|
1 /* |
|
2 * Copyright (c) 2001-2006 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of the License "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: EAP and WLAN authentication protocols. |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 |
|
20 |
|
21 #if !defined(_TLS_RECORD_H_) |
|
22 #define _TLS_RECORD_H_ |
|
23 |
|
24 |
|
25 #include "abs_tls_am_services.h" |
|
26 #include "tls_base_record.h" |
|
27 #include "eap_array_algorithms.h" |
|
28 #include "tls_message.h" |
|
29 #include "tls_peap_types.h" |
|
30 #include "abs_tls_message_hash.h" |
|
31 #include "tls_completion.h" |
|
32 #include "abs_tls_change_cipher_spec.h" |
|
33 #include "abs_tls_base_application.h" |
|
34 #include "tls_base_application.h" |
|
35 #include "eap_protocol_layer.h" |
|
36 #include "eap_am_network_id.h" |
|
37 #include "eap_automatic_variable.h" |
|
38 #include "eap_master_session_key.h" |
|
39 |
|
40 |
|
41 class abs_tls_base_record_c; |
|
42 class abs_eap_am_tools_c; |
|
43 class eap_am_network_id_c; |
|
44 class tls_record_header_c; |
|
45 class tls_am_services_c; |
|
46 class tls_handshake_header_c; |
|
47 class tls_record_message_c; |
|
48 class tls_handshake_message_c; |
|
49 class abs_crypto_cbc_block_algorithm_c; |
|
50 class abs_crypto_block_algorithm_c; |
|
51 class abs_crypto_stream_algorithm_c; |
|
52 |
|
53 #if defined(USE_FAST_EAP_TYPE) |
|
54 #if !defined(USE_EAP_TLS_SESSION_TICKET) |
|
55 #error ERROR: With USE_FAST_EAP_TYPE you must use USE_EAP_TLS_SESSION_TICKET flag too. |
|
56 #endif //#if !defined(USE_EAP_TLS_SESSION_TICKET) |
|
57 #endif //#if defined(USE_FAST_EAP_TYPE) |
|
58 |
|
59 //-------------------------------------------------------------------- |
|
60 |
|
61 /** |
|
62 * The tls_record_c class implements tls_base_record_c. |
|
63 * See more detailed design and architecture document <a href="../../type/tls_peap/documentation/EAP_TLS_PEAP.doc">EAP_TLS_PEAP.doc</a> |
|
64 * and <a href="../../type/tls_peap/documentation/rfc2246.txt">RFC 2246</a>. |
|
65 */ |
|
66 class EAP_EXPORT tls_record_c |
|
67 : public tls_base_record_c |
|
68 , public abs_tls_am_services_c |
|
69 , public abs_tls_message_hash_c |
|
70 , public abs_tls_change_cipher_spec_c |
|
71 , public abs_tls_apply_cipher_spec_c |
|
72 , public abs_tls_base_application_c |
|
73 { |
|
74 private: |
|
75 //-------------------------------------------------- |
|
76 |
|
77 /// This is pointer to the tools class. @see abs_eap_am_tools_c. |
|
78 abs_eap_am_tools_c * const m_am_tools; |
|
79 |
|
80 /// This is pointer to adaptation module of TLS. |
|
81 tls_am_services_c * m_am_tls_services; |
|
82 |
|
83 /// This flag tells whether the m_am_tls_services must be freed in destructor. |
|
84 const bool m_free_am_tls_services; |
|
85 |
|
86 /// This is pointer to application object. Mostly this is used in PEAP and the application is tls_application_eap_core_c object. |
|
87 tls_base_application_c * m_application; |
|
88 |
|
89 /// This flag tells whether the m_application must be freed in destructor. |
|
90 const bool m_free_application; |
|
91 |
|
92 |
|
93 |
|
94 /// This object includes pending asyncronous actions or it may be empty. |
|
95 /// The check_sent_tls_message() function call will check and complete pending actions. |
|
96 eap_array_c<tls_completion_c> m_completion_queue; |
|
97 |
|
98 |
|
99 |
|
100 /// This object includes received message in parsed tree. |
|
101 tls_message_c m_received_tls_message; |
|
102 |
|
103 /// This object includes the new created message in parsed tree. |
|
104 /// The send message will be generated from this. |
|
105 tls_message_c m_new_tls_message; |
|
106 |
|
107 |
|
108 |
|
109 /// This object includes MD5 HASH of received handshake messages. |
|
110 crypto_md5_c m_message_hash_md5; |
|
111 |
|
112 /// This object includes SHA1 HASH of received handshake messages. |
|
113 crypto_sha1_c m_message_hash_sha1; |
|
114 |
|
115 /// This object includes MD5 HASH for certificate verify message. |
|
116 eap_variable_data_c m_message_hash_md5_certificate_verify; |
|
117 |
|
118 /// This object includes SHA1 HASH for certificate verify message. |
|
119 eap_variable_data_c m_message_hash_sha1_certificate_verify; |
|
120 |
|
121 /// This object includes MD5 HASH of Finished message of client. |
|
122 eap_variable_data_c m_client_message_hash_md5_finished; |
|
123 |
|
124 /// This object includes SHA1 HASH of Finished message of client. |
|
125 eap_variable_data_c m_client_message_hash_sha1_finished; |
|
126 |
|
127 /// This object includes MD5 HASH of Finished message of server. |
|
128 eap_variable_data_c m_server_message_hash_md5_finished; |
|
129 |
|
130 /// This object includes SHA1 HASH of Finished message of server. |
|
131 eap_variable_data_c m_server_message_hash_sha1_finished; |
|
132 |
|
133 |
|
134 |
|
135 /// This object includes client random value for client handshake message. |
|
136 eap_variable_data_c m_client_handshake_random_value; |
|
137 |
|
138 /// This object includes server random value for server handshake message. |
|
139 eap_variable_data_c m_server_handshake_random_value; |
|
140 |
|
141 /// This object includes session ID. |
|
142 eap_variable_data_c m_session_id; |
|
143 |
|
144 /// This object includes master secret. |
|
145 eap_variable_data_c m_master_secret; |
|
146 |
|
147 /// This object includes EAP-TLS master session key. |
|
148 eap_master_session_key_c m_eap_master_session_key; |
|
149 |
|
150 |
|
151 |
|
152 /// This object includes shared secret key for MAC of send packets. |
|
153 eap_variable_data_c m_new_send_mac_key; |
|
154 |
|
155 /// This object includes shared secret key for MAC of received packets. |
|
156 eap_variable_data_c m_new_receive_mac_key; |
|
157 |
|
158 /// This object includes shared secret key for encryption of send packets. |
|
159 eap_variable_data_c m_new_send_encryption_key; |
|
160 |
|
161 /// This object includes shared secret key for decryption of received packets. |
|
162 eap_variable_data_c m_new_receive_encryption_key; |
|
163 |
|
164 /// This object includes initialization vector for block encryption of send packets. |
|
165 eap_variable_data_c m_new_send_iv; |
|
166 |
|
167 /// This object includes initialization vector for decryption of received packets. |
|
168 eap_variable_data_c m_new_receive_iv; |
|
169 |
|
170 |
|
171 |
|
172 /// This object includes shared secret key for MAC of send packets. |
|
173 eap_variable_data_c m_send_mac_key; |
|
174 |
|
175 /// This object includes shared secret key for MAC of received packets. |
|
176 eap_variable_data_c m_receive_mac_key; |
|
177 |
|
178 /// This object includes shared secret key for encryption of send packets. |
|
179 eap_variable_data_c m_send_encryption_key; |
|
180 |
|
181 /// This object includes shared secret key for decryption of received packets. |
|
182 eap_variable_data_c m_receive_encryption_key; |
|
183 |
|
184 /// This object includes initialization vector for block encryption of send packets. |
|
185 eap_variable_data_c m_send_iv; |
|
186 |
|
187 /// This object includes initialization vector for decryption of received packets. |
|
188 eap_variable_data_c m_receive_iv; |
|
189 |
|
190 |
|
191 |
|
192 /// This object includes session key seed for EAP-FAST. |
|
193 eap_variable_data_c m_session_key_seed; |
|
194 |
|
195 /// This object includes MsChapv2 challenges for EAP-FAST. |
|
196 eap_variable_data_c m_mschapv2_challenges; |
|
197 |
|
198 |
|
199 /// This object includes Diffie-Hellman private key of this TLS end point. |
|
200 eap_variable_data_c m_own_private_dhe_key; |
|
201 |
|
202 /// This object includes Diffie-Hellman public key of this TLS end point. |
|
203 eap_variable_data_c m_own_public_dhe_key; |
|
204 |
|
205 /// This object includes Diffie-Hellman public key of other TLS end point. |
|
206 eap_variable_data_c m_peer_public_dhe_key; |
|
207 |
|
208 /// This object includes Diffie-Hellman shared key of the TLS session. |
|
209 eap_variable_data_c m_shared_dh_key; |
|
210 |
|
211 /// This object includes Diffie-Hellman prime of the TLS session. |
|
212 eap_variable_data_c m_dhe_prime; |
|
213 |
|
214 /// This object includes Diffie-Hellman group generator of the TLS session. |
|
215 eap_variable_data_c m_dhe_group_generator; |
|
216 |
|
217 |
|
218 /// This object includes signed HASH. This is needed to store asyncronously completed signature creation. |
|
219 eap_variable_data_c m_signed_message_hash; |
|
220 |
|
221 /// This object includes the premaster secret. |
|
222 /// In RSA cipher suite client generates this and and encrypts with server public key. |
|
223 /// Server decrypts this within the client key exchange message and decrypts this with private key. |
|
224 /// In DHE cipher suite this is the shared Diffie-Hellman secret. |
|
225 eap_variable_data_c m_premaster_secret; |
|
226 |
|
227 /// This object includes encrypted premaster secret of this TLS end point. |
|
228 /// This is needed to store asyncronously completed result of encryption. |
|
229 eap_variable_data_c m_own_encrypted_premaster_secret; |
|
230 |
|
231 #if defined(USE_FAST_EAP_TYPE) |
|
232 /// This object includes PAC-Key of EAP-FAST. |
|
233 /// PAC-Key is stored here before master secret can be generated. |
|
234 eap_variable_data_c m_eap_fast_pac_key; |
|
235 #endif //#if defined(USE_FAST_EAP_TYPE) |
|
236 |
|
237 /// This object includes the proposed cipher suites. |
|
238 /// Objects are in host network order. |
|
239 /// Client creates this list and server receives the list in client hello handshake message. |
|
240 eap_array_c<u16_t> m_proposed_cipher_suites; |
|
241 |
|
242 /// This object includes the proposed compression methods. |
|
243 /// Client creates this list and server receives the list in client hello handshake message. |
|
244 eap_array_c<u8_t> m_proposed_compression_methods; |
|
245 |
|
246 #if defined(USE_EAP_TLS_SESSION_TICKET) |
|
247 /// All supported TLS extensions. |
|
248 eap_array_c<tls_extension_c> m_supported_tls_extensions; |
|
249 |
|
250 /// All received TLS extensions. |
|
251 eap_array_c<tls_extension_c> m_received_tls_extensions; |
|
252 #endif // #if defined(USE_EAP_TLS_SESSION_TICKET) |
|
253 |
|
254 |
|
255 /// This is the realm part of the NAI of the client. |
|
256 eap_variable_data_c m_NAI_realm; |
|
257 |
|
258 /// This is network identity of the sent packet from this authentication session. |
|
259 eap_am_network_id_c m_send_network_id; |
|
260 |
|
261 /// This object includes certificate chain of this TLS end point. |
|
262 /// This is needed to store asyncronously completed result of certificate chain qyery. |
|
263 eap_array_c<eap_variable_data_c> m_own_certificate_chain; |
|
264 |
|
265 /// This object includes certificate types required by this TLS end point. |
|
266 /// This is needed to store asyncronously completed result of certificate type qyery. |
|
267 eap_array_c<u8_t> m_own_certificate_types; |
|
268 |
|
269 /// This object includes certificate authorities required by this TLS end point. |
|
270 /// This is needed to store asyncronously completed result of certificate authorities qyery. |
|
271 eap_array_c<eap_variable_data_c> m_own_certificate_authorities; |
|
272 |
|
273 /// This object includes certificate chain of the other TLS end point. |
|
274 eap_array_c<eap_variable_data_c> m_peer_certificate_chain; |
|
275 |
|
276 /// This variable includes validity result of certificate chain of the other TLS end point. |
|
277 eap_status_e m_peer_certificate_chain_result; |
|
278 |
|
279 /// This variable includes validity result of signature verification of the received message that includes signature. |
|
280 eap_status_e m_verify_signature; |
|
281 |
|
282 /// This object includes certificate types of the other TLS end point. |
|
283 eap_array_c<u8_t> m_peer_certificate_types; |
|
284 |
|
285 /// This object includes certificate authorities of the other TLS end point. |
|
286 eap_array_c<eap_variable_data_c> m_peer_certificate_authorities; |
|
287 |
|
288 |
|
289 |
|
290 /// This is the resumed cipher suite from previous TLS session. |
|
291 tls_cipher_suites_e m_resumed_cipher_suite; |
|
292 |
|
293 /// This is the selected cipher suite for this TLS session. |
|
294 tls_cipher_suites_e m_selected_cipher_suite; |
|
295 |
|
296 /// This is the selected compression method for this TLS session. |
|
297 /// NOTE this is always null compression. |
|
298 tls_compression_method_e m_selected_compression_method; |
|
299 |
|
300 /// This is the active cipher suite of received packets for this TLS session. |
|
301 tls_cipher_suites_e m_receive_cipher_suite; |
|
302 |
|
303 /// This is the active compression method of received packets for this TLS session. |
|
304 /// NOTE this is always null compression. |
|
305 tls_compression_method_e m_receive_compression_method; |
|
306 |
|
307 /// This is the active cipher suite of send packets for this TLS session. |
|
308 tls_cipher_suites_e m_send_cipher_suite; |
|
309 |
|
310 /// This is the active compression method of send packets for this TLS session. |
|
311 /// NOTE this is always null compression. |
|
312 tls_compression_method_e m_send_compression_method; |
|
313 |
|
314 |
|
315 |
|
316 /// This is pointer to CBC block cipher algorithm of send packets when cipher suite uses block cipher. |
|
317 abs_crypto_cbc_block_algorithm_c *m_send_block_cipher; |
|
318 |
|
319 /// This is pointer to CBC block cipher algorithm of received packets when cipher suite uses block cipher. |
|
320 abs_crypto_cbc_block_algorithm_c *m_receive_block_cipher; |
|
321 |
|
322 /// This is pointer to stream cipher algorithm of send packets when cipher suite uses block cipher. |
|
323 abs_crypto_stream_algorithm_c *m_send_stream_cipher; |
|
324 |
|
325 /// This is pointer to stream cipher algorithm of received packets when cipher suite uses block cipher. |
|
326 abs_crypto_stream_algorithm_c *m_receive_stream_cipher; |
|
327 |
|
328 |
|
329 |
|
330 /// This is pointer to HMAC algorithm of send packets. |
|
331 abs_crypto_hmac_algorithm_c *m_send_hmac_algorithm; |
|
332 |
|
333 /// This is pointer to HMAC algorithm of received packets. |
|
334 abs_crypto_hmac_algorithm_c *m_receive_hmac_algorithm; |
|
335 |
|
336 |
|
337 |
|
338 /// This is the counter of send TLS-records. See chapters "6.2.3. Record payload protection" |
|
339 /// and "6.1. Connection states" from <a href="../../type/tls_peap/documentation/rfc2246.txt">RFC 2246</a>. |
|
340 /// Sequence number is initialized to zero and incrmented after each record is processed. |
|
341 u64_t m_send_record_sequence_number; |
|
342 |
|
343 /// This is the counter of received TLS-records. See chapters "6.2.3. Record payload protection" |
|
344 /// and "6.1. Connection states" from <a href="../../type/tls_peap/documentation/rfc2246.txt">RFC 2246</a>. |
|
345 /// Sequence number is initialized to zero and incrmented after each record is processed. |
|
346 u64_t m_receive_record_sequence_number; |
|
347 |
|
348 |
|
349 |
|
350 /// This variable stored the internal state of TLS-session. See tls_peap_state_e. |
|
351 tls_peap_state_e m_tls_peap_state; |
|
352 |
|
353 /// This flag tells which TLS session type is selected, |
|
354 /// full authentication, original session resumption or stateless session resumption (RFC 4507). |
|
355 tls_session_type_e m_tls_session_type; |
|
356 |
|
357 |
|
358 /// This is the EAP-type (TLS, PEAP or TTLS). |
|
359 eap_type_value_e m_eap_type; |
|
360 |
|
361 /// This separates different PEAP versions (PEAPv2, PEAPv1 or XP PEAPv0). |
|
362 peap_version_e m_peap_version; |
|
363 |
|
364 /// This variable stores the state of tunneled EAP-authentication. |
|
365 eap_state_variable_e m_tunneled_eap_type_authentication_state; |
|
366 |
|
367 /// This variable saves the EAP-identifier of the last received EAP-message. |
|
368 u8_t m_received_eap_identifier; |
|
369 |
|
370 /// This indicates whether this object was generated successfully. |
|
371 bool m_is_valid; |
|
372 |
|
373 /// This indicates whether this object is client (true) or server (false). |
|
374 const bool m_is_client; |
|
375 |
|
376 /// This flag tells whether messages could be send in the check_sent_tls_message() function. |
|
377 bool m_allow_message_send; |
|
378 |
|
379 /// This flag prevents recursive calls of the completion_action_check() function. |
|
380 bool m_already_in_completion_action_check; |
|
381 |
|
382 /// This flag prevents recursive calls of the process_tls_records() function. |
|
383 bool m_already_in_process_tls_records; |
|
384 |
|
385 |
|
386 |
|
387 /// This flag tells whether this function call is pending (true value). |
|
388 /// After this function call is completed with appropriate completion function flag is set to false value. |
|
389 bool m_pending_query_certificate_authorities_and_types; |
|
390 |
|
391 /// This flag tells whether this function call is pending (true value). |
|
392 /// After this function call is completed with appropriate completion function flag is set to false value. |
|
393 bool m_pending_query_certificate_chain; |
|
394 |
|
395 /// This flag tells whether this function call is pending (true value). |
|
396 /// After this function call is completed with appropriate completion function flag is set to false value. |
|
397 bool m_pending_query_cipher_suites_and_previous_session; |
|
398 |
|
399 /// This flag tells whether this function call is pending (true value). |
|
400 /// After this function call is completed with appropriate completion function flag is set to false value. |
|
401 bool m_pending_query_dh_parameters; |
|
402 |
|
403 /// This flag tells whether this function call is pending (true value). |
|
404 /// After this function call is completed with appropriate completion function flag is set to false value. |
|
405 bool m_pending_query_realm; |
|
406 |
|
407 /// This flag tells whether this function call is pending (true value). |
|
408 /// After this function call is completed with appropriate completion function flag is set to false value. |
|
409 bool m_pending_select_cipher_suite_and_check_session_id; |
|
410 |
|
411 /// This flag tells whether this function call is pending (true value). |
|
412 /// After this function call is completed with appropriate completion function flag is set to false value. |
|
413 bool m_pending_verify_certificate_chain; |
|
414 |
|
415 /// This flag tells whether this function call is pending (true value). |
|
416 /// After this function call is completed with appropriate completion function flag is set to false value. |
|
417 bool m_pending_rsa_decrypt_with_private_key; |
|
418 |
|
419 /// This flag tells whether this function call is pending (true value). |
|
420 /// After this function call is completed with appropriate completion function flag is set to false value. |
|
421 bool m_pending_rsa_encrypt_with_public_key; |
|
422 |
|
423 /// This flag tells whether this function call is pending (true value). |
|
424 /// After this function call is completed with appropriate completion function flag is set to false value. |
|
425 bool m_pending_sign_with_private_key; |
|
426 |
|
427 /// This flag tells whether this function call is pending (true value). |
|
428 /// After this function call is completed with appropriate completion function flag is set to false value. |
|
429 bool m_pending_verify_with_public_key; |
|
430 |
|
431 /// This flag tells whether this function call is pending (true value). |
|
432 /// After this function call is completed with appropriate completion function flag is set to false value. |
|
433 bool m_pending_query_tunnel_PAC; |
|
434 |
|
435 |
|
436 /// This flag tells whether this instance is test version (true) or real version (false). |
|
437 /// Test version allows many subsequent TLS-sessions. |
|
438 bool m_tls_peap_test_version; |
|
439 |
|
440 /// The flag prevents multiple call of generate_key_material() function. |
|
441 bool m_key_material_generated; |
|
442 |
|
443 /// This flag tells whether the server authenticates client (true) or not (false). |
|
444 /// NOTE: Server and client read this value from it's configuration. |
|
445 /// Server acts as this flag says. |
|
446 /// Client does allow only client and server mutual authentication when this flag is true. |
|
447 /// Client does allow server authentication too when this flag is false. |
|
448 bool m_tls_peap_server_authenticates_client_policy_flag; |
|
449 |
|
450 /// Server reads this from configure. |
|
451 /// Server initiates mutual authentication when value is true. |
|
452 /// Server initiates server authentication when value is false. |
|
453 bool m_tls_peap_server_authenticates_client_config_server; |
|
454 |
|
455 /// Client and server set this flag to indicate the current function. |
|
456 /// Action is mutual authentication when value is true. |
|
457 /// Action is server authentication when value is false. |
|
458 bool m_tls_peap_server_authenticates_client_action; |
|
459 |
|
460 /// Client uses this flag to remember the the certificate request message. |
|
461 bool m_tls_peap_server_requested_client_certificate; |
|
462 |
|
463 /// This flag tells whether we could send fatal TLS-alert message (true) or not (false). |
|
464 /// This is set false after we receive one TLS-alert message. |
|
465 bool m_could_send_fatal_alert_message; |
|
466 |
|
467 /// This flag tells whether we could send warning TLS-alert message (true) or not (false). |
|
468 /// This is set false after we receive one TLS-alert message. |
|
469 bool m_could_send_warning_alert_message; |
|
470 |
|
471 /// This flag tells whether the check_sent_tls_message() must send TLS-alert message (true) or not (false). |
|
472 /// This flag is set after the TLS-alert message is generated. This flag forses send of the TLS-alert message. |
|
473 bool m_force_tls_message_send; |
|
474 |
|
475 /// This flag tells whether the shutdown() function was called (true) or not (false). |
|
476 bool m_shutdown_was_called; |
|
477 |
|
478 /// This flag tells whether TLS-messages should be set to separate TLS-records (true) or TLS-message should |
|
479 /// be packed to same TLS-record if it is possible (false). |
|
480 bool m_use_separate_tls_record; |
|
481 |
|
482 /// This flag tells whether extra padding of block cipher should be used. |
|
483 bool m_use_extra_padding_length; |
|
484 |
|
485 /// NOTE this is against the RFC 2246 The TLS Protocol Version 1.0. |
|
486 /// Look at chapter 7.4.4. Certificate request. |
|
487 bool m_client_allows_empty_certificate_authorities_list; |
|
488 |
|
489 /// NOTE this is against the RFC 2246 The TLS Protocol Version 1.0. |
|
490 /// Look at chapter 7.4.4. Certificate request. |
|
491 bool m_server_sends_empty_certificate_authorities_list; |
|
492 |
|
493 /// This configurable option selects whether the special TLS/PEAP style |
|
494 /// is used, the length field is added to all message fragments |
|
495 /// even the message fits to one fragment except EAP-TLS-start, EAP-TLS-Acknowledge and |
|
496 /// PEAP-application data. The client acknowledges tunneled EAP-Success message |
|
497 /// with empty PEAP message. |
|
498 bool m_use_tppd_tls_peap; |
|
499 |
|
500 /// On fast session resume server does not send tunneled EAP-Success. |
|
501 /// Instead it sends plain EAP-Success. |
|
502 /// True value of this flag allows this plain EAP-Success. |
|
503 bool m_use_tppd_peapv1_acknowledge_hack; |
|
504 |
|
505 /// This configuration flag tells the server will offer new session ID to client. |
|
506 bool m_server_offers_new_session_id; |
|
507 |
|
508 /// Client will receive a new session ticket in NewSessionTicket message. |
|
509 bool m_will_receive_new_session_ticket; |
|
510 |
|
511 /// True value means EAP-FAST server sends piggypacked EAP-Identity/Request. |
|
512 /// False value means EAP-FAST server does not send piggypacked EAP-Identity/Request, instead it waits empty Ack-message from client. |
|
513 bool m_send_piggypacked_eap_identity_request; |
|
514 |
|
515 #if defined(USE_EAP_TLS_IDENTITY_PRIVACY) |
|
516 /// Flag causes TLS client to use privacy. |
|
517 bool m_tls_use_identity_privacy; |
|
518 |
|
519 /// Variable tells state of TLS identity privacy handshake. |
|
520 tls_identity_privacy_handshake_state_e m_tls_identity_privacy_handshake_state; |
|
521 #endif //#if defined(USE_EAP_TLS_IDENTITY_PRIVACY) |
|
522 |
|
523 #if defined(USE_FAST_EAP_TYPE) |
|
524 /// This flag allows use of dynamic provisioning of PAC in Server-Unauthenticated Mode. |
|
525 /// This is called also Authenticated Diffie-Hellman Protocol (ADHP). |
|
526 bool m_eap_fast_allow_server_unauthenticated_provisioning_mode_ADHP; |
|
527 |
|
528 /// This flag allows use of dynamic provisioning of PAC in Server-Authenticated Mode. |
|
529 bool m_fast_allow_server_authenticated_provisioning_mode; |
|
530 |
|
531 bool m_remove_tunnel_pac; |
|
532 #endif //#if defined(USE_FAST_EAP_TYPE) |
|
533 |
|
534 //-------------------------------------------------- |
|
535 |
|
536 /** |
|
537 * The set_is_valid() function sets the state of the object valid. |
|
538 * The creator of this object calls this function after it is initialized. |
|
539 */ |
|
540 EAP_FUNC_IMPORT void set_is_valid(); |
|
541 |
|
542 EAP_FUNC_IMPORT eap_status_e allocate_handshake_message( |
|
543 tls_handshake_message_c ** const tls_handshake_message, |
|
544 eap_automatic_variable_c<tls_handshake_message_c> * const automatic_tls_handshake_message, |
|
545 const tls_handshake_type_e handshake_type); |
|
546 |
|
547 EAP_FUNC_IMPORT eap_status_e allocate_handshake_message_copy( |
|
548 tls_handshake_message_c ** const tls_handshake_message, |
|
549 eap_automatic_variable_c<tls_handshake_message_c> * const automatic_tls_handshake_message, |
|
550 tls_handshake_header_c * const tls_handshake_header); |
|
551 |
|
552 /** |
|
553 * This function creates TLS Handshake/HelloRequest message. |
|
554 */ |
|
555 EAP_FUNC_IMPORT eap_status_e create_handshake_type_hello_request(); |
|
556 |
|
557 /** |
|
558 * This function creates TLS Handshake/ClientHello message. |
|
559 */ |
|
560 EAP_FUNC_IMPORT eap_status_e create_handshake_type_client_hello(); |
|
561 |
|
562 /** |
|
563 * This function creates TLS Handshake/ServerHello message. |
|
564 */ |
|
565 EAP_FUNC_IMPORT eap_status_e create_handshake_type_server_hello( |
|
566 const u16_t selected_cipher_suite, |
|
567 const u8_t selected_compression_method); |
|
568 |
|
569 /** |
|
570 * This function creates TLS Handshake/Certificate message. |
|
571 */ |
|
572 EAP_FUNC_IMPORT eap_status_e create_handshake_type_certificate( |
|
573 EAP_TEMPLATE_CONST eap_array_c<eap_variable_data_c> * const certificate_chain); |
|
574 |
|
575 /** |
|
576 * This function creates TLS Handshake/CertificateRequest message. |
|
577 */ |
|
578 EAP_FUNC_IMPORT eap_status_e create_handshake_type_certificate_request( |
|
579 EAP_TEMPLATE_CONST eap_array_c<u8_t> * const certificate_types, |
|
580 EAP_TEMPLATE_CONST eap_array_c<eap_variable_data_c> * const certificate_authorities); |
|
581 |
|
582 /** |
|
583 * This function creates TLS Handshake/ServerHelloDone message. |
|
584 */ |
|
585 EAP_FUNC_IMPORT eap_status_e create_handshake_type_server_hello_done(); |
|
586 |
|
587 /** |
|
588 * This function completes creation of TLS Handshake/ServerKeyExchange message. |
|
589 */ |
|
590 EAP_FUNC_IMPORT eap_status_e complete_create_handshake_type_server_key_exchange(); |
|
591 |
|
592 /** |
|
593 * This function creates TLS Handshake/ServerKeyExchange message. |
|
594 * NOTE: this function is asyncronous. complete_create_handshake_type_server_key_exchange() |
|
595 * completes this operation. |
|
596 */ |
|
597 EAP_FUNC_IMPORT eap_status_e create_handshake_type_server_key_exchange(); |
|
598 |
|
599 /** |
|
600 * This function completes creation of TLS Handshake/ClientKeyExchange message. |
|
601 */ |
|
602 EAP_FUNC_IMPORT eap_status_e complete_create_handshake_type_client_key_exchange(); |
|
603 |
|
604 /** |
|
605 * This function creates TLS Handshake/ClientKeyExchange message. |
|
606 * NOTE: this function is asyncronous. complete_create_handshake_type_client_key_exchange() |
|
607 * completes this operation. |
|
608 */ |
|
609 EAP_FUNC_IMPORT eap_status_e create_handshake_type_client_key_exchange(); |
|
610 |
|
611 /** |
|
612 * This function completes creation of TLS Handshake/CertificateVerify message. |
|
613 */ |
|
614 EAP_FUNC_IMPORT eap_status_e complete_create_handshake_type_certificate_verify(); |
|
615 |
|
616 /** |
|
617 * This function creates TLS Handshake/CertificateVerify message. |
|
618 * NOTE: this function is asyncronous. |
|
619 */ |
|
620 EAP_FUNC_IMPORT eap_status_e create_handshake_type_certificate_verify(); |
|
621 |
|
622 /** |
|
623 * This function creates TLS Handshake/Finished message. |
|
624 */ |
|
625 EAP_FUNC_IMPORT eap_status_e create_handshake_type_finished(); |
|
626 |
|
627 /** |
|
628 * This function creates TLS Handshake/NewSessionTicket message. |
|
629 */ |
|
630 EAP_FUNC_IMPORT eap_status_e create_handshake_type_new_session_ticket(); |
|
631 |
|
632 /** |
|
633 * This function creates TLS ChangeCipherSpec/ChangeCipherSpec message. |
|
634 */ |
|
635 EAP_FUNC_IMPORT eap_status_e create_change_cipher_spec_type_change_cipher_spec(); |
|
636 |
|
637 /** |
|
638 * This function finish TLS handshake. |
|
639 */ |
|
640 EAP_FUNC_IMPORT eap_status_e finish_handshake(); |
|
641 |
|
642 /** |
|
643 * This function creates TLS Alert/Alert message. |
|
644 */ |
|
645 EAP_FUNC_IMPORT eap_status_e create_tls_protocol_alert( |
|
646 const tls_alert_description_e alert_description, |
|
647 const tls_alert_level_e alert_level, |
|
648 const eap_status_e result); |
|
649 |
|
650 /** |
|
651 * This function creates TLS ApplicationData message. |
|
652 */ |
|
653 EAP_FUNC_IMPORT eap_status_e create_tls_application_data( |
|
654 eap_buf_chain_wr_c * const sent_packet, |
|
655 const u32_t header_offset); |
|
656 |
|
657 /** |
|
658 * This function starts tunneled authentication. |
|
659 */ |
|
660 EAP_FUNC_IMPORT eap_status_e start_peap_tunneled_authentication( |
|
661 const eap_am_network_id_c * const receive_network_id, |
|
662 const u8_t received_eap_identifier, |
|
663 const tls_session_type_e tls_session_type); |
|
664 |
|
665 /** |
|
666 * This function parses TLS extension list, see RFC 4366. |
|
667 */ |
|
668 EAP_FUNC_IMPORT eap_status_e parse_tls_extension_list( |
|
669 const u32_t handshake_data_length, |
|
670 u32_t * const data_offset, |
|
671 const tls_handshake_header_c * const tls_handshake_header, |
|
672 tls_handshake_message_c * const tls_handshake_message); |
|
673 |
|
674 /** |
|
675 * This function parses TLS Handshake/HelloRequest message. |
|
676 */ |
|
677 EAP_FUNC_IMPORT eap_status_e parse_handshake_type_hello_request( |
|
678 tls_record_message_c * const received_tls_record_message, |
|
679 tls_handshake_header_c * const tls_handshake_header, |
|
680 const u32_t handshake_data_length); |
|
681 |
|
682 |
|
683 /** |
|
684 * This function parses TLS Handshake/ClientHello message. |
|
685 */ |
|
686 EAP_FUNC_IMPORT eap_status_e parse_handshake_type_client_hello( |
|
687 tls_record_message_c * const received_tls_record_message, |
|
688 tls_handshake_header_c * const tls_handshake_header, |
|
689 const u32_t handshake_data_length); |
|
690 |
|
691 /** |
|
692 * This function parses TLS Handshake/ServerHello message. |
|
693 */ |
|
694 EAP_FUNC_IMPORT eap_status_e parse_handshake_type_server_hello( |
|
695 tls_record_message_c * const received_tls_record_message, |
|
696 tls_handshake_header_c * const tls_handshake_header, |
|
697 const u32_t handshake_data_length); |
|
698 |
|
699 /** |
|
700 * This function parses TLS Handshake/Certificate message. |
|
701 */ |
|
702 EAP_FUNC_IMPORT eap_status_e parse_handshake_type_certificate( |
|
703 tls_record_message_c * const received_tls_record_message, |
|
704 tls_handshake_header_c * const tls_handshake_header, |
|
705 const u32_t handshake_data_length); |
|
706 |
|
707 /** |
|
708 * This function parses TLS Handshake/CertificateRequest message. |
|
709 */ |
|
710 EAP_FUNC_IMPORT eap_status_e parse_handshake_type_certificate_request( |
|
711 tls_record_message_c * const received_tls_record_message, |
|
712 tls_handshake_header_c * const tls_handshake_header, |
|
713 const u32_t handshake_data_length); |
|
714 |
|
715 /** |
|
716 * This function parses TLS Handshake/ServerHelloDone message. |
|
717 */ |
|
718 EAP_FUNC_IMPORT eap_status_e parse_handshake_type_server_hello_done( |
|
719 tls_record_message_c * const received_tls_record_message, |
|
720 tls_handshake_header_c * const tls_handshake_header, |
|
721 const u32_t handshake_data_length); |
|
722 |
|
723 /** |
|
724 * This function parses TLS Handshake/ServerKeyExchange message. |
|
725 */ |
|
726 EAP_FUNC_IMPORT eap_status_e parse_handshake_type_server_key_exchange( |
|
727 tls_record_message_c * const received_tls_record_message, |
|
728 tls_handshake_header_c * const tls_handshake_header, |
|
729 const u32_t handshake_data_length); |
|
730 |
|
731 /** |
|
732 * This function parses TLS Handshake/ClientKeyExchange message. |
|
733 */ |
|
734 EAP_FUNC_IMPORT eap_status_e parse_handshake_type_client_key_exchange( |
|
735 tls_record_message_c * const received_tls_record_message, |
|
736 tls_handshake_header_c * const tls_handshake_header, |
|
737 const u32_t handshake_data_length); |
|
738 |
|
739 /** |
|
740 * This function parses TLS Handshake/CertificateVerify message. |
|
741 */ |
|
742 EAP_FUNC_IMPORT eap_status_e parse_handshake_type_certificate_verify( |
|
743 tls_record_message_c * const received_tls_record_message, |
|
744 tls_handshake_header_c * const tls_handshake_header, |
|
745 const u32_t handshake_data_length); |
|
746 |
|
747 /** |
|
748 * This function parses TLS Handshake/Finished message. |
|
749 */ |
|
750 EAP_FUNC_IMPORT eap_status_e parse_handshake_type_finished( |
|
751 tls_record_message_c * const received_tls_record_message, |
|
752 tls_handshake_header_c * const tls_handshake_header, |
|
753 const u32_t handshake_data_length); |
|
754 |
|
755 |
|
756 #if defined(USE_EAP_TLS_SESSION_TICKET) |
|
757 |
|
758 /** |
|
759 * This function parses TLS Handshake/NewSessionTicket message. |
|
760 */ |
|
761 EAP_FUNC_IMPORT eap_status_e parse_handshake_type_new_session_ticket( |
|
762 tls_record_message_c * const received_tls_record_message, |
|
763 tls_handshake_header_c * const tls_handshake_header, |
|
764 const u32_t handshake_data_length); |
|
765 |
|
766 #endif // #if defined(USE_EAP_TLS_SESSION_TICKET) |
|
767 |
|
768 |
|
769 /** |
|
770 * This function parses TLS ChangeCipherSpec protocol. |
|
771 */ |
|
772 EAP_FUNC_IMPORT eap_status_e parse_tls_protocol_change_cipher_spec( |
|
773 tls_record_message_c * const tls_record_message, |
|
774 eap_variable_data_c * const tls_protocols_messages_buffer); |
|
775 |
|
776 /** |
|
777 * This function parses TLS Alert protocol. |
|
778 */ |
|
779 EAP_FUNC_IMPORT eap_status_e parse_tls_protocol_alert( |
|
780 tls_record_message_c * const tls_record_message, |
|
781 eap_variable_data_c * const tls_protocols_messages_buffer); |
|
782 |
|
783 /** |
|
784 * This function parses TLS Handshake protocol. |
|
785 */ |
|
786 EAP_FUNC_IMPORT eap_status_e parse_tls_protocol_handshake( |
|
787 tls_record_message_c * const tls_record_message, |
|
788 eap_variable_data_c * const tls_protocols_messages_buffer); |
|
789 |
|
790 /** |
|
791 * This function parses TLS ApplicationData protocol. |
|
792 */ |
|
793 EAP_FUNC_IMPORT eap_status_e parse_tls_protocol_application_data( |
|
794 tls_record_message_c * const tls_record_message, |
|
795 eap_variable_data_c * const tls_protocols_messages_buffer); |
|
796 |
|
797 /** |
|
798 * This function reassembles data of received consecutive TLS-records with same protocol to tls_record_message. |
|
799 */ |
|
800 EAP_FUNC_IMPORT eap_status_e reassemble_tls_records( |
|
801 tls_record_message_c * const tls_record_message, |
|
802 tls_record_header_c * const next_tls_record_header); |
|
803 |
|
804 /** |
|
805 * This function processes received TLS records. |
|
806 */ |
|
807 EAP_FUNC_IMPORT eap_status_e process_tls_records(); |
|
808 |
|
809 /** |
|
810 * This function processes received TLS message. |
|
811 */ |
|
812 EAP_FUNC_IMPORT eap_status_e process_tls_message(); |
|
813 |
|
814 EAP_FUNC_IMPORT tls_record_protocol_e get_next_tls_record_message_protocol(); |
|
815 |
|
816 EAP_FUNC_IMPORT tls_handshake_type_e get_next_tls_handshake_message_type(); |
|
817 |
|
818 /** |
|
819 * This function analyses TLS Handshake/HelloRequest message. |
|
820 */ |
|
821 EAP_FUNC_IMPORT eap_status_e analyse_handshake_type_hello_request( |
|
822 EAP_TEMPLATE_CONST tls_handshake_message_c * const handshake_message); |
|
823 |
|
824 /** |
|
825 * This function analyses TLS Handshake/ClientHello message. |
|
826 */ |
|
827 EAP_FUNC_IMPORT eap_status_e analyse_handshake_type_client_hello( |
|
828 EAP_TEMPLATE_CONST tls_handshake_message_c * const handshake_message); |
|
829 |
|
830 /** |
|
831 * This function analyses TLS Handshake/ServerHello message. |
|
832 */ |
|
833 EAP_FUNC_IMPORT eap_status_e analyse_handshake_type_server_hello( |
|
834 EAP_TEMPLATE_CONST tls_handshake_message_c * const handshake_message); |
|
835 |
|
836 /** |
|
837 * This function analyses TLS Handshake/Certificate message. |
|
838 */ |
|
839 EAP_FUNC_IMPORT eap_status_e analyse_handshake_type_certificate( |
|
840 EAP_TEMPLATE_CONST tls_handshake_message_c * const handshake_message); |
|
841 |
|
842 /** |
|
843 * This function analyses TLS Handshake/CertificateRequest message. |
|
844 */ |
|
845 EAP_FUNC_IMPORT eap_status_e analyse_handshake_type_certificate_request( |
|
846 EAP_TEMPLATE_CONST tls_handshake_message_c * const handshake_message); |
|
847 |
|
848 /** |
|
849 * This function analyses TLS Handshake/ServerHelloDone message. |
|
850 */ |
|
851 EAP_FUNC_IMPORT eap_status_e analyse_handshake_type_server_hello_done( |
|
852 EAP_TEMPLATE_CONST tls_handshake_message_c * const handshake_message); |
|
853 |
|
854 /** |
|
855 * This function analyses TLS Handshake/ServerKeyExchange message. |
|
856 */ |
|
857 EAP_FUNC_IMPORT eap_status_e analyse_handshake_type_server_key_exchange( |
|
858 EAP_TEMPLATE_CONST tls_handshake_message_c * const handshake_message); |
|
859 |
|
860 /** |
|
861 * This function analyses TLS Handshake/ClientKeyExchange message. |
|
862 */ |
|
863 EAP_FUNC_IMPORT eap_status_e analyse_handshake_type_client_key_exchange( |
|
864 EAP_TEMPLATE_CONST tls_handshake_message_c * const handshake_message); |
|
865 |
|
866 /** |
|
867 * This function analyses TLS Handshake/CertificateVerify message. |
|
868 */ |
|
869 EAP_FUNC_IMPORT eap_status_e analyse_handshake_type_certificate_verify( |
|
870 EAP_TEMPLATE_CONST tls_handshake_message_c * const handshake_message); |
|
871 |
|
872 /** |
|
873 * This function analyses TLS Handshake/Finished message. |
|
874 */ |
|
875 EAP_FUNC_IMPORT eap_status_e analyse_handshake_type_finished( |
|
876 EAP_TEMPLATE_CONST tls_handshake_message_c * const handshake_message, |
|
877 const u8_t received_eap_identifier); |
|
878 |
|
879 #if defined(USE_EAP_TLS_SESSION_TICKET) |
|
880 |
|
881 /** |
|
882 * This function analyses TLS Handshake/NewSessionTicket message. |
|
883 */ |
|
884 EAP_FUNC_IMPORT eap_status_e analyse_handshake_type_new_session_ticket( |
|
885 EAP_TEMPLATE_CONST tls_handshake_message_c * const handshake_message, |
|
886 const u8_t received_eap_identifier); |
|
887 |
|
888 #endif // #if defined(USE_EAP_TLS_SESSION_TICKET) |
|
889 |
|
890 /** |
|
891 * This function analyses TLS ChangeCipherSpec protocol. |
|
892 */ |
|
893 EAP_FUNC_IMPORT eap_status_e analyse_tls_protocol_change_cipher_spec( |
|
894 const tls_record_message_c * const record); |
|
895 |
|
896 /** |
|
897 * This function analyses TLS Alert protocol. |
|
898 */ |
|
899 EAP_FUNC_IMPORT eap_status_e analyse_tls_protocol_alert( |
|
900 const tls_record_message_c * const record); |
|
901 |
|
902 /** |
|
903 * This function analyses TLS Handshake protocol. |
|
904 */ |
|
905 EAP_FUNC_IMPORT eap_status_e analyse_tls_protocol_handshake( |
|
906 tls_record_message_c * const record, |
|
907 const u8_t received_eap_identifier); |
|
908 |
|
909 /** |
|
910 * This function analyses TLS ApplicationData protocol. |
|
911 */ |
|
912 EAP_FUNC_IMPORT eap_status_e analyse_tls_protocol_application_data( |
|
913 const tls_record_message_c * const record, |
|
914 const u8_t received_eap_identifier); |
|
915 |
|
916 /** |
|
917 * This function checks whether all pending queries are completed. |
|
918 */ |
|
919 EAP_FUNC_IMPORT eap_status_e are_pending_queries_completed(); |
|
920 |
|
921 /** |
|
922 * This function indicates state to lower layer. |
|
923 */ |
|
924 EAP_FUNC_IMPORT eap_status_e indicate_state_to_lower_layer( |
|
925 const tls_peap_state_e indicated_state); |
|
926 |
|
927 /** |
|
928 * This function indicates all message processed to lower layer. |
|
929 */ |
|
930 EAP_FUNC_IMPORT eap_status_e indicate_messages_processed(); |
|
931 |
|
932 /** |
|
933 * This function combines TLS-protocols data to a buffer and sends TLS-message. |
|
934 */ |
|
935 EAP_FUNC_IMPORT eap_status_e send_tls_message(); |
|
936 |
|
937 /** |
|
938 * This function checks all queries are completed. |
|
939 * If all queries are completed this function send the pending LS-messages. |
|
940 */ |
|
941 EAP_FUNC_IMPORT eap_status_e check_sent_tls_message(); |
|
942 |
|
943 /** |
|
944 * This function check the selected cipher suite is one of the proposed cipher suites. |
|
945 */ |
|
946 EAP_FUNC_IMPORT eap_status_e check_selected_cipher_suite( |
|
947 const tls_cipher_suites_e selected_cipher_suite); |
|
948 |
|
949 /** |
|
950 * This function check the selected compression method is one of the proposed compression method. |
|
951 */ |
|
952 EAP_FUNC_IMPORT eap_status_e check_selected_compression_method( |
|
953 const tls_compression_method_e selected_compression_method); |
|
954 |
|
955 /** |
|
956 * This function changes one 16-bit value pointed by parameter value from network order to host order. |
|
957 */ |
|
958 EAP_FUNC_IMPORT static eap_status_e u16_t_to_host_order( |
|
959 u16_t * const value, |
|
960 abs_eap_am_tools_c * const m_am_tools); |
|
961 |
|
962 /** |
|
963 * This function changes one 16-bit value pointed by parameter value from host order to network order. |
|
964 */ |
|
965 EAP_FUNC_IMPORT static eap_status_e u16_t_to_network_order( |
|
966 u16_t * const value, |
|
967 abs_eap_am_tools_c * const m_am_tools); |
|
968 |
|
969 /** |
|
970 * This function initializes MD5 and SHA hashes. |
|
971 */ |
|
972 EAP_FUNC_IMPORT eap_status_e message_hash_init(); |
|
973 |
|
974 /** |
|
975 * This function adds the send and received TLS-handshake message to MD5 and SHA hashes. |
|
976 * @param eap includes the buffer of the whole reassembled TLS-packet. |
|
977 * @param packet_length is length in bytes of the TLS-packet. |
|
978 */ |
|
979 EAP_FUNC_IMPORT eap_status_e message_hash_update( |
|
980 const bool true_when_parse_message, |
|
981 const tls_handshake_type_e type, |
|
982 u8_t * const tls_packet, |
|
983 const u32_t tls_packet_length); |
|
984 |
|
985 /** |
|
986 * This function obtains and concatenates the message digest of MD5 and SHA hashes. |
|
987 * @param type tells the handshake type where the message digest is used. |
|
988 * @param message_hash includes the buffer of the message digest. The message_hash_create() function initializes the buffer. |
|
989 * @param client_originated is boolean flag. When client calls this function value is true, when server calls this function value is false. |
|
990 */ |
|
991 EAP_FUNC_IMPORT eap_status_e message_hash_create( |
|
992 const bool true_when_parse_message, |
|
993 const tls_handshake_type_e type, |
|
994 eap_variable_data_c * const message_hash, |
|
995 const bool client_originated); |
|
996 |
|
997 EAP_FUNC_IMPORT eap_status_e message_hash_final( |
|
998 eap_variable_data_c * const md5_digest, |
|
999 eap_variable_data_c * const sha1_digest); |
|
1000 |
|
1001 /** |
|
1002 * This function saves MD5 and SHA hashes for certificate verify message to |
|
1003 * member attributes m_message_hash_md5_certificate_verify and m_message_hash_sha1_certificate_verify. |
|
1004 */ |
|
1005 EAP_FUNC_IMPORT eap_status_e message_hash_save_certificate_verify(); |
|
1006 |
|
1007 /** |
|
1008 * This function saves MD5 and SHA hashes for finished message to |
|
1009 * member attributes message_hash_md5_finished and message_hash_sha1_finished. |
|
1010 */ |
|
1011 EAP_FUNC_IMPORT eap_status_e message_hash_save_finished( |
|
1012 const bool client_originated); |
|
1013 |
|
1014 /** |
|
1015 * This function creates certificate verfy message hash. |
|
1016 */ |
|
1017 EAP_FUNC_IMPORT eap_status_e message_hash_create_certificate_verify( |
|
1018 const bool client_originated); |
|
1019 |
|
1020 /** |
|
1021 * This function creates finished message hash. |
|
1022 * @param signed_message_hash is pointer to buffer of the message hash. |
|
1023 */ |
|
1024 EAP_FUNC_IMPORT eap_status_e message_hash_create_finished( |
|
1025 const bool client_originated_message, |
|
1026 eap_variable_data_c * const signed_message_hash); |
|
1027 |
|
1028 |
|
1029 /** |
|
1030 * This function creates SHA1 HASH of server key exchange message when DHE cipher suite is used. |
|
1031 */ |
|
1032 EAP_FUNC_IMPORT eap_status_e create_server_key_exchange_sha1_hash( |
|
1033 const eap_variable_data_c * const dhe_prime, |
|
1034 const eap_variable_data_c * const dhe_group_generator, |
|
1035 const eap_variable_data_c * const public_dhe_key, |
|
1036 eap_variable_data_c * const hash); |
|
1037 |
|
1038 /** |
|
1039 * This function creates MD5 HASH of server key exchange message when DHE cipher suite is used. |
|
1040 */ |
|
1041 EAP_FUNC_IMPORT eap_status_e create_server_key_exchange_md5_hash( |
|
1042 const eap_variable_data_c * const dhe_prime, |
|
1043 const eap_variable_data_c * const dhe_group_generator, |
|
1044 const eap_variable_data_c * const public_dhe_key, |
|
1045 eap_variable_data_c * const hash); |
|
1046 |
|
1047 /** |
|
1048 * This function verifies the HASH of server key exchange message is valid. |
|
1049 */ |
|
1050 EAP_FUNC_IMPORT eap_status_e verify_signature_of_server_key_exchange( |
|
1051 const eap_variable_data_c * const signed_server_key_exchange_hash); |
|
1052 |
|
1053 |
|
1054 |
|
1055 /** |
|
1056 * This function verifies the cipher suite is one of using 3DES_EDE_CBC_SHA. |
|
1057 */ |
|
1058 EAP_FUNC_IMPORT bool cipher_suite_is_3DES_EDE_CBC_SHA(tls_cipher_suites_e cipher_suite) const; |
|
1059 |
|
1060 /** |
|
1061 * This function verifies the cipher suite is one of using AES_128_CBC_SHA. |
|
1062 */ |
|
1063 EAP_FUNC_IMPORT bool cipher_suite_is_AES_128_CBC_SHA(tls_cipher_suites_e cipher_suite) const; |
|
1064 |
|
1065 /** |
|
1066 * This function verifies the cipher suite is one of using RC4_128_MD5. |
|
1067 */ |
|
1068 EAP_FUNC_IMPORT bool cipher_suite_is_RC4_128_MD5(tls_cipher_suites_e cipher_suite) const; |
|
1069 |
|
1070 /** |
|
1071 * This function verifies the cipher suite is one of using RC4_128_SHA. |
|
1072 */ |
|
1073 EAP_FUNC_IMPORT bool cipher_suite_is_RC4_128_SHA(tls_cipher_suites_e cipher_suite) const; |
|
1074 |
|
1075 |
|
1076 |
|
1077 /** |
|
1078 * This function verifies the current cipher suite is one of using TLS_RSA. |
|
1079 */ |
|
1080 EAP_FUNC_IMPORT bool cipher_suite_is_TLS_RSA() const; |
|
1081 |
|
1082 /** |
|
1083 * This function verifies the current cipher suite is one of using TLS_DHE_RSA. |
|
1084 */ |
|
1085 EAP_FUNC_IMPORT bool cipher_suite_is_TLS_DHE_RSA() const; |
|
1086 |
|
1087 /** |
|
1088 * This function verifies the current cipher suite is one of using TLS_DHE_DSS. |
|
1089 */ |
|
1090 EAP_FUNC_IMPORT bool cipher_suite_is_TLS_DHE_DSS() const; |
|
1091 |
|
1092 #if defined(USE_FAST_EAP_TYPE) |
|
1093 /** |
|
1094 * This function verifies the current cipher suite is one of using TLS_DH_anon. |
|
1095 */ |
|
1096 EAP_FUNC_IMPORT bool cipher_suite_is_TLS_DH_anon() const; |
|
1097 #endif //#if defined(USE_FAST_EAP_TYPE) |
|
1098 |
|
1099 |
|
1100 #if EAP_TLS_NOT_SUPPORTED_CIPHER_SUITE |
|
1101 This is not implemented yet |
|
1102 EAP_FUNC_IMPORT bool cipher_suite_is_TLS_DH_DSS() const; |
|
1103 #endif |
|
1104 |
|
1105 |
|
1106 |
|
1107 /** |
|
1108 * This function generates ephemeral Diffie-Hellman keys. |
|
1109 * Keys are stored to m_own_private_dhe_key and m_own_public_dhe_key. |
|
1110 */ |
|
1111 EAP_FUNC_IMPORT eap_status_e generate_dhe_keys(); |
|
1112 |
|
1113 /** |
|
1114 * This function generates master secret. |
|
1115 */ |
|
1116 EAP_FUNC_IMPORT eap_status_e generate_master_secret(); |
|
1117 |
|
1118 /** |
|
1119 * This function generates premaster secret. |
|
1120 */ |
|
1121 EAP_FUNC_IMPORT eap_status_e generate_premaster_secret(); |
|
1122 |
|
1123 #if defined(USE_FAST_EAP_TYPE) |
|
1124 /** |
|
1125 * This function generates master secret from EAP-FAST PAC-Key. |
|
1126 */ |
|
1127 EAP_FUNC_IMPORT eap_status_e generate_eap_fast_master_secret_from_pac_key( |
|
1128 const eap_variable_data_c * const pac_key); |
|
1129 #endif //#if defined(USE_FAST_EAP_TYPE) |
|
1130 |
|
1131 |
|
1132 EAP_FUNC_IMPORT void send_error_notification(const eap_status_e error); |
|
1133 |
|
1134 /** |
|
1135 * This function adds new completion action to the end of the m_completion_queue. |
|
1136 */ |
|
1137 EAP_FUNC_IMPORT eap_status_e completion_action_add( |
|
1138 tls_completion_action_e action); |
|
1139 |
|
1140 /** |
|
1141 * This function verifies all completion actions are completed. |
|
1142 */ |
|
1143 EAP_FUNC_IMPORT eap_status_e completion_action_clenup(); |
|
1144 |
|
1145 /** |
|
1146 * This function checks and completes completion actions. |
|
1147 * This function could return eap_status_pending_request if the |
|
1148 * first completion action cannot be completed yet. |
|
1149 */ |
|
1150 EAP_FUNC_IMPORT eap_status_e completion_action_check(); |
|
1151 |
|
1152 |
|
1153 |
|
1154 |
|
1155 /** |
|
1156 * This function generates random padding length. See chapter "6.2.3.2. CBC block cipher" in <a href="../../type/tls_peap/documentation/rfc2246.txt">RFC 2246</a>. |
|
1157 */ |
|
1158 EAP_FUNC_IMPORT u8_t get_extra_padding_length(const u8_t padding_length, const u32_t block_size); |
|
1159 |
|
1160 /** |
|
1161 * This function applies the current block cipher suite to send TLS-record. |
|
1162 */ |
|
1163 EAP_FUNC_IMPORT eap_status_e apply_send_block_cipher_suite( |
|
1164 eap_variable_data_c * const tls_record_message_buffer, |
|
1165 abs_crypto_cbc_block_algorithm_c * const encrypt, |
|
1166 abs_crypto_hmac_algorithm_c * const mac); |
|
1167 |
|
1168 /** |
|
1169 * This function applies the current block cipher suite to received TLS-record. |
|
1170 */ |
|
1171 EAP_FUNC_IMPORT eap_status_e apply_receive_block_cipher_suite( |
|
1172 eap_variable_data_c * const tls_record_message_buffer, |
|
1173 abs_crypto_cbc_block_algorithm_c * const decrypt, |
|
1174 abs_crypto_hmac_algorithm_c * const mac); |
|
1175 |
|
1176 /** |
|
1177 * This function applies the current stream cipher suite to send TLS-record. |
|
1178 */ |
|
1179 EAP_FUNC_IMPORT eap_status_e apply_send_stream_cipher_suite( |
|
1180 eap_variable_data_c * const tls_record_message_buffer, |
|
1181 abs_crypto_stream_algorithm_c * const encrypt, |
|
1182 abs_crypto_hmac_algorithm_c * const mac); |
|
1183 |
|
1184 /** |
|
1185 * This function applies the current stream cipher suite to received TLS-record. |
|
1186 */ |
|
1187 EAP_FUNC_IMPORT eap_status_e apply_receive_stream_cipher_suite( |
|
1188 eap_variable_data_c * const tls_record_message_buffer, |
|
1189 abs_crypto_stream_algorithm_c * const decrypt, |
|
1190 abs_crypto_hmac_algorithm_c * const mac); |
|
1191 |
|
1192 /** |
|
1193 * This function applies the current cipher suite to send TLS-record. |
|
1194 */ |
|
1195 EAP_FUNC_IMPORT eap_status_e apply_send_cipher_suite( |
|
1196 eap_variable_data_c * const tls_record_message_buffer); |
|
1197 |
|
1198 /** |
|
1199 * This function applies the current cipher suite to received TLS-record. |
|
1200 */ |
|
1201 EAP_FUNC_IMPORT eap_status_e apply_receive_cipher_suite( |
|
1202 eap_variable_data_c * const tls_record_message_buffer); |
|
1203 |
|
1204 /** This function hides create_tls_protocol_alert() call. |
|
1205 */ |
|
1206 EAP_FUNC_IMPORT eap_status_e eap_status_return_and_create_tls_protocol_alert( |
|
1207 const eap_status_e status); |
|
1208 |
|
1209 |
|
1210 /** |
|
1211 * This function sets the state of TLS. |
|
1212 */ |
|
1213 EAP_FUNC_IMPORT tls_peap_state_e get_state() const; |
|
1214 |
|
1215 /** |
|
1216 * This function gets the state of TLS. |
|
1217 */ |
|
1218 EAP_FUNC_IMPORT void set_state(const tls_peap_state_e state); |
|
1219 |
|
1220 /** |
|
1221 * This function verified the current state of TLS and parameter state are equal. |
|
1222 */ |
|
1223 EAP_FUNC_IMPORT bool verify_state(const tls_peap_state_e state); |
|
1224 |
|
1225 |
|
1226 |
|
1227 /** |
|
1228 * This function initializes encryption and decryption objects for block cipher suite. |
|
1229 */ |
|
1230 EAP_FUNC_IMPORT eap_status_e cipher_suite_initialization_cbc( |
|
1231 abs_crypto_cbc_block_algorithm_c ** const cbc_crypto_block_algorithm, |
|
1232 abs_crypto_block_algorithm_c * const crypto_block_algorithm, |
|
1233 const eap_variable_data_c * const iv, |
|
1234 const eap_variable_data_c * const key, |
|
1235 const bool true_when_encrypt); |
|
1236 |
|
1237 /** |
|
1238 * This function initializes HMAC algorithm objects. |
|
1239 */ |
|
1240 EAP_FUNC_IMPORT eap_status_e cipher_suite_initialization_hmac( |
|
1241 abs_crypto_hmac_algorithm_c * const hmac_algorithm, |
|
1242 const eap_variable_data_c * const key); |
|
1243 |
|
1244 /** |
|
1245 * This function initializes encryption and decryption objects for stream cipher suite. |
|
1246 */ |
|
1247 EAP_FUNC_IMPORT eap_status_e cipher_suite_initialization_stream( |
|
1248 abs_crypto_stream_algorithm_c * const crypto_stream_algorithm, |
|
1249 const eap_variable_data_c * const key, |
|
1250 const bool true_when_encrypt); |
|
1251 |
|
1252 /** |
|
1253 * This function initializes HMAC-SHA1 objects for current cipher suite. |
|
1254 */ |
|
1255 EAP_FUNC_IMPORT eap_status_e cipher_suite_initialization_hmac_sha1(const bool send_when_true); |
|
1256 |
|
1257 /** |
|
1258 * This function initializes HMAC-MD5 objects for current cipher suite. |
|
1259 */ |
|
1260 EAP_FUNC_IMPORT eap_status_e cipher_suite_initialization_hmac_md5(const bool send_when_true); |
|
1261 |
|
1262 /** |
|
1263 * This function initializes encryption and decryption objects for current cipher suite. |
|
1264 */ |
|
1265 EAP_FUNC_IMPORT eap_status_e cipher_suite_initialization( |
|
1266 const bool send_when_true); |
|
1267 |
|
1268 |
|
1269 |
|
1270 /** |
|
1271 * This function creates a new TLS-record message or returns tha last one if |
|
1272 * parameter protocol and ther last TLS-record message match. |
|
1273 */ |
|
1274 EAP_FUNC_IMPORT eap_status_e new_record_message( |
|
1275 tls_record_message_c ** const tls_record_message, |
|
1276 const tls_record_protocol_e protocol); |
|
1277 |
|
1278 /** |
|
1279 * This function creates a new TLS-record including handshake protocol message. |
|
1280 */ |
|
1281 EAP_FUNC_IMPORT eap_status_e add_record_message( |
|
1282 tls_handshake_message_c * const tls_handshake_message); |
|
1283 |
|
1284 /** |
|
1285 * This function creates a new TLS-record including change cipher spec protocol message. |
|
1286 */ |
|
1287 EAP_FUNC_IMPORT eap_status_e add_record_message( |
|
1288 tls_change_cipher_spec_message_c * const change_cipher_spec_message); |
|
1289 |
|
1290 /** |
|
1291 * This function creates a new TLS-record including alert protocol message. |
|
1292 */ |
|
1293 EAP_FUNC_IMPORT eap_status_e add_record_message( |
|
1294 tls_alert_message_c * const alert_message); |
|
1295 |
|
1296 /** |
|
1297 * This function creates a new TLS-record including application data protocol message. |
|
1298 */ |
|
1299 EAP_FUNC_IMPORT eap_status_e add_record_message( |
|
1300 tls_application_data_message_c * const application_data_message); |
|
1301 |
|
1302 EAP_FUNC_IMPORT void reset_block_ciphers(const bool send_when_true); |
|
1303 |
|
1304 EAP_FUNC_IMPORT void reset_stream_ciphers(const bool send_when_true); |
|
1305 |
|
1306 EAP_FUNC_IMPORT void reset_hmac_algorithms(const bool send_when_true); |
|
1307 |
|
1308 EAP_FUNC_IMPORT eap_status_e get_tls_prf_data( |
|
1309 const eap_variable_data_c * const master_secret, |
|
1310 const eap_variable_data_c * const client_random, |
|
1311 const eap_variable_data_c * const server_random, |
|
1312 const eap_variable_data_c * const label, |
|
1313 eap_variable_data_c * const prf_data, |
|
1314 const u32_t required_prf_data_length); |
|
1315 |
|
1316 EAP_FUNC_IMPORT eap_status_e set_tls_session_type(const tls_session_type_e tls_session_type); |
|
1317 |
|
1318 EAP_FUNC_IMPORT tls_session_type_e get_tls_session_type(); |
|
1319 |
|
1320 EAP_FUNC_IMPORT void set_tls_identity_privacy_handshake_state(const tls_identity_privacy_handshake_state_e state); |
|
1321 |
|
1322 EAP_FUNC_IMPORT void set_selected_cipher_suite(const tls_cipher_suites_e cipher_suite); |
|
1323 |
|
1324 EAP_FUNC_IMPORT eap_status_e set_receive_cipher_suite(const tls_cipher_suites_e cipher_suite); |
|
1325 |
|
1326 EAP_FUNC_IMPORT eap_status_e set_send_cipher_suite(const tls_cipher_suites_e cipher_suite); |
|
1327 |
|
1328 //-------------------------------------------------- |
|
1329 protected: |
|
1330 //-------------------------------------------------- |
|
1331 |
|
1332 //-------------------------------------------------- |
|
1333 public: |
|
1334 //-------------------------------------------------- |
|
1335 |
|
1336 /** |
|
1337 * The destructor of the tls_record_c class does nothing special. |
|
1338 */ |
|
1339 EAP_FUNC_IMPORT virtual ~tls_record_c(); |
|
1340 |
|
1341 /** |
|
1342 * The constructor of the tls_record_c class simply initializes the attributes. |
|
1343 * The tls_record_c object sends packets to the network using tls_base_record_c::get_type_partner() object. |
|
1344 */ |
|
1345 EAP_FUNC_IMPORT tls_record_c( |
|
1346 abs_eap_am_tools_c * const tools, ///< tools is pointer to the tools class. @see abs_eap_am_tools_c. |
|
1347 tls_am_services_c * const am_tls_services, ///< This is pointer to adaoptation module of TLS. |
|
1348 const bool free_am_tls_services, |
|
1349 tls_base_application_c * const application, ///< application is pointer to application object. |
|
1350 const bool free_application, |
|
1351 const bool is_client_when_true, ///< Indicates whether this is client (true) or server (false). |
|
1352 const eap_type_value_e eap_type, |
|
1353 const eap_am_network_id_c * const receive_network_id); |
|
1354 |
|
1355 /** |
|
1356 * This function returns true when EAP-type is TTLS or PEAP. |
|
1357 */ |
|
1358 EAP_FUNC_IMPORT bool get_is_tunneled_tls(); |
|
1359 |
|
1360 /** |
|
1361 * This function sets the tunnel type. |
|
1362 */ |
|
1363 void set_peap_version( |
|
1364 const peap_version_e peap_version, ///< This is the PEAP version (PEAPv2, PEAPv1, XP PEAPv0), yes very nice to have many different versions. |
|
1365 const bool use_tppd_tls_peap, ///< Of course some vendors have own TLS/PEAP quirks. |
|
1366 const bool use_tppd_peapv1_acknowledge_hack); |
|
1367 |
|
1368 /** |
|
1369 * The configure() function is called after the constructor of the |
|
1370 * object is successfully executed. During the function call the object |
|
1371 * could query the configuration. Each derived class must define this function. |
|
1372 */ |
|
1373 EAP_FUNC_IMPORT eap_status_e configure(); |
|
1374 |
|
1375 /** |
|
1376 * The shutdown() function is called before the destructor of the |
|
1377 * object is executed. During the function call the object |
|
1378 * could shutdown the operations, for example cancel timers. |
|
1379 * Each derived class must define this function. |
|
1380 */ |
|
1381 EAP_FUNC_IMPORT eap_status_e shutdown(); |
|
1382 |
|
1383 EAP_FUNC_IMPORT eap_status_e get_ttls_implicit_challenge( |
|
1384 eap_variable_data_c * const ttls_implicit_challenge, |
|
1385 const u32_t required_ttls_implicit_challenge_length); |
|
1386 |
|
1387 /** |
|
1388 * This function sets the NAI realm. |
|
1389 */ |
|
1390 EAP_FUNC_IMPORT eap_status_e set_nai_realm( |
|
1391 const eap_variable_data_c * const NAI_realm ///< This is the full NAI realm. |
|
1392 ); |
|
1393 |
|
1394 // This is commented in abs_tls_base_application_c. |
|
1395 EAP_FUNC_IMPORT eap_status_e packet_send( |
|
1396 eap_buf_chain_wr_c * const sent_packet, |
|
1397 const u32_t header_offset, |
|
1398 const u32_t data_length, |
|
1399 const u32_t buffer_length); |
|
1400 |
|
1401 // This is commented in abs_tls_base_application_c. |
|
1402 EAP_FUNC_IMPORT u32_t get_header_offset( |
|
1403 u32_t * const MTU_length, |
|
1404 u32_t * const trailer_length); |
|
1405 |
|
1406 // This is commented in abs_tls_base_application_c. |
|
1407 EAP_FUNC_IMPORT eap_status_e read_configure( |
|
1408 const eap_configuration_field_c * const field, |
|
1409 eap_variable_data_c * const data); |
|
1410 |
|
1411 // This is commented in abs_tls_base_application_c. |
|
1412 EAP_FUNC_IMPORT eap_status_e write_configure( |
|
1413 const eap_configuration_field_c * const field, |
|
1414 eap_variable_data_c * const data); |
|
1415 |
|
1416 // This is commented in abs_tls_base_application_c. |
|
1417 EAP_FUNC_IMPORT void state_notification( |
|
1418 const abs_eap_state_notification_c * const state); |
|
1419 |
|
1420 // This is commented in abs_tls_base_application_c. |
|
1421 EAP_FUNC_IMPORT eap_status_e set_timer( |
|
1422 abs_eap_base_timer_c * const initializer, |
|
1423 const u32_t id, |
|
1424 void * const data, |
|
1425 const u32_t p_time_ms); |
|
1426 |
|
1427 // This is commented in abs_tls_base_application_c. |
|
1428 EAP_FUNC_IMPORT eap_status_e cancel_timer( |
|
1429 abs_eap_base_timer_c * const initializer, |
|
1430 const u32_t id); |
|
1431 |
|
1432 // This is commented in abs_tls_base_application_c. |
|
1433 EAP_FUNC_IMPORT eap_status_e cancel_all_timers(); |
|
1434 |
|
1435 // This is commented in abs_tls_base_application_c. |
|
1436 EAP_FUNC_IMPORT eap_status_e load_module( |
|
1437 const eap_type_value_e type, |
|
1438 const eap_type_value_e /* tunneling_type */, |
|
1439 abs_eap_base_type_c * const partner, |
|
1440 eap_base_type_c ** const eap_type, |
|
1441 const bool is_client_when_true, |
|
1442 const eap_am_network_id_c * const receive_network_id); |
|
1443 |
|
1444 // This is commented in abs_tls_base_application_c. |
|
1445 EAP_FUNC_IMPORT eap_status_e unload_module(const eap_type_value_e type); |
|
1446 |
|
1447 // This is commented in abs_tls_base_application_c. |
|
1448 EAP_FUNC_IMPORT eap_status_e restart_authentication( |
|
1449 const eap_am_network_id_c * const receive_network_id, |
|
1450 const bool is_client_when_true, |
|
1451 const bool force_clean_restart, |
|
1452 const bool from_timer); |
|
1453 |
|
1454 // This is commented in abs_tls_base_application_c. |
|
1455 EAP_FUNC_IMPORT eap_status_e packet_data_crypto_keys( |
|
1456 const eap_am_network_id_c * const send_network_id, |
|
1457 const eap_master_session_key_c * const master_session_key); |
|
1458 |
|
1459 // This is commented in abs_tls_base_application_c. |
|
1460 EAP_FUNC_IMPORT eap_status_e check_is_valid_eap_type(const eap_type_value_e eap_type); |
|
1461 |
|
1462 // This is commented in abs_tls_base_application_c::get_eap_type_list(). |
|
1463 EAP_FUNC_IMPORT eap_status_e get_eap_type_list( |
|
1464 eap_array_c<eap_type_value_e> * const eap_type_list); |
|
1465 |
|
1466 /** |
|
1467 * This function sends starts EAP-TLS/PEAP after a start message is received. |
|
1468 */ |
|
1469 EAP_FUNC_IMPORT eap_status_e start_tls_peap_authentication( |
|
1470 const eap_variable_data_c * const received_authority_identity |
|
1471 ); |
|
1472 |
|
1473 /** |
|
1474 * This function processes the received packet. |
|
1475 * @param tls_packet includes the buffer of the whole reassembled TLS-packet. |
|
1476 */ |
|
1477 EAP_FUNC_IMPORT eap_status_e packet_process( |
|
1478 eap_variable_data_c * const tls_packet, |
|
1479 const u8_t received_eap_identifier); |
|
1480 |
|
1481 /** |
|
1482 * This function indicates the plain text EAP-Success or EAP-Failure packet is received. |
|
1483 * @param receive_network_id includes the addresses (network identity) and packet type. |
|
1484 * @param received_eap_identifier is the EAP-Identifier of the received EAP-Success packet. |
|
1485 */ |
|
1486 EAP_FUNC_IMPORT eap_status_e plain_eap_success_failure_packet_received( |
|
1487 const eap_am_network_id_c * const receive_network_id, |
|
1488 const eap_code_value_e received_eap_code, |
|
1489 const u8_t received_eap_identifier); |
|
1490 |
|
1491 /** |
|
1492 * This function indicates the empty Ack packet is received. |
|
1493 * This is used in TTLS. |
|
1494 * @param receive_network_id includes the addresses (network identity) and packet type. |
|
1495 * @param received_eap_identifier is the EAP-Identifier of the received EAP-Success packet. |
|
1496 */ |
|
1497 EAP_FUNC_IMPORT eap_status_e empty_ack_packet_received( |
|
1498 const eap_am_network_id_c * const receive_network_id, |
|
1499 const u8_t received_eap_identifier); |
|
1500 |
|
1501 /** |
|
1502 * Object must indicate it's validity. |
|
1503 * If object initialization fails this function must return false. |
|
1504 * @return This function returns the validity of this object. |
|
1505 */ |
|
1506 EAP_FUNC_IMPORT bool get_is_valid(); |
|
1507 |
|
1508 /** |
|
1509 * This function must reset the state of object to same as |
|
1510 * state was after the configure() function call. |
|
1511 * If object reset succeeds this function must return eap_status_ok. |
|
1512 * If object reset fails this function must return corresponding error status. |
|
1513 * @return This function returns the status of reset operation. |
|
1514 */ |
|
1515 EAP_FUNC_IMPORT eap_status_e reset(); |
|
1516 |
|
1517 /** |
|
1518 * This function calculates the required key lengths. This function consults current cipher suite. |
|
1519 */ |
|
1520 EAP_FUNC_IMPORT u32_t get_key_expansion_size( |
|
1521 u32_t * const mac_key_length, |
|
1522 u32_t * const encryption_key_length, |
|
1523 u32_t * const iv_length, |
|
1524 u32_t * const session_key_seed_length, |
|
1525 u32_t * const mschapv2_challenges_length); |
|
1526 |
|
1527 /** |
|
1528 * This function generates the key material for the current cipher suite. |
|
1529 */ |
|
1530 EAP_FUNC_IMPORT eap_status_e generate_key_material(); |
|
1531 |
|
1532 EAP_FUNC_IMPORT eap_status_e set_tls_master_secret( |
|
1533 const eap_variable_data_c * const master_secret, |
|
1534 const eap_variable_data_c * const client_random, |
|
1535 const eap_variable_data_c * const server_random); |
|
1536 |
|
1537 /** |
|
1538 * This function changes the current cipher suite to negotiated cipher suite. |
|
1539 * Parameter send_when_true tells whether the send cipher suite (true) or receive cipher suite (false) |
|
1540 * is acquired to be changed. |
|
1541 */ |
|
1542 EAP_FUNC_IMPORT eap_status_e change_cipher_spec(const bool send_when_true); |
|
1543 |
|
1544 |
|
1545 // This is commented in tls_base_record_c::read_authority_identity(). |
|
1546 EAP_FUNC_IMPORT eap_status_e read_authority_identity(eap_variable_data_c * const authority_identity_payload); |
|
1547 |
|
1548 |
|
1549 // This is commented in abs_tls_am_services_c::complete_query_cipher_suites_and_previous_session(). |
|
1550 EAP_FUNC_IMPORT eap_status_e complete_query_cipher_suites_and_previous_session( |
|
1551 const tls_session_type_e session_type, |
|
1552 EAP_TEMPLATE_CONST eap_array_c<u16_t> * const cipher_suites, |
|
1553 EAP_TEMPLATE_CONST eap_array_c<u8_t> * const compression_methods, |
|
1554 #if defined(USE_EAP_TLS_SESSION_TICKET) |
|
1555 EAP_TEMPLATE_CONST eap_array_c<tls_extension_c> * const tls_extensions, |
|
1556 #endif // #if defined(USE_EAP_TLS_SESSION_TICKET) |
|
1557 const eap_variable_data_c * const resumed_session_id, |
|
1558 const eap_variable_data_c * const resumed_master_secret, |
|
1559 const tls_cipher_suites_e resumed_cipher_suite, |
|
1560 const eap_status_e completion_status); |
|
1561 |
|
1562 // This is commented in abs_tls_am_services_c::complete_select_cipher_suite_and_check_session_id(). |
|
1563 EAP_FUNC_IMPORT eap_status_e complete_select_cipher_suite_and_check_session_id( |
|
1564 const tls_session_type_e session_type, |
|
1565 const u16_t selected_cipher_suite, |
|
1566 const eap_variable_data_c * const session_id, |
|
1567 const eap_variable_data_c * const master_secret, |
|
1568 #if defined(USE_EAP_TLS_SESSION_TICKET) |
|
1569 const tls_extension_c * const new_session_ticket_or_null, |
|
1570 #endif //#if defined(USE_EAP_TLS_SESSION_TICKET) |
|
1571 const eap_status_e completion_status); |
|
1572 |
|
1573 #if defined(USE_EAP_TLS_SESSION_TICKET) |
|
1574 // This is commented in abs_tls_am_services_c::complete_query_new_session_ticket(). |
|
1575 EAP_FUNC_IMPORT eap_status_e complete_query_new_session_ticket( |
|
1576 const tls_extension_c * const new_session_ticket_or_null); |
|
1577 #endif //#if defined(USE_EAP_TLS_SESSION_TICKET) |
|
1578 |
|
1579 // This is commented in abs_tls_am_services_c::complete_verify_certificate_chain(). |
|
1580 EAP_FUNC_IMPORT eap_status_e complete_verify_certificate_chain( |
|
1581 const eap_status_e result); |
|
1582 |
|
1583 // This is commented in abs_tls_am_services_c::complete_query_certificate_chain(). |
|
1584 EAP_FUNC_IMPORT eap_status_e complete_query_certificate_chain( |
|
1585 EAP_TEMPLATE_CONST eap_array_c<eap_variable_data_c> * const certificate_chain, |
|
1586 const eap_status_e completion_status); |
|
1587 |
|
1588 // This is commented in abs_tls_am_services_c::complete_query_certificate_authorities_and_types(). |
|
1589 EAP_FUNC_IMPORT eap_status_e complete_query_certificate_authorities_and_types( |
|
1590 EAP_TEMPLATE_CONST eap_array_c<eap_variable_data_c> * const authorities, |
|
1591 EAP_TEMPLATE_CONST eap_array_c<u8_t> * const types, |
|
1592 const eap_status_e completion_status); |
|
1593 |
|
1594 // This is commented in abs_tls_am_services_c::complete_query_dh_parameters(). |
|
1595 EAP_FUNC_IMPORT eap_status_e complete_query_dh_parameters( |
|
1596 const eap_variable_data_c * const dhe_prime, |
|
1597 const eap_variable_data_c * const dhe_group_generator, |
|
1598 const eap_status_e completion_status); |
|
1599 |
|
1600 // This is commented in abs_tls_am_services_c::complete_query_realm(). |
|
1601 EAP_FUNC_IMPORT eap_status_e complete_query_realm( |
|
1602 const eap_variable_data_c * const realm, |
|
1603 const eap_status_e completion_status); |
|
1604 |
|
1605 // This is commented in abs_tls_am_services_c::complete_rsa_encrypt_with_public_key(). |
|
1606 EAP_FUNC_IMPORT eap_status_e complete_rsa_encrypt_with_public_key( |
|
1607 const eap_variable_data_c * const encrypted_premaster_secret, |
|
1608 const eap_status_e completion_status); |
|
1609 |
|
1610 // This is commented in abs_tls_am_services_c::complete_rsa_decrypt_with_private_key(). |
|
1611 EAP_FUNC_IMPORT eap_status_e complete_rsa_decrypt_with_private_key( |
|
1612 const eap_variable_data_c * const premaster_secret, |
|
1613 const eap_status_e completion_status); |
|
1614 |
|
1615 // This is commented in abs_tls_am_services_c::complete_sign_with_private_key(). |
|
1616 EAP_FUNC_IMPORT eap_status_e complete_sign_with_private_key( |
|
1617 const eap_variable_data_c * const message_hash, |
|
1618 const eap_status_e completion_status); |
|
1619 |
|
1620 // This is commented in abs_tls_am_services_c::complete_verify_with_public_key(). |
|
1621 EAP_FUNC_IMPORT eap_status_e complete_verify_with_public_key( |
|
1622 const eap_status_e verify_status); |
|
1623 |
|
1624 // See abs_tls_base_application_c::get_eap_tls_master_session_key(). |
|
1625 EAP_FUNC_IMPORT eap_status_e get_eap_tls_master_session_key( |
|
1626 eap_variable_data_c * const eap_tls_master_session_key, |
|
1627 eap_variable_data_c * const mschapv2_challenges |
|
1628 ); |
|
1629 |
|
1630 EAP_FUNC_IMPORT eap_status_e add_rogue_ap(eap_array_c<eap_rogue_ap_entry_c> & rogue_ap_list); |
|
1631 |
|
1632 // This is documented in abs_tls_base_application_c::set_session_timeout(). |
|
1633 EAP_FUNC_IMPORT eap_status_e set_session_timeout( |
|
1634 const u32_t session_timeout_ms); |
|
1635 |
|
1636 #if defined(USE_FAST_EAP_TYPE) |
|
1637 |
|
1638 EAP_FUNC_IMPORT eap_status_e complete_query_tunnel_PAC( |
|
1639 const eap_status_e in_completion_status, |
|
1640 const eap_fast_pac_type_e in_pac_type, |
|
1641 const eap_fast_variable_data_c * const in_tunnel_PAC_key_tlv, |
|
1642 const eap_fast_variable_data_c * const in_tunnel_PAC_opaque_tlv); |
|
1643 |
|
1644 #endif //#if defined(USE_FAST_EAP_TYPE) |
|
1645 |
|
1646 EAP_FUNC_IMPORT eap_status_e query_ttls_pap_username_and_password( |
|
1647 const eap_variable_data_c * const reply_message); |
|
1648 |
|
1649 EAP_FUNC_IMPORT eap_status_e complete_query_ttls_pap_username_and_password( |
|
1650 const eap_variable_data_c * const ttls_pap_username, |
|
1651 const eap_variable_data_c * const ttls_pap_password, |
|
1652 const eap_status_e query_result); |
|
1653 |
|
1654 EAP_FUNC_IMPORT eap_status_e verify_ttls_pap_username_and_password( |
|
1655 const eap_variable_data_c * const user_name, |
|
1656 const eap_variable_data_c * const user_password); |
|
1657 |
|
1658 EAP_FUNC_IMPORT eap_status_e complete_verify_ttls_pap_username_and_password( |
|
1659 const eap_status_e authentication_result, |
|
1660 const eap_variable_data_c * const ttls_pap_reply_message); |
|
1661 |
|
1662 //-------------------------------------------------- |
|
1663 }; // class tls_record_c |
|
1664 |
|
1665 #endif //#if !defined(_TLS_RECORD_H_) |
|
1666 |
|
1667 //-------------------------------------------------- |
|
1668 |
|
1669 |
|
1670 |
|
1671 // End. |