e analyse_handshake_type_new_session_ticket(
+		EAP_TEMPLATE_CONST tls_handshake_message_c * const handshake_message,
+		const u8_t received_eap_identifier);
+#endif // #if defined(USE_EAP_TLS_SESSION_TICKET)
+	/**
+	 * This function analyses TLS ChangeCipherSpec protocol.
+	 */
+	EAP_FUNC_IMPORT eap_status_e analyse_tls_protocol_change_cipher_spec(
+		const tls_record_message_c * const record);
+	/**
+	 * This function analyses TLS Alert protocol.
+	 */
+	EAP_FUNC_IMPORT eap_status_e analyse_tls_protocol_alert(
+		const tls_record_message_c * const record);
+	/**
+	 * This function analyses TLS Handshake protocol.
+	 */
+	EAP_FUNC_IMPORT eap_status_e analyse_tls_protocol_handshake(
+		tls_record_message_c * const record,
+		const u8_t received_eap_identifier);
+	/**
+	 * This function analyses TLS ApplicationData protocol.
+	 */
+	EAP_FUNC_IMPORT eap_status_e analyse_tls_protocol_application_data(
+		const tls_record_message_c * const record,
+		const u8_t received_eap_identifier);
+	/**
+	 * This function checks whether all pending queries are completed.
+	 */
+	EAP_FUNC_IMPORT eap_status_e are_pending_queries_completed();
+	/**
+	 * This function indicates state to lower layer.
+	 */
+	EAP_FUNC_IMPORT eap_status_e indicate_state_to_lower_layer(
+		const tls_peap_state_e indicated_state);
+	/**
+	 * This function indicates all message processed to lower layer.
+	 */
+	EAP_FUNC_IMPORT eap_status_e indicate_messages_processed();
+	/**
+	 * This function combines TLS-protocols data to a buffer and sends TLS-message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e send_tls_message();
+	/**
+	 * This function checks all queries are completed.
+	 * If all queries are completed this function send the pending LS-messages.
+	 */
+	EAP_FUNC_IMPORT eap_status_e check_sent_tls_message();
+	/**
+	 * This function check the selected cipher suite is one of the proposed cipher suites.
+	 */
+	EAP_FUNC_IMPORT eap_status_e check_selected_cipher_suite(
+		const tls_cipher_suites_e selected_cipher_suite);
+	/**
+	 * This function check the selected compression method is one of the proposed compression method.
+	 */
+	EAP_FUNC_IMPORT eap_status_e check_selected_compression_method(
+		const tls_compression_method_e selected_compression_method);
+	/**
+	 * This function changes one 16-bit value pointed by parameter value from network order to host order.
+	 */
+	EAP_FUNC_IMPORT static eap_status_e u16_t_to_host_order(
+		u16_t * const value,
+		abs_eap_am_tools_c * const m_am_tools);
+	/**
+	 * This function changes one 16-bit value pointed by parameter value from host order to network order.
+	 */
+	EAP_FUNC_IMPORT static eap_status_e u16_t_to_network_order(
+		u16_t * const value,
+		abs_eap_am_tools_c * const m_am_tools);
+	/**
+	 * This function initializes MD5 and SHA hashes.
+	 */
+	EAP_FUNC_IMPORT eap_status_e message_hash_init();
+	/**
+	 * This function adds the send and received TLS-handshake message to MD5 and SHA hashes.
+	 * @param eap includes the buffer of the whole reassembled TLS-packet.
+	 * @param packet_length is length in bytes of the TLS-packet.
+	 */
+	EAP_FUNC_IMPORT eap_status_e message_hash_update(
+		const bool true_when_parse_message,
+		const tls_handshake_type_e type,
+		u8_t * const tls_packet,
+		const u32_t tls_packet_length);
+	/**
+	 * This function obtains and concatenates the message digest of MD5 and SHA hashes.
+	 * @param type tells the handshake type where the message digest is used.
+	 * @param message_hash includes the buffer of the message digest. The message_hash_create() function initializes the buffer.
+	 * @param client_originated is boolean flag. When client calls this function value is true, when server calls this function value is false.
+	 */
+	EAP_FUNC_IMPORT eap_status_e message_hash_create(
+		const bool true_when_parse_message,
+		const tls_handshake_type_e type,
+		eap_variable_data_c * const message_hash,
+		const bool client_originated);
+	EAP_FUNC_IMPORT eap_status_e message_hash_final(
+		eap_variable_data_c * const md5_digest,
+		eap_variable_data_c * const sha1_digest);
+	/**
+	 * This function saves MD5 and SHA hashes for certificate verify message to
+	 * member attributes m_message_hash_md5_certificate_verify and m_message_hash_sha1_certificate_verify.
+	 */
+	EAP_FUNC_IMPORT eap_status_e message_hash_save_certificate_verify();
+	/**
+	 * This function saves MD5 and SHA hashes for finished message to
+	 * member attributes message_hash_md5_finished and message_hash_sha1_finished.
+	 */
+	EAP_FUNC_IMPORT eap_status_e message_hash_save_finished(
+		const bool client_originated);
+	/**
+	 * This function creates certificate verfy message hash.
+	 */
+	EAP_FUNC_IMPORT eap_status_e message_hash_create_certificate_verify(
+		const bool client_originated);
+	/**
+	 * This function creates finished message hash.
+	 * @param signed_message_hash is pointer to buffer of the message hash.
+	 */
+	EAP_FUNC_IMPORT eap_status_e message_hash_create_finished(
+		const bool client_originated_message,
+		eap_variable_data_c * const signed_message_hash);
+	/**
+	 * This function creates SHA1 HASH of server key exchange message when DHE cipher suite is used.
+	 */
+	EAP_FUNC_IMPORT eap_status_e create_server_key_exchange_sha1_hash(
+		const eap_variable_data_c * const dhe_prime,
+		const eap_variable_data_c * const dhe_group_generator,
+		const eap_variable_data_c * const public_dhe_key,
+		eap_variable_data_c * const hash);
+	/**
+	 * This function creates MD5 HASH of server key exchange message when DHE cipher suite is used.
+	 */
+	EAP_FUNC_IMPORT eap_status_e create_server_key_exchange_md5_hash(
+		const eap_variable_data_c * const dhe_prime,
+		const eap_variable_data_c * const dhe_group_generator,
+		const eap_variable_data_c * const public_dhe_key,
+		eap_variable_data_c * const hash);
+	/**
+	 * This function verifies the HASH of server key exchange message is valid.
+	 */
+	EAP_FUNC_IMPORT eap_status_e verify_signature_of_server_key_exchange(
+		const eap_variable_data_c * const signed_server_key_exchange_hash);
+	/**
+	 * This function verifies the cipher suite is one of using 3DES_EDE_CBC_SHA.
+	 */
+	EAP_FUNC_IMPORT bool cipher_suite_is_3DES_EDE_CBC_SHA(tls_cipher_suites_e cipher_suite) const;
+	/**
+	 * This function verifies the cipher suite is one of using AES_128_CBC_SHA.
+	 */
+	EAP_FUNC_IMPORT bool cipher_suite_is_AES_128_CBC_SHA(tls_cipher_suites_e cipher_suite) const;
+	/**
+	 * This function verifies the cipher suite is one of using RC4_128_MD5.
+	 */
+	EAP_FUNC_IMPORT bool cipher_suite_is_RC4_128_MD5(tls_cipher_suites_e cipher_suite) const;
+	/**
+	 * This function verifies the cipher suite is one of using RC4_128_SHA.
+	 */
+	EAP_FUNC_IMPORT bool cipher_suite_is_RC4_128_SHA(tls_cipher_suites_e cipher_suite) const;
+	/**
+	 * This function verifies the current cipher suite is one of using TLS_RSA.
+	 */
+	EAP_FUNC_IMPORT bool cipher_suite_is_TLS_RSA() const;
+	/**
+	 * This function verifies the current cipher suite is one of using TLS_DHE_RSA.
+	 */
+	EAP_FUNC_IMPORT bool cipher_suite_is_TLS_DHE_RSA() const;
+	/**
+	 * This function verifies the current cipher suite is one of using TLS_DHE_DSS.
+	 */
+	EAP_FUNC_IMPORT bool cipher_suite_is_TLS_DHE_DSS() const;
+#if defined(USE_FAST_EAP_TYPE)
+	/**
+	 * This function verifies the current cipher suite is one of using TLS_DH_anon.
+	 */
+	EAP_FUNC_IMPORT bool cipher_suite_is_TLS_DH_anon() const;
+#endif //#if defined(USE_FAST_EAP_TYPE)
+#if EAP_TLS_NOT_SUPPORTED_CIPHER_SUITE
+	This is not implemented yet
+	EAP_FUNC_IMPORT bool cipher_suite_is_TLS_DH_DSS() const;
+#endif
+	/**
+	 * This function generates ephemeral Diffie-Hellman keys.
+	 * Keys are stored to m_own_private_dhe_key and m_own_public_dhe_key.
+	 */
+	EAP_FUNC_IMPORT eap_status_e generate_dhe_keys();
+	/**
+	 * This function generates master secret.
+	 */
+	EAP_FUNC_IMPORT eap_status_e generate_master_secret();
+	/**
+	 * This function generates premaster secret.
+	 */
+	EAP_FUNC_IMPORT eap_status_e generate_premaster_secret();
+#if defined(USE_FAST_EAP_TYPE)
+	/**
+	 * This function generates master secret from EAP-FAST PAC-Key.
+	 */
+	EAP_FUNC_IMPORT eap_status_e generate_eap_fast_master_secret_from_pac_key(
+		const eap_variable_data_c * const pac_key);
+#endif //#if defined(USE_FAST_EAP_TYPE)
+	EAP_FUNC_IMPORT void send_error_notification(const eap_status_e error);
+	/**
+	 * This function adds new completion action to the end of the m_completion_queue.
+	 */
+	EAP_FUNC_IMPORT eap_status_e completion_action_add(
+		tls_completion_action_e action);
+	/**
+	 * This function verifies all completion actions are completed.
+	 */
+	EAP_FUNC_IMPORT eap_status_e completion_action_clenup();
+	/**
+	 * This function checks and completes completion actions.
+	 * This function could return eap_status_pending_request if the
+	 * first completion action cannot be completed yet.
+	 */
+	EAP_FUNC_IMPORT eap_status_e completion_action_check();
+	/**
+	 * This function generates random padding length. See chapter "6.2.3.2. CBC block cipher" in <a href="../../type/tls_peap/documentation/rfc2246.txt">RFC 2246</a>.
+	 */
+	EAP_FUNC_IMPORT u8_t get_extra_padding_length(const u8_t padding_length, const u32_t block_size);
+	/**
+	 * This function applies the current block cipher suite to send TLS-record.
+	 */
+	EAP_FUNC_IMPORT eap_status_e apply_send_block_cipher_suite(
+		eap_variable_data_c * const tls_record_message_buffer,
+		abs_crypto_cbc_block_algorithm_c * const encrypt,
+		abs_crypto_hmac_algorithm_c * const mac);
+	/**
+	 * This function applies the current block cipher suite to received TLS-record.
+	 */
+	EAP_FUNC_IMPORT eap_status_e apply_receive_block_cipher_suite(
+		eap_variable_data_c * const tls_record_message_buffer,
+		abs_crypto_cbc_block_algorithm_c * const decrypt,
+		abs_crypto_hmac_algorithm_c * const mac);
+	/**
+	 * This function applies the current stream cipher suite to send TLS-record.
+	 */
+	EAP_FUNC_IMPORT eap_status_e apply_send_stream_cipher_suite(
+		eap_variable_data_c * const tls_record_message_buffer,
+		abs_crypto_stream_algorithm_c * const encrypt,
+		abs_crypto_hmac_algorithm_c * const mac);
+	/**
+	 * This function applies the current stream cipher suite to received TLS-record.
+	 */
+	EAP_FUNC_IMPORT eap_status_e apply_receive_stream_cipher_suite(
+		eap_variable_data_c * const tls_record_message_buffer,
+		abs_crypto_stream_algorithm_c * const decrypt,
+		abs_crypto_hmac_algorithm_c * const mac);
+	/**
+	 * This function applies the current cipher suite to send TLS-record.
+	 */
+	EAP_FUNC_IMPORT eap_status_e apply_send_cipher_suite(
+		eap_variable_data_c * const tls_record_message_buffer);
+	/**
+	 * This function applies the current cipher suite to received TLS-record.
+	 */
+	EAP_FUNC_IMPORT eap_status_e apply_receive_cipher_suite(
+		eap_variable_data_c * const tls_record_message_buffer);
+	/** This function hides create_tls_protocol_alert() call.
+	 */
+	EAP_FUNC_IMPORT eap_status_e eap_status_return_and_create_tls_protocol_alert(
+		const eap_status_e status);
+	/**
+	 * This function sets the state of TLS.
+	 */
+	EAP_FUNC_IMPORT tls_peap_state_e get_state() const;
+	/**
+	 * This function gets the state of TLS.
+	 */
+	EAP_FUNC_IMPORT void set_state(const tls_peap_state_e state);
+	/**
+	 * This function verified the current state of TLS and parameter state are equal.
+	 */
+	EAP_FUNC_IMPORT bool verify_state(const tls_peap_state_e state);
+	/**
+	 * This function initializes encryption and decryption objects for block cipher suite.
+	 */
+	EAP_FUNC_IMPORT eap_status_e cipher_suite_initialization_cbc(
+		abs_crypto_cbc_block_algorithm_c ** const cbc_crypto_block_algorithm,
+		abs_crypto_block_algorithm_c * const crypto_block_algorithm,
+		const eap_variable_data_c * const iv,
+		const eap_variable_data_c * const key,
+		const bool true_when_encrypt);
+	/**
+	 * This function initializes HMAC algorithm objects.
+	 */
+	EAP_FUNC_IMPORT eap_status_e cipher_suite_initialization_hmac(
+		abs_crypto_hmac_algorithm_c * const hmac_algorithm,
+		const eap_variable_data_c * const key);
+	/**
+	 * This function initializes encryption and decryption objects for stream cipher suite.
+	 */
+	EAP_FUNC_IMPORT eap_status_e cipher_suite_initialization_stream(
+		abs_crypto_stream_algorithm_c * const crypto_stream_algorithm,
+		const eap_variable_data_c * const key,
+		const bool true_when_encrypt);
+	/**
+	 * This function initializes HMAC-SHA1 objects for current cipher suite.
+	 */
+	EAP_FUNC_IMPORT eap_status_e cipher_suite_initialization_hmac_sha1(const bool send_when_true);
+	/**
+	 * This function initializes HMAC-MD5 objects for current cipher suite.
+	 */
+	EAP_FUNC_IMPORT eap_status_e cipher_suite_initialization_hmac_md5(const bool send_when_true);
+	/**
+	 * This function initializes encryption and decryption objects for current cipher suite.
+	 */
+	EAP_FUNC_IMPORT eap_status_e cipher_suite_initialization(
+		const bool send_when_true);
+	/**
+	 * This function creates a new TLS-record message or returns tha last one if
+	 * parameter protocol and ther last TLS-record message match.
+	 */
+	EAP_FUNC_IMPORT eap_status_e new_record_message(
+		tls_record_message_c ** const tls_record_message,
+		const tls_record_protocol_e protocol);
+	/**
+	 * This function creates a new TLS-record including handshake protocol message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e add_record_message(
+		tls_handshake_message_c * const tls_handshake_message);
+	/**
+	 * This function creates a new TLS-record including change cipher spec protocol message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e add_record_message(
+		tls_change_cipher_spec_message_c * const change_cipher_spec_message);
+	/**
+	 * This function creates a new TLS-record including alert protocol message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e add_record_message(
+		tls_alert_message_c * const alert_message);
+	/**
+	 * This function creates a new TLS-record including application data protocol message.
+	 */
+	EAP_FUNC_IMPORT eap_status_e add_record_message(
+		tls_application_data_message_c * const application_data_message);
+	EAP_FUNC_IMPORT void reset_block_ciphers(const bool send_when_true);
+	EAP_FUNC_IMPORT void reset_stream_ciphers(const bool send_when_true);
+	EAP_FUNC_IMPORT void reset_hmac_algorithms(const bool send_when_true);
+	EAP_FUNC_IMPORT eap_status_e get_tls_prf_data(
+		const eap_variable_data_c * const master_secret,
+		const eap_variable_data_c * const client_random,
+		const eap_variable_data_c * const server_random,
+		const eap_variable_data_c * const label,
+		eap_variable_data_c * const prf_data,
+		const u32_t required_prf_data_length);
+	EAP_FUNC_IMPORT eap_status_e set_tls_session_type(const tls_session_type_e tls_session_type);
+	EAP_FUNC_IMPORT tls_session_type_e get_tls_session_type();
+	EAP_FUNC_IMPORT void set_tls_identity_privacy_handshake_state(const tls_identity_privacy_handshake_state_e state);
+	EAP_FUNC_IMPORT void set_selected_cipher_suite(const tls_cipher_suites_e cipher_suite);
+	EAP_FUNC_IMPORT eap_status_e set_receive_cipher_suite(const tls_cipher_suites_e cipher_suite);
+	EAP_FUNC_IMPORT eap_status_e set_send_cipher_suite(const tls_cipher_suites_e cipher_suite);
+	//--------------------------------------------------
+protected:
+	//--------------------------------------------------
+	//--------------------------------------------------
+public:
+	//--------------------------------------------------
+	/**
+	 * The destructor of the tls_record_c class does nothing special.
+	 */
+	EAP_FUNC_IMPORT virtual ~tls_record_c();
+	/**
+	 * The constructor of the tls_record_c class simply initializes the attributes.
+	 * The tls_record_c object sends packets to the network using tls_base_record_c::get_type_partner() object.
+	 */
+	EAP_FUNC_IMPORT tls_record_c(
+		abs_eap_am_tools_c * const tools, ///< tools is pointer to the tools class. @see abs_eap_am_tools_c.
+		tls_am_services_c * const am_tls_services, ///< This is pointer to adaoptation module of TLS.
+		const bool free_am_tls_services,
+		tls_base_application_c * const application, ///< application is pointer to application object.
+		const bool free_application,
+		const bool is_client_when_true, ///< Indicates whether this is client (true) or server (false).
+		const eap_type_value_e eap_type,
+		const eap_am_network_id_c * const receive_network_id);
+	/**
+	 * This function returns true when EAP-type is TTLS or PEAP.
+	 */
+	EAP_FUNC_IMPORT bool get_is_tunneled_tls();
+	/**
+	 * This function sets the tunnel type.
+	 */
+	void set_peap_version(
+		const peap_version_e peap_version, ///< This is the PEAP version (PEAPv2, PEAPv1, XP PEAPv0), yes very nice to have many different versions.
+		const bool use_tppd_tls_peap, ///< Of course some vendors have own TLS/PEAP quirks.
+		const bool use_tppd_peapv1_acknowledge_hack);
+	/**
+	 * The configure() function is called after the constructor of the
+	 * object is successfully executed. During the function call the object
+	 * could query the configuration. Each derived class must define this function.
+	 */
+	EAP_FUNC_IMPORT eap_status_e configure();
+	/**
+	 * The shutdown() function is called before the destructor of the
+	 * object is executed. During the function call the object
+	 * could shutdown the operations, for example cancel timers.
+	 * Each derived class must define this function.
+	 */
+	EAP_FUNC_IMPORT eap_status_e shutdown();
+	EAP_FUNC_IMPORT eap_status_e get_ttls_implicit_challenge(
+		eap_variable_data_c * const ttls_implicit_challenge,
+		const u32_t required_ttls_implicit_challenge_length);
+	/**
+	 * This function sets the NAI realm.
+	 */
+	EAP_FUNC_IMPORT eap_status_e set_nai_realm(
+		const eap_variable_data_c * const NAI_realm ///< This is the full NAI realm.
+		);
+	// This is commented in abs_tls_base_application_c.
+	EAP_FUNC_IMPORT eap_status_e packet_send(
+		eap_buf_chain_wr_c * const sent_packet,
+		const u32_t header_offset,
+		const u32_t data_length,
+		const u32_t buffer_length);
+	// This is commented in abs_tls_base_application_c.
+	EAP_FUNC_IMPORT u32_t get_header_offset(
+		u32_t * const MTU_length,
+		u32_t * const trailer_length);
+	// This is commented in abs_tls_base_application_c.
+	EAP_FUNC_IMPORT eap_status_e read_configure(
+		const eap_configuration_field_c * const field,
+		eap_variable_data_c * const data);
+	// This is commented in abs_tls_base_application_c.
+	EAP_FUNC_IMPORT eap_status_e write_configure(
+		const eap_configuration_field_c * const field,
+		eap_variable_data_c * const data);
+	// This is commented in abs_tls_base_application_c.
+	EAP_FUNC_IMPORT void state_notification(
+		const abs_eap_state_notification_c * const state);
+	// This is commented in abs_tls_base_application_c.
+	EAP_FUNC_IMPORT eap_status_e set_timer(
+		abs_eap_base_timer_c * const initializer,
+		const u32_t id,
+		void * const data,
+		const u32_t p_time_ms);
+	// This is commented in abs_tls_base_application_c.
+	EAP_FUNC_IMPORT eap_status_e cancel_timer(
+		abs_eap_base_timer_c * const initializer,
+		const u32_t id);
+	// This is commented in abs_tls_base_application_c.
+	EAP_FUNC_IMPORT eap_status_e cancel_all_timers();
+	// This is commented in abs_tls_base_application_c.
+	EAP_FUNC_IMPORT eap_status_e load_module(
+		const eap_type_value_e type,
+		const eap_type_value_e /* tunneling_type */,
+		abs_eap_base_type_c * const partner,
+		eap_base_type_c ** const eap_type,
+		const bool is_client_when_true,
+		const eap_am_network_id_c * const receive_network_id);
+	// This is commented in abs_tls_base_application_c.
+	EAP_FUNC_IMPORT eap_status_e unload_module(const eap_type_value_e type);
+	// This is commented in abs_tls_base_application_c.
+	EAP_FUNC_IMPORT eap_status_e restart_authentication(
+		const eap_am_network_id_c * const receive_network_id,
+		const bool is_client_when_true,
+		const bool force_clean_restart,
+		const bool from_timer);
+	// This is commented in abs_tls_base_application_c.
+	EAP_FUNC_IMPORT eap_status_e packet_data_crypto_keys(
+		const eap_am_network_id_c * const send_network_id,
+		const eap_master_session_key_c * const master_session_key);
+	// This is commented in abs_tls_base_application_c.
+	EAP_FUNC_IMPORT eap_status_e check_is_valid_eap_type(const eap_type_value_e eap_type);
+	// This is commented in abs_tls_base_application_c::get_eap_type_list().
+	EAP_FUNC_IMPORT eap_status_e get_eap_type_list(
+		eap_array_c<eap_type_value_e> * const eap_type_list);
+	/**
+	 * This function sends starts EAP-TLS/PEAP after a start message is received.
+	 */
+	EAP_FUNC_IMPORT eap_status_e start_tls_peap_authentication(
+		const eap_variable_data_c * const received_authority_identity
+		);
+	/**
+	 * This function processes the received packet.
+	 * @param tls_packet includes the buffer of the whole reassembled TLS-packet.
+	 */
+	EAP_FUNC_IMPORT eap_status_e packet_process(
+		eap_variable_data_c * const tls_packet,
+		const u8_t received_eap_identifier);
+	/**
+	 * This function indicates the plain text EAP-Success or EAP-Failure packet is received.
+	 * @param receive_network_id includes the addresses (network identity) and packet type.
+	 * @param received_eap_identifier is the EAP-Identifier of the received EAP-Success packet.
+	 */
+	EAP_FUNC_IMPORT eap_status_e plain_eap_success_failure_packet_received(
+		const eap_am_network_id_c * const receive_network_id,
+		const eap_code_value_e received_eap_code,
+		const u8_t received_eap_identifier);
+	/**
+	 * This function indicates the empty Ack packet is received.
+	 * This is used in TTLS.
+	 * @param receive_network_id includes the addresses (network identity) and packet type.
+	 * @param received_eap_identifier is the EAP-Identifier of the received EAP-Success packet.
+	 */
+	EAP_FUNC_IMPORT eap_status_e empty_ack_packet_received(
+		const eap_am_network_id_c * const receive_network_id,
+		const u8_t received_eap_identifier);
+	/**
+	 * Object must indicate it's validity.
+	 * If object initialization fails this function must return false.
+	 * @return This function returns the validity of this object.
+	 */
+	EAP_FUNC_IMPORT bool get_is_valid();
+	/**
+	 * This function must reset the state of object to same as
+	 * state was after the configure() function call.
+	 * If object reset succeeds this function must return eap_status_ok.
+	 * If object reset fails this function must return corresponding error status.
+	 * @return This function returns the status of reset operation.
+	 */
+	EAP_FUNC_IMPORT eap_status_e reset();
+	/**
+	 * This function calculates the required key lengths. This function consults current cipher suite.
+	 */
+	EAP_FUNC_IMPORT u32_t get_key_expansion_size(
+		u32_t * const mac_key_length,
+		u32_t * const encryption_key_length,
+		u32_t * const iv_length,
+		u32_t * const session_key_seed_length,
+		u32_t * const mschapv2_challenges_length);
+	/**
+	 * This function generates the key material for the current cipher suite.
+	 */
+	EAP_FUNC_IMPORT eap_status_e generate_key_material();
+	EAP_FUNC_IMPORT eap_status_e set_tls_master_secret(
+		const eap_variable_data_c * const master_secret,
+		const eap_variable_data_c * const client_random,
+		const eap_variable_data_c * const server_random);
+	/**
+	 * This function changes the current cipher suite to negotiated cipher suite.
+	 * Parameter send_when_true tells whether the send cipher suite (true) or receive cipher suite (false)
+	 * is acquired to be changed.
+	 */
+	EAP_FUNC_IMPORT eap_status_e change_cipher_spec(const bool send_when_true);
+	// This is commented in tls_base_record_c::read_authority_identity().
+	EAP_FUNC_IMPORT eap_status_e read_authority_identity(eap_variable_data_c * const authority_identity_payload);
+	// This is commented in abs_tls_am_services_c::complete_query_cipher_suites_and_previous_session().
+	EAP_FUNC_IMPORT eap_status_e complete_query_cipher_suites_and_previous_session(
+		const tls_session_type_e session_type,
+		EAP_TEMPLATE_CONST eap_array_c<u16_t> * const cipher_suites,
+		EAP_TEMPLATE_CONST eap_array_c<u8_t> * const compression_methods,
+#if defined(USE_EAP_TLS_SESSION_TICKET)
+		EAP_TEMPLATE_CONST eap_array_c<tls_extension_c> * const tls_extensions,
+#endif // #if defined(USE_EAP_TLS_SESSION_TICKET)
+		const eap_variable_data_c * const resumed_session_id,
+		const eap_variable_data_c * const resumed_master_secret,
+		const tls_cipher_suites_e resumed_cipher_suite,
+		const eap_status_e completion_status);
+	// This is commented in abs_tls_am_services_c::complete_select_cipher_suite_and_check_session_id().
+	EAP_FUNC_IMPORT eap_status_e complete_select_cipher_suite_and_check_session_id(
+		const tls_session_type_e session_type,
+		const u16_t selected_cipher_suite,
+		const eap_variable_data_c * const session_id,
+		const eap_variable_data_c * const master_secret,
+#if defined(USE_EAP_TLS_SESSION_TICKET)
+		const tls_extension_c * const new_session_ticket_or_null,
+#endif //#if defined(USE_EAP_TLS_SESSION_TICKET)
+		const eap_status_e completion_status);
+#if defined(USE_EAP_TLS_SESSION_TICKET)
+	// This is commented in abs_tls_am_services_c::complete_query_new_session_ticket().
+	EAP_FUNC_IMPORT eap_status_e complete_query_new_session_ticket(
+		const tls_extension_c * const new_session_ticket_or_null);
+#endif //#if defined(USE_EAP_TLS_SESSION_TICKET)
+	// This is commented in abs_tls_am_services_c::complete_verify_certificate_chain().
+	EAP_FUNC_IMPORT eap_status_e complete_verify_certificate_chain(
+		const eap_status_e result);
+	// This is commented in abs_tls_am_services_c::complete_query_certificate_chain().
+	EAP_FUNC_IMPORT eap_status_e complete_query_certificate_chain(
+		EAP_TEMPLATE_CONST eap_array_c<eap_variable_data_c> * const certificate_chain,
+		const eap_status_e completion_status);
+	// This is commented in abs_tls_am_services_c::complete_query_certificate_authorities_and_types().
+	EAP_FUNC_IMPORT eap_status_e complete_query_certificate_authorities_and_types(
+		EAP_TEMPLATE_CONST eap_array_c<eap_variable_data_c> * const authorities,
+		EAP_TEMPLATE_CONST eap_array_c<u8_t> * const types,
+		const eap_status_e completion_status);
+	// This is commented in abs_tls_am_services_c::complete_query_dh_parameters().
+	EAP_FUNC_IMPORT eap_status_e complete_query_dh_parameters(
+		const eap_variable_data_c * const dhe_prime,
+		const eap_variable_data_c * const dhe_group_generator,
+		const eap_status_e completion_status);
+	// This is commented in abs_tls_am_services_c::complete_query_realm().
+	EAP_FUNC_IMPORT eap_status_e complete_query_realm(
+		const eap_variable_data_c * const realm,
+		const eap_status_e completion_status);
+	// This is commented in abs_tls_am_services_c::complete_rsa_encrypt_with_public_key().
+	EAP_FUNC_IMPORT eap_status_e complete_rsa_encrypt_with_public_key(
+		const eap_variable_data_c * const encrypted_premaster_secret,
+		const eap_status_e completion_status);
+	// This is commented in abs_tls_am_services_c::complete_rsa_decrypt_with_private_key().
+	EAP_FUNC_IMPORT eap_status_e complete_rsa_decrypt_with_private_key(
+		const eap_variable_data_c * const premaster_secret,
+		const eap_status_e completion_status);
+	// This is commented in abs_tls_am_services_c::complete_sign_with_private_key().
+	EAP_FUNC_IMPORT eap_status_e complete_sign_with_private_key(
+		const eap_variable_data_c * const message_hash,
+		const eap_status_e completion_status);
+	// This is commented in abs_tls_am_services_c::complete_verify_with_public_key().
+	EAP_FUNC_IMPORT eap_status_e complete_verify_with_public_key(
+		const eap_status_e verify_status);
+	// See abs_tls_base_application_c::get_eap_tls_master_session_key().
+	EAP_FUNC_IMPORT eap_status_e get_eap_tls_master_session_key(
+		eap_variable_data_c * const eap_tls_master_session_key,
+		eap_variable_data_c * const mschapv2_challenges
+		);
+	EAP_FUNC_IMPORT eap_status_e add_rogue_ap(eap_array_c<eap_rogue_ap_entry_c> & rogue_ap_list);
+	// This is documented in abs_tls_base_application_c::set_session_timeout().
+	EAP_FUNC_IMPORT eap_status_e set_session_timeout(
+		const u32_t session_timeout_ms);
+#if defined(USE_FAST_EAP_TYPE)
+	EAP_FUNC_IMPORT eap_status_e complete_query_tunnel_PAC(
+		const eap_status_e in_completion_status,
+		const eap_fast_pac_type_e in_pac_type,
+		const eap_fast_variable_data_c * const in_tunnel_PAC_key_tlv,
+		const eap_fast_variable_data_c * const in_tunnel_PAC_opaque_tlv);
+#endif //#if defined(USE_FAST_EAP_TYPE)
+	EAP_FUNC_IMPORT eap_status_e query_ttls_pap_username_and_password(
+		const eap_variable_data_c * const reply_message);
+	EAP_FUNC_IMPORT eap_status_e complete_query_ttls_pap_username_and_password(
+		const eap_variable_data_c * const ttls_pap_username,
+		const eap_variable_data_c * const ttls_pap_password,
+		const eap_status_e query_result);
+	EAP_FUNC_IMPORT eap_status_e verify_ttls_pap_username_and_password(
+		const eap_variable_data_c * const user_name,
+		const eap_variable_data_c * const user_password);
+	EAP_FUNC_IMPORT eap_status_e complete_verify_ttls_pap_username_and_password(
+		const eap_status_e authentication_result,
+		const eap_variable_data_c * const ttls_pap_reply_message);
+	//--------------------------------------------------
+}; // class tls_record_c
+#endif //#if !defined(_TLS_RECORD_H_)
+//--------------------------------------------------
+// End.

changeset 0	c8830336c852
child 2	1c7bc153c08e