--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/eapol/eapol_framework/eapol_common/type/aka/include/eap_type_aka_types.h Thu Dec 17 08:47:43 2009 +0200
@@ -0,0 +1,782 @@
+/*
+* Copyright (c) 2001-2006 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of the License "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description: EAP and WLAN authentication protocols.
+*
+*/
+
+
+
+
+#if !defined(_AKA_TYPES_H_)
+#define _AKA_TYPES_H_
+
+#include "eap_type_aka_header.h"
+#include "eap_type_all_types.h"
+#include "eap_configuration_field.h"
+
+/** @file eap_type_aka_types.h
+ * @brief This file defines the constants of the AKA EAP type.
+ */
+
+/**
+ * This is the internal state of the AKA EAP type.
+ */
+enum eap_type_aka_state_variable_e
+{
+ eap_type_aka_state_none , ///< State state_none
+
+ eap_type_aka_state_waiting_for_identity_request , ///< Client state waiting_for_identity_request
+ eap_type_aka_state_pending_identity_query , ///< Client state pending_identity_query
+ eap_type_aka_state_waiting_for_aka_identity_request , ///< Client state imsi_waiting_for_aka_identity_request
+ eap_type_aka_state_imsi_waiting_for_aka_identity_request , ///< Client state imsi_waiting_for_aka_identity_request
+ eap_type_aka_state_pseydonym_waiting_for_aka_identity_request , ///< Client state pseydonym_waiting_for_aka_identity_request
+ eap_type_aka_state_analyse_aka_identity_request , ///< Client state analyse_aka_identity_request
+ eap_type_aka_state_waiting_for_challenge_request , ///< Client state waiting_for_challenge_request
+ eap_type_aka_state_analyses_challenge_request , ///< Client state analyses_challenge_request
+ eap_type_aka_state_pending_kc_sres_query , ///< Client state pending_kc_sres_query
+ eap_type_aka_state_waiting_for_notification_request_success , ///< Client state waiting_for_notification_request_success
+ eap_type_aka_state_waiting_for_success , ///< Client state waiting_for_success
+ eap_type_aka_state_waiting_for_reauth_request , ///< Client state waiting_for_reauth_request
+ eap_type_aka_state_analyses_reauthentication_request , ///< Client state analyses_reauthentication_request
+
+ eap_type_aka_state_pending_pseudonym_decode_query , ///< Server state pending_pseudonym_decode_query
+ eap_type_aka_state_waiting_for_identity_response , ///< Server state waiting_for_identity_response
+ eap_type_aka_state_waiting_for_aka_identity_response_with_at_permanent_identity , ///< Server state waiting_for_aka_identity_response_with_at_permanen_identity
+ eap_type_aka_state_waiting_for_aka_identity_response_with_at_full_auth_identity , ///< Server state waiting_for_aka_identity_response_with_at_identity
+ eap_type_aka_state_waiting_for_aka_identity_response_with_at_any_identity , ///< Server state waiting_for_aka_identity_response_with_at_identity
+ eap_type_aka_state_waiting_for_aka_identity_response , ///< Server state waiting_for_aka_identity_response
+ eap_type_aka_state_pending_re_syncronization_query , ///< Server state pending_re_syncronization_query
+ eap_type_aka_state_waiting_for_challenge_response , ///< Server state waiting_for_challenge_response
+ eap_type_aka_state_pending_authentication_vector_query , ///< Server state pending_authentication_vector_query
+ eap_type_aka_state_analyses_challenge_response , ///< Server state analyses_challenge_response
+ eap_type_aka_state_analyses_aka_identity_response , ///< Server state analyses_aka_identity_response
+ eap_type_aka_state_waiting_for_notification_response_failure , ///< Server state waiting_for_notification_response, authentication failed
+ eap_type_aka_state_waiting_for_notification_response_success , ///< Server state waiting_for_notification_response, authentication success
+ eap_type_aka_state_waiting_for_reauth_response , ///< Server state waiting_for_reauth_response
+ eap_type_aka_state_analyses_reauthentication_response , ///< Server state analyses_reauthentication_response
+
+ eap_type_aka_state_success , ///< State state_success
+ eap_type_aka_state_failure , ///< State state_failure
+
+ eap_type_aka_state_last_value ///< Keep this enum the last one.
+};
+
+
+/**
+ * This is the required completion after a asyncronous call.
+ */
+enum eap_type_aka_complete_e
+{
+ eap_type_aka_complete_none, ///< No completion required
+ eap_type_aka_complete_aka_identity_request, ///< AKA start request must be completed
+ eap_type_aka_complete_query_eap_identity, ///< AKA EAP-identity query must be completed
+ eap_type_aka_complete_handle_imsi_from_username,
+ eap_type_aka_complete_handle_aka_identity_response_message_completion,
+};
+
+
+/**
+ * This is the status of the authentication_vector.
+ */
+enum eap_aka_authentication_vector_status_e
+{
+ eap_aka_authentication_vector_status_ok = 0,
+ eap_aka_authentication_vector_status_no_roaming_agreement = 1024, ///< No roaming agreement.
+ eap_aka_authentication_vector_status_users_calls_are_barred = 1026, ///< User's calls are barred.
+ eap_aka_authentication_vector_status_user_has_not_subscribed_to_the_requested_service = 1031, ///< User has not subrcibed to the requested service.
+};
+
+
+enum eap_aka_notification_codes_e
+{
+ eap_aka_notification_no_F_no_P_general_failure = 0, ///< General failure. (implies failure, used after successful authentication)
+ eap_aka_notification_no_F_P_set_general_failure = 16384, ///< General failure. (implies failure, used before authentication)
+ eap_aka_notification_F_set_no_P_user_authenticated = 32768, ///< User has been successfully authenticated. (does not imply failure, used after successful authentication). The usage of this code is discussed in Section 4.4.2.
+ eap_aka_notification_no_F_no_P_users_calls_are_barred = 1026, ///< User has been temporarily denied access to the requested service. (Implies failure, used after successful authentication)
+ eap_aka_notification_no_F_no_P_user_has_not_subscribed_to_the_requested_service = 1031, ///< User has not subscribed to the requested service (implies failure, used after successful authentication)
+ eap_aka_notification_none = 0xffff, ///< No code.
+};
+
+
+enum aka_notification_code_bits_e
+{
+ aka_notification_code_bit_f = 0x8000,
+ aka_notification_code_bit_p = 0x4000,
+ aka_notification_code_value = 0x3FFF,
+};
+
+
+/** See eap_aka_authentication_vector_status_e. */
+const u8_t EAP_AKA_NOTIFICATION_NO_ROAMING_AGREEMENT[]
+ = "1024 Visited network does not have a roaming agreement with user's home operator";
+/** See eap_aka_authentication_vector_status_e. */
+const u8_t EAP_AKA_NOTIFICATION_USERS_CALLS_ARE_BARRED[]
+ = "1026 User's calls are barred";
+/** See eap_aka_authentication_vector_status_e. */
+const u8_t EAP_AKA_NOTIFICATION_USER_HAS_NOT_SUBSCRIBED_TO_THE_REQUESTED_SERVICE[]
+ = "1031 User has not subscribed to the requested service";
+
+/**
+ * This is the type of the AKA identity.
+ */
+enum eap_type_aka_identity_type
+{
+ AKA_IDENTITY_TYPE_NONE,
+ AKA_IDENTITY_TYPE_IMSI_ID,
+ AKA_IDENTITY_TYPE_PSEUDONYM_ID,
+ AKA_IDENTITY_TYPE_RE_AUTH_ID,
+};
+
+enum eap_aka_authentication_type_e
+{
+ AKA_AUTHENTICATION_TYPE_NONE,
+ AKA_AUTHENTICATION_TYPE_FULL_AUTH,
+ AKA_AUTHENTICATION_TYPE_REAUTHENTICATION,
+};
+
+const u8_t AKA_IMSI_PREFIX_CHARACTER[] = "0";
+
+const u32_t TRACE_FLAGS_AKA_ERROR = eap_am_tools_c::eap_trace_mask_error;
+
+const u8_t AKA_AT_CHARACTER[] = "@";
+
+const u8_t AKA_OWLAN_ORG_PREFIX_STRING[] = "wlan";
+const u32_t AKA_OWLAN_ORG_PREFIX_STRING_LENGTH = sizeof(AKA_OWLAN_ORG_PREFIX_STRING)-1ul;
+
+const u8_t AKA_UMA_PREFIX_STRING[] = "uma";
+const u32_t AKA_UMA_PREFIX_STRING_LENGTH = sizeof(AKA_UMA_PREFIX_STRING)-1ul;
+
+const u8_t AKA_OWLAN_MNC_STRING[] = "mnc";
+const u32_t AKA_OWLAN_MNC_STRING_LENGTH = sizeof(AKA_OWLAN_MNC_STRING)-1ul;
+
+const u8_t AKA_OWLAN_DOT_STRING[] = ".";
+const u32_t AKA_OWLAN_DOT_STRING_LENGTH = sizeof(AKA_OWLAN_DOT_STRING)-1ul;
+
+const u8_t AKA_OWLAN_MCC_STRING[] = "mcc";
+const u32_t AKA_OWLAN_MCC_STRING_LENGTH = sizeof(AKA_OWLAN_MCC_STRING)-1ul;
+
+const u8_t AKA_OWLAN_ORG_STRING[] = "3gppnetwork.org";
+const u32_t AKA_OWLAN_ORG_STRING_LENGTH = sizeof(AKA_OWLAN_ORG_STRING)-1ul;
+
+
+enum eap_type_aka_constants_e
+{
+ EAP_TYPE_AKA_NONCE_MT_SIZE = 16ul, ///< bytes = 128 bits
+ EAP_TYPE_AKA_MAC_SIZE = 16ul, ///< bytes = 128 bits
+ EAP_TYPE_AKA_KEYMAT_SIZE = 20ul, ///< bytes = 160 bits
+ EAP_TYPE_AKA_MASTER_SESSION_KEY_SIZE = 4u*32ul, ///< bytes
+ EAP_TYPE_AKA_MAX_NAI_LENGTH = 255ul, ///< bytes
+ EAP_TYPE_AKA_MAX_USER_NAI_LENGTH = 255ul, ///< bytes
+ EAP_TYPE_AKA_DEFAULT_MINIMUM_RAND_COUNT = 2ul, ///< count
+ EAP_TYPE_AKA_LOCAL_PACKET_BUFFER_LENGTH = 512ul, ///< This is the size of the local send buffer.
+ EAP_TYPE_AKA_PADDING_MODULUS = 4ul, ///< Padding length is always mudulus of 4.
+ EAP_TYPE_AKA_PADDING_MAX_VALUE = 12ul, ///< Maximum padding length is 12 bytes.
+ EAP_TYPE_AKA_MINIMUM_RAND_LENGTH = 16ul,
+ EAP_TYPE_AKA_MINIMUM_AUTN_LENGTH = 16ul,
+ EAP_TYPE_AKA_AUTS_LENGTH = 14ul,
+ EAP_TYPE_AKA_CK_LENGTH = 16ul,
+ EAP_TYPE_AKA_IK_LENGTH = 16ul,
+ EAP_TYPE_AKA_MINIMUM_RES_LENGTH = 4ul,
+ EAP_TYPE_AKA_MAXIMUM_CHECKCODE_LENGTH = 20ul,
+ EAP_TYPE_AKA_INITIAL_REAUTH_COUNTER = 1ul,
+ EAP_TYPE_AKA_DEFAULT_MNC_LENGTH_3_BYTES = 3ul,
+ EAP_TYPE_AKA_MNC_LENGTH_2_BYTES = 2ul,
+ EAP_TYPE_AKA_MNC_OFFSET = 3ul,
+ EAP_TYPE_AKA_MCC_LENGTH = 3ul,
+ EAP_TYPE_AKA_MCC_OFFSET = 0ul,
+ EAP_TYPE_AKA_MINIMUM_IMSI_LENGTH = EAP_TYPE_AKA_MCC_LENGTH+EAP_TYPE_AKA_MNC_LENGTH_2_BYTES+1,
+};
+
+enum eap_type_aka_timer_id_e
+{
+ EAP_TYPE_AKA_TIMER_DELAY_FAILURE_MESSAGE_SENT_ID,
+ EAP_TYPE_AKA_TIMER_DELAY_NOTIFICATION_MESSAGE_ID,
+};
+
+enum eap_type_aka_timer_timeout_value_e
+{
+ EAP_TYPE_AKA_TIMER_TIMEOUT_VALUE_DELAY_FAILURE_MESSAGE_SENT = 0ul, ///< This is the default value. Zero means error message is handled immediately.
+};
+
+enum eap_type_aka_stored_e
+{
+ eap_type_aka_stored_none,
+ eap_type_aka_stored_reauth_xkey,
+ eap_type_aka_stored_reauth_k_aut,
+ eap_type_aka_stored_reauth_k_encr,
+ eap_type_aka_stored_pseudonym_identity,
+ eap_type_aka_stored_reauth_identity,
+ eap_type_aka_stored_pseudonym_key,
+ eap_type_aka_stored_pseudonym_mac_key,
+ eap_type_aka_stored_prev_pseudonym_key,
+ eap_type_aka_stored_prev_pseudonym_mac_key,
+ eap_type_aka_stored_pseudonym_key_index,
+ eap_type_aka_stored_pseudonym_key_use_count,
+ eap_type_aka_stored_pseudonym_use_count,
+ eap_type_aka_stored_reauth_use_count,
+ eap_type_aka_stored_saved_reauth_counter,
+ eap_type_aka_stored_sqn,
+};
+
+
+/**
+ * @defgroup AKA_config_options Configuration options of AKA.
+ * The following configuration options are read through abs_eap_base_type_c::read_configure() function.
+ * @{
+ */
+
+/**
+ * This u32_t configuration option is timeout in milli seconds before erroneous message is processed.
+ * This is useful in protocol testing or if some delay is needed in final application.
+ * Default value is 0.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_AKA_failure_message_delay_time,
+ "EAP_AKA_failure_message_delay_time",
+ eap_configure_type_u32_t,
+ false);
+
+/**
+ * This boolean configuration option specifies whether the username should
+ * be generated automatically.
+ * Default value is 0. That will cause use of automatic username. If this is 1
+ * then cf_str_EAP_AKA_manual_username is used as the username.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_AKA_use_manual_username,
+ "EAP_AKA_use_manual_username",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This string configuration option is the username part of EAP-type AKA identity.
+ * Default value is empty string. That will cause use of automatic username.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_AKA_manual_username,
+ "EAP_AKA_manual_username",
+ eap_configure_type_string,
+ false);
+
+/**
+ * This boolean configuration option specifies whether the realm should
+ * be generated automatically.
+ * Default value is 0. That will cause use of automatic realm. If this is 1
+ * then cf_str_EAP_AKA_manual_realm is used as the realm.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_AKA_use_manual_realm,
+ "EAP_AKA_use_manual_realm",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This string configuration option is the realm part of EAP-type AKA identity.
+ * Default value is empty string. That will cause use of automatic realm.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_AKA_manual_realm,
+ "EAP_AKA_manual_realm",
+ eap_configure_type_string,
+ false);
+
+/**
+ * This is boolean configuration option.
+ * True value means on successfull authentication EAP-type AKA waits the EAP-Success message.
+ * False value means on successfull authentication EAP-type AKA does NOT wait the EAP-Success message.
+ * NOTE: True value is needed in Windows RAS.
+ * Default value is true.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_AKA_wait_eap_success_packet,
+ "EAP_AKA_wait_eap_success_packet",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This is boolean configuration option.
+ * True value means on EAP-type AKA must check identifier of EAP-Response/Identity message.
+ * False value means on EAP-type AKA does not check identifier of EAP-Response/Identity message.
+ * This is not possible in cases where identifier of the EAP-Request/Identity is generated by other network entities.
+ * Default value is false.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_AKA_check_identifier_of_eap_identity_response,
+ "EAP_AKA_check_identifier_of_eap_identity_response",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This is boolean configuration option.
+ * This flag activates NAI realm check. Default value is false.
+ * When active NAI realm muts be the same as realm given by EAP_AKA_manual_realm option.
+ * Default value is false.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_AKA_check_nai_realm,
+ "EAP_AKA_check_nai_realm",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This is for testing.
+ * This string configuration option is the full path name of the nonce_mt file.
+ * Default value is empty string.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_AKA_nonce_mt_file,
+ "EAP_AKA_nonce_mt_file",
+ eap_configure_type_string,
+ false);
+
+/**
+ * This is for testing.
+ * This string configuration option is the full path name of the triplet file.
+ * Default value is empty string.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_AKA_authentication_vector_file,
+ "EAP_AKA_authentication_vector_file",
+ eap_configure_type_string,
+ false);
+
+/**
+ * This is for testing.
+ * This string configuration option is the full path name of the pseudonym file.
+ * Default value is empty string.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_AKA_pseudonym_file,
+ "EAP_AKA_pseudonym_file",
+ eap_configure_type_string,
+ false);
+
+/**
+ * This is for testing.
+ * This string configuration option is the full path name of the reauthentication file.
+ * Default value is empty string.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_AKA_reauthentication_file,
+ "EAP_AKA_reauthentication_file",
+ eap_configure_type_string,
+ false);
+
+/**
+ * This is for testing.
+ * This string configuration option is the full path name of the encryption IV file.
+ * Default value is empty string.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_AKA_encryption_iv_file,
+ "EAP_AKA_encryption_iv_file",
+ eap_configure_type_string,
+ false);
+
+/**
+ * This is boolean configuration option.
+ * True value means client of EAP-type AKA responds to every re-transmitted EAP-AKA request packets.
+ * False value means client of EAP-type AKA does not respond to any re-transmitted EAP-AKA request packets,
+ * instead the EAP layer does re-transmit the response.
+ * The default value is false.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_AKA_client_responds_retransmitted_packets,
+ "EAP_AKA_client_responds_retransmitted_packets",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This is boolean configuration option.
+ * This is for testing.
+ * True value means test version of EAP-type AKA is used.
+ * Test version tries to make as many authentications as it is possible.
+ * False value means on real version of EAP-type AKA is used.
+ * Default value is false.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_AKA_test_version,
+ "EAP_AKA_test_version",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This is boolean configuration option.
+ * This is for testing.
+ * True value means server refuses EAP-identity randomly.
+ * False value means does not refuse EAP-identity randomly.
+ * NOTE EAP_AKA_test_version option must be true also.
+ * Default value is false.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_AKA_randomly_refuse_eap_identity,
+ "EAP_AKA_randomly_refuse_eap_identity",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This is boolean configuration option.
+ * True value means on test of re-authentication counter of EAP-type AKA will fail always.
+ * NOTE EAP_AKA_test_version option must be true also.
+ * Default value is false.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_AKA_fail_re_authentication_counter_check,
+ "EAP_AKA_fail_re_authentication_counter_check",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This is boolean configuration option.
+ * True value of this flag allows server accept the EAP-Response/Identity message.
+ * False value does not allow server accept the EAP-Response/Identity message.
+ * Instead server queries identity in EAP-Request/AKA/Start with AT_ANY_ID_REQ attribute.
+ * Default value is true.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_AKA_accept_eap_identity_response,
+ "EAP_AKA_accept_eap_identity_response",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This is boolean configuration option.
+ * True value of this flag causes client return random
+ * identity on EAP-Response/Identity.
+ * False value causes client return real identity
+ * (IMSI, pseudonym or re-authentication identity)
+ * in EAP-Response/Identity.
+ * Default value is false.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_AKA_use_random_identity_on_eap_identity_response,
+ "EAP_AKA_use_random_identity_on_eap_identity_response",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This is string configuration option.
+ * This option selects the AKA algorithm used in akaulation.
+ * Possible values are "nokia_test_network_xor" or "tls_prf_with_shared_secret".
+ * The default value is nokia_test_network_xor.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_AKA_simulator_aka_algorithm,
+ "EAP_AKA_simulator_aka_algorithm",
+ eap_configure_type_string,
+ false);
+
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_AKA_simulator_aka_algorithm_config_value_nokia_test_network_xor,
+ "nokia_test_network_xor",
+ eap_configure_type_string,
+ false);
+
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_AKA_simulator_aka_algorithm_config_value_tls_prf_with_shared_secret,
+ "tls_prf_with_shared_secret",
+ eap_configure_type_string,
+ false);
+
+/**
+ * This is hex data configuration option.
+ * This Ki is used in software-AKA (SW-AKA) implementation of MILENAGE algorithm.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_AKA_simulator_aka_k,
+ "EAP_AKA_simulator_aka_k",
+ eap_configure_type_hex_data,
+ false);
+
+/**
+ * This is hex data configuration option.
+ * This OP is used in software-AKA (SW-AKA) implementation of MILENAGE algorithm.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_AKA_simulator_aka_op,
+ "EAP_AKA_simulator_aka_op",
+ eap_configure_type_hex_data,
+ false);
+
+/**
+ * This is 16-bit hex data configuration option.
+ * This AMF is used in software-AKA (SW-AKA) implementation of MILENAGE algorithm.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_AKA_simulator_aka_amf,
+ "EAP_AKA_simulator_aka_amf",
+ eap_configure_type_hex_data,
+ false);
+
+/**
+ * This is boolean configuration option.
+ * This flag tells whether the random synchronization errors
+ * of MILENAGE algorithm must be done (true) or not (false).
+ * Default value is false.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_AKA_simulator_aka_do_random_synchronization_errors,
+ "EAP_AKA_simulator_aka_do_random_synchronization_errors",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This is boolean configuration option.
+ * This flag tells whether the pseudonym identity could be used (true) or not (false).
+ * Default value is true.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_AKA_use_pseudonym_identity,
+ "EAP_AKA_use_pseudonym_identity",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This is boolean configuration option.
+ * This flag tells whether the re-authentication identity could be used (true) or not (false).
+ * Default value is true.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_AKA_use_reauthentication_identity,
+ "EAP_AKA_use_reauthentication_identity",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This is boolean configuration option.
+ * This is used in simulator testing.
+ * True value means queries to AM are completed asyncronous.
+ * False value means queries to AM are completed syncronous.
+ * Default value is false.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_AKA_do_asyncronous_completions,
+ "EAP_AKA_do_asyncronous_completions",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This is boolean configuration option.
+ * This is used in simulator testing.
+ * True value means authentication_vector queries to AM are failed randomly.
+ * False value means authentication_vector queries to AM are not failed.
+ * Default value is false.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_AKA_fail_AKA_authentication_vector_query_randomly,
+ "EAP_AKA_fail_AKA_authentication_vector_query_randomly",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This is boolean configuration option.
+ * This is used in simulator testing.
+ * True value means queries to AM are randomly completed asyncronous.
+ * False value means queries to AM are randomly completed syncronous.
+ * Default value is false.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_AKA_do_asyncronous_completions_randomly,
+ "EAP_AKA_do_asyncronous_completions_randomly",
+ eap_configure_type_boolean,
+ false);
+
+
+/**
+ * This is boolean configuration option.
+ * This is used in simulator testing.
+ * True value means EAP-AKA server fails randomly successfull authentication.
+ * False value means EAP-AKA server does NOT fail randomly successfull authentication.
+ * Default value is false.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_AKA_randomly_fail_successfull_authentication,
+ "EAP_AKA_randomly_fail_successfull_authentication",
+ eap_configure_type_boolean,
+ false);
+
+
+/**
+ * This is boolean configuration option.
+ * This is used in simulator testing.
+ * True value means EAP-AKA client and server allows result indications.
+ * False value means EAP-AKA client and server does NOT allow result indications.
+ * Default value is true.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_AKA_allow_use_result_indication,
+ "EAP_AKA_allow_use_result_indication",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This is boolean configuration option. True value activates use of expanded EAP type field of 64-bits in length.
+ * False value forces to use the normal 8-bit EAP type field.
+ * Default value is false.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_AKA_use_eap_expanded_type,
+ "EAP_AKA_use_eap_expanded_type",
+ eap_configure_type_boolean,
+ false);
+
+
+/**
+ * This is boolean configuration option.
+ * This is used in simulator testing.
+ * True value means EAP-AKA server allows result indications.
+ * False value means EAP-AKA server does NOT allow result indications.
+ * NOTE this option over rides cf_str_EAP_AKA_allow_use_result_indication
+ * in server.
+ * Default value is true.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_AKA_server_allow_use_result_indication,
+ "EAP_AKA_server_allow_use_result_indication",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This is boolean configuration option.
+ * This flag tells whether the UMA profile is used (true) or not (false).
+ * Default value is false.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_AKA_UMA_profile,
+ "EAP_AKA_UMA_profile",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This is string configuration option.
+ * The string is the prefix of automatic realm in the UMA profile.
+ * Note also the EAP_AKA_UMA_profile must be true before
+ * this option is used.
+ * Default value is empty.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_AKA_UMA_realm_prefix,
+ "EAP_AKA_UMA_realm_prefix",
+ eap_configure_type_string,
+ false);
+
+/**
+ * This u32_t array configuration option is includes those MCCs that uses 2 digit MNC.
+ * Default value is empty array.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_AKA_2_digit_mnc_map_of_mcc_of_imsi_array,
+ "EAP_AKA_GSMSIM_2_digit_mnc_map_of_mcc_of_imsi_array",
+ eap_configure_type_u32array,
+ false);
+
+/**
+ * This is boolean configuration option.
+ * This is used in simulator testing.
+ * True value means EAP-AKA server randomly skip pseudonym and fast-reauth identity generation.
+ * False value means EAP-AKA server does generate those identities.
+ * Default value is false.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_AKA_server_randomly_skip_identity_generation,
+ "EAP_AKA_server_randomly_skip_identity_generation",
+ eap_configure_type_boolean,
+ false);
+
+/**
+ * This u32_t configuration value specifies the maximum session validity time in seconds.
+ * Default value is 12 hours in seconds, which is 43200 seconds.
+ */
+EAP_CONFIGURATION_FIELD(
+ cf_str_EAP_AKA_max_session_validity_time,
+ "EAP_AKA_max_session_validity_time",
+ eap_configure_type_u32_t,
+ false);
+
+/** @} */ // End of group AKA_config_options.
+
+//--------------------------------------------------
+
+/// Macro traces payload type and data.
+#define EAP_AKA_TRACE_PAYLOAD(prefix, payload) \
+ { \
+ EAP_TRACE_DEBUG( \
+ m_am_tools, TRACE_FLAGS_DEFAULT|TRACE_TEST_VECTORS, \
+ (EAPL("%s (0x%08x): current payload 0x%04x=%s, data length 0x%04x.\n"), \
+ prefix, (payload)->get_header_buffer((payload)->get_payload_length()), (payload)->get_current_payload(), \
+ (payload)->get_payload_AT_string(), (payload)->get_data_length())); \
+ EAP_TRACE_DATA_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT|TRACE_TEST_VECTORS, (EAPL("payload"), \
+ (payload)->get_header_buffer((payload)->get_payload_length()), \
+ (payload)->get_payload_length())); \
+ }
+
+//--------------------------------------------------
+
+
+/// These are the stored attributes for message authentication calculations.
+class eap_type_aka_MAC_attributes_c
+{
+private:
+ //--------------------------------------------------
+
+ u8_t * m_MAC; ///< This is the pointer to MAC.
+ u32_t m_MAC_size; ///< This is the size of the MAC.
+ u8_t *m_data; ///< This is the pointer to the authenticated data.
+ u32_t m_data_length; ///< This the length of the authenticated data.
+
+ //--------------------------------------------------
+public:
+ //--------------------------------------------------
+
+ virtual ~eap_type_aka_MAC_attributes_c();
+
+ eap_type_aka_MAC_attributes_c();
+
+ eap_type_aka_MAC_attributes_c(
+ u8_t * MAC,
+ u32_t MAC_size,
+ u8_t * const EAP_data,
+ u32_t EAP_data_length);
+
+ void init(
+ u8_t * MAC,
+ u32_t MAC_size,
+ u8_t * const EAP_data,
+ u32_t EAP_data_length);
+
+ u8_t * get_MAC() const;
+
+ void set_MAC(u8_t * MAC);
+
+ u32_t get_MAC_size() const;
+
+ eap_type_aka_MAC_attributes_c * copy() const;
+
+ u8_t * get_data() const;
+
+ u32_t get_data_length();
+
+ void set_data(u8_t * const data);
+
+ //--------------------------------------------------
+};
+
+
+#endif //#if !defined(_AKA_TYPES_H_)
+
+//--------------------------------------------------
+
+
+
+// End.