|
1 /* |
|
2 * Copyright (c) 2001-2006 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of the License "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: EAP and WLAN authentication protocols. |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 |
|
20 |
|
21 #if !defined(_EAPTLSPEAPDBDEFAULTS_H_) |
|
22 #define _EAPTLSPEAPDBDEFAULTS_H_ |
|
23 |
|
24 enum TTLSPEAPUseManualRealm |
|
25 { |
|
26 ETLSPEAPUseManualRealmNo, // False. Don't use Manual Realm. |
|
27 ETLSPEAPUseManualRealmYes, // True. Use Manual Realm. |
|
28 }; |
|
29 |
|
30 enum TTLSPEAPUseManualUsername |
|
31 { |
|
32 ETLSPEAPUseManualUsernameNo, // False. Don't use Manual Username. |
|
33 ETLSPEAPUseManualUsernameYes, // True. Use Manual Username. |
|
34 }; |
|
35 |
|
36 enum TTLSPEAPVerifyCertRealm |
|
37 { |
|
38 ETLSPEAPVerifyCertRealmNo, // False. Don't Verify Certificate Realm. |
|
39 ETLSPEAPVerifyCertRealmYes, // True. Verify Certificate Realm. |
|
40 }; |
|
41 |
|
42 enum TTLSPEAPServerAuthenticatesClientPolicy |
|
43 { |
|
44 ETLSPEAPServerAuthenticatesClientPolicyNo, // False. |
|
45 ETLSPEAPServerAuthenticatesClientPolicyYes, // True. |
|
46 }; |
|
47 |
|
48 enum TTLSPEAPTLSPrivacy |
|
49 { |
|
50 ETLSPEAPTLSPrivacyNo, // False. TLS Privacy OFF. |
|
51 ETLSPEAPTLSPrivacyYes, // True. TLS Privacy ON. |
|
52 }; |
|
53 |
|
54 #ifdef USE_FAST_EAP_TYPE |
|
55 |
|
56 enum TFASTAuthProvModeAllowed |
|
57 { |
|
58 EFASTAuthProvModeAllowedNo, // False. Authenticated provisioning mode NOT allowed. |
|
59 EFASTAuthProvModeAllowedYes, // True. Authenticated provisioning mode allowed. |
|
60 }; |
|
61 |
|
62 enum TFASTUnauthProvModeAllowed |
|
63 { |
|
64 EFASTUnauthProvModeAllowedNo, // False. Unauthenticated provisioning mode NOT allowed. |
|
65 EFASTUnauthProvModeAllowedYes, // True. Unauthenticated provisioning mode allowed. |
|
66 }; |
|
67 |
|
68 enum TFASTWarnADHPNoPAC |
|
69 { |
|
70 EFASTWarnADHPNoPACNo, // False. Warnings or prompts NOT allowed. |
|
71 EFASTWarnADHPNoPACYes, // True. Warnings or prompts allowed. |
|
72 }; |
|
73 |
|
74 enum TFASTWarnADHPNoMatchingPAC |
|
75 { |
|
76 EFASTWarnADHPNoMatchingPACNo, // False. Warnings or prompts NOT allowed. |
|
77 EFASTWarnADHPNoMatchingPACYes, // True. Warnings or prompts allowed. |
|
78 }; |
|
79 |
|
80 enum TFASTWarnNotDefaultServer |
|
81 { |
|
82 EFASTWarnNotDefaultServerNo, // False. Warnings or prompts NOT allowed. |
|
83 EFASTWarnNotDefaultServerYes, // True. Warnings or prompts allowed. |
|
84 }; |
|
85 |
|
86 #endif //#ifdef USE_FAST_EAP_TYPE |
|
87 |
|
88 // LOCAL CONSTANTS |
|
89 const TInt default_EAP_TLS_PEAP_use_manual_realm = ETLSPEAPUseManualRealmNo; |
|
90 _LIT(default_EAP_TLS_PEAP_manual_realm, ""); |
|
91 |
|
92 const TInt default_EAP_TLS_PEAP_use_manual_username = ETLSPEAPUseManualUsernameNo; |
|
93 _LIT(default_EAP_TLS_PEAP_manual_username, ""); |
|
94 |
|
95 const TInt default_EAP_TLS_PEAP_cipher_suite = tls_cipher_suites_TLS_RSA_WITH_3DES_EDE_CBC_SHA; |
|
96 |
|
97 const TInt default_EAP_TLS_PEAP_used_PEAP_version = 0; |
|
98 const TInt default_EAP_TLS_PEAP_accepted_PEAP_versions[] = {0, 1, -1}; |
|
99 |
|
100 _LIT8(default_PEAP_tunneled_types, ""); |
|
101 |
|
102 const TInt default_EAP_TLS_server_authenticates_client = 1; |
|
103 const TInt default_EAP_PEAP_TTLS_server_authenticates_client = 0; |
|
104 |
|
105 _LIT(default_CA_cert_label, "rsaca.eapsim.foo"); |
|
106 _LIT(default_client_cert_label, "rsaclient@eapsim.foo"); |
|
107 |
|
108 const TInt default_EAP_TLS_PEAP_verify_certificate_realm = 0; |
|
109 |
|
110 const TUint default_EAP_TLS_PEAP_TLS_Privacy = ETLSPEAPTLSPrivacyNo; |
|
111 |
|
112 const TInt64 default_MaxSessionTime = 0; // 0 means read from configuration file. |
|
113 const TInt64 default_FullAuthTime = 0; |
|
114 |
|
115 // Defaults for EAP-FAST specific items |
|
116 #ifdef USE_FAST_EAP_TYPE |
|
117 const TUint default_EAP_FAST_Auth_Prov_Mode_Allowed = EFASTAuthProvModeAllowedNo; // Default is NO |
|
118 const TUint default_EAP_FAST_Unauth_Prov_Mode_Allowed = EFASTUnauthProvModeAllowedNo; // Default is NO |
|
119 const TUint default_EAP_FAST_Warn_ADHP_No_PAC = EFASTWarnADHPNoPACNo; // Default is NO |
|
120 const TUint default_EAP_FAST_Warn_ADHP_No_Matching_PAC = EFASTWarnADHPNoMatchingPACNo; // Default is NO |
|
121 const TUint default_EAP_FAST_Warn_Not_Default_Server = EFASTWarnNotDefaultServerNo; // Default is NO |
|
122 #endif //#ifdef USE_FAST_EAP_TYPE |
|
123 |
|
124 // Add here the cipher suites you want to be allowed by default. Note that the last |
|
125 // element must be 0. |
|
126 const TInt default_allowed_cipher_suites[] = { |
|
127 tls_cipher_suites_TLS_RSA_WITH_3DES_EDE_CBC_SHA, |
|
128 tls_cipher_suites_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, |
|
129 tls_cipher_suites_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, |
|
130 tls_cipher_suites_TLS_RSA_WITH_AES_128_CBC_SHA, |
|
131 tls_cipher_suites_TLS_DHE_DSS_WITH_AES_128_CBC_SHA, |
|
132 tls_cipher_suites_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, |
|
133 0 |
|
134 }; |
|
135 |
|
136 const TInt available_cipher_suites[] = { |
|
137 tls_cipher_suites_TLS_RSA_WITH_3DES_EDE_CBC_SHA, |
|
138 tls_cipher_suites_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, |
|
139 tls_cipher_suites_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, |
|
140 tls_cipher_suites_TLS_RSA_WITH_AES_128_CBC_SHA, |
|
141 tls_cipher_suites_TLS_DHE_DSS_WITH_AES_128_CBC_SHA, |
|
142 tls_cipher_suites_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, |
|
143 tls_cipher_suites_TLS_RSA_WITH_RC4_128_MD5, |
|
144 tls_cipher_suites_TLS_RSA_WITH_RC4_128_SHA, |
|
145 0 |
|
146 }; |
|
147 |
|
148 const TUint KMaxManualUsernameLengthInDB = 255; |
|
149 const TUint KMaxManualRealmLengthInDB = 255; |
|
150 const TUint KMaxCertLabelLengthInDB = 255; |
|
151 const TUint KMaxSubjectKeyIdLengthInDB = 255; // Not using KKeyIdentifierLength (EapSettings.h) as this is |
|
152 // Symbian's subjectkey id (hash of actual subjectkey id), though the lengths are same. |
|
153 const TUint KMaxSessionIdLengthInDB = 32; |
|
154 const TUint KMaxMasterSecretLengthInDB = 48; |
|
155 const TUint KMaxPEAPVersionsStringLengthInDB = 12; |
|
156 const TUint KMaxTunneledTypeStringLengthInDB = 240; // 8 bytes for an EAP type. So 30 EAP types can be stored with this size. |
|
157 |
|
158 |
|
159 /** |
|
160 * Possible values of password prompt. |
|
161 */ |
|
162 enum TPapPasswordPrompt |
|
163 { |
|
164 /** |
|
165 * False. Don't show password prompt. |
|
166 */ |
|
167 EPapPasswordPromptOff, |
|
168 |
|
169 /** |
|
170 * True. Show password prompt. |
|
171 */ |
|
172 EPapPasswordPromptOn |
|
173 }; |
|
174 |
|
175 /** |
|
176 * Default password prompt value. |
|
177 */ |
|
178 const TUint KDefaultPapPasswordPrompt = EPapPasswordPromptOn; |
|
179 |
|
180 /** |
|
181 * Maximum length of PAP user name according to UI spec. |
|
182 */ |
|
183 const TUint KMaxPapUserNameLengthInDb = 253; |
|
184 |
|
185 /** |
|
186 * Maximum length of PAP password according to UI spec. |
|
187 */ |
|
188 const TUint KMaxPapPasswordLengthInDb = 128; |
|
189 |
|
190 /** |
|
191 * Default PAP user name. |
|
192 */ |
|
193 _LIT( KDefaultPapUserName, "" ); |
|
194 |
|
195 /** |
|
196 * Default PAP password. |
|
197 */ |
|
198 _LIT( KDefaultPapPassword, "" ); |
|
199 |
|
200 /** |
|
201 * Default max PAP session time. |
|
202 * Value 0 means reading from configuration file. |
|
203 */ |
|
204 const TInt64 KDefaultMaxPapSessionTime = 0; |
|
205 |
|
206 /** |
|
207 * Default full PAP authentication time. |
|
208 */ |
|
209 const TInt64 KDefaultFullPapAuthTime = 0; |
|
210 |
|
211 #endif // _EAPTLSPEAPDBDEFAULTS_H_ |
|
212 |
|
213 // End of file |