--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/eapol/eapol_framework/eapol_common/type/mschapv2/include/eap_type_mschapv2.h	Thu Dec 17 08:47:43 2009 +0200
@@ -0,0 +1,411 @@
+/*
+* Copyright (c) 2001-2006 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of the License "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description:  EAP and WLAN authentication protocols.
+*
+*/
+
+
+
+#ifndef _MSCHAPV2_CORE_H_
+#define _MSCHAPV2_CORE_H_
+
+#include "eap_base_type.h"
+#include "eap_crypto_api.h"
+#include "eap_type_mschapv2_state.h"
+
+#include "eap_am_network_id.h"
+#include "abs_eap_am_type_mschapv2.h"
+#include "eap_am_type_mschapv2.h"
+#include "eap_type_mschapv2_header.h"
+
+
+/// This class is implementation of MS-CHAP-v2 EAP-type.
+class EAP_EXPORT eap_type_mschapv2_c
+	: public abs_eap_am_type_mschapv2_c 
+	, public eap_base_type_c
+{
+
+private:
+
+	/// This is pointer to adaptation module of MS-Chap-v2 EAP type.
+	eap_am_type_mschapv2_c * const m_am_type_mschapv2;
+
+	/// This is pointer to the tools class.
+	abs_eap_am_tools_c * const m_am_tools;
+
+	/// When eap_session_core_c is used. Each EAP type object does handle only one session.
+	eap_type_mschapv2_state_c m_session;
+
+	eap_am_network_id_c m_send_network_id;
+
+	crypto_random_c m_rand;
+	
+	/// This is username and identity (UTF8)
+	eap_variable_data_c m_username_utf8;
+
+	eap_variable_data_c m_password_utf8;
+
+	eap_variable_data_c m_old_password_utf8;
+
+	eap_variable_data_c m_password_hash;
+
+	eap_variable_data_c m_password_hash_hash;
+
+
+#if defined(USE_FAST_EAP_TYPE)
+	eap_variable_data_c m_client_EAP_FAST_challenge;
+
+	eap_variable_data_c m_server_EAP_FAST_challenge;
+#endif //#if defined(USE_FAST_EAP_TYPE)
+
+
+	u8_t m_authenticator_challenge[EAP_MSCHAPV2_AUTHENTICATOR_CHALLENGE_SIZE];
+
+	u8_t m_peer_challenge[EAP_MSCHAPV2_PEER_CHALLENGE_SIZE];
+
+	u8_t m_nt_response[EAP_MSCHAPV2_NT_RESPONSE_SIZE];
+
+	u32_t m_offset;
+
+	u32_t m_mtu_length;
+
+	u32_t m_trailer_length;
+
+	u32_t m_error_code;
+
+	/// This indicates whether this object was generated successfully.
+	bool m_is_valid;
+
+	/// This indicates whether this object is client (true) or server (false).
+	/// In terms of EAP-protocol whether this network entity is EAP-supplicant (true) or EAP-authenticator (false).
+	bool m_is_client;
+
+	bool m_free_am_type_mschapv2;
+
+	bool m_is_pending;
+
+	bool m_identity_asked;
+
+	bool m_wait_eap_success;
+
+	bool m_wait_eap_success_packet;
+
+	bool m_is_reauthentication;
+	
+	bool m_is_notification_sent;
+
+	bool m_shutdown_was_called;
+
+	bool m_password_prompt_enabled;
+
+	u8_t m_identifier;
+
+	u8_t m_mschapv2id;
+
+#if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK)
+	bool m_use_implicit_challenge;
+#endif //#if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK)
+
+#if defined(EAP_MSCHAPV2_SERVER)
+	bool m_do_password_expiration_tests;
+
+	bool m_password_expired;
+#endif //#if defined(EAP_MSCHAPV2_SERVER)
+
+	bool m_do_wrong_password_tests;
+
+	bool m_use_eap_expanded_type;
+
+#if defined(USE_FAST_EAP_TYPE)
+
+	bool m_use_EAP_FAST_full_key;
+
+	bool m_use_EAP_FAST_challenge;
+
+#endif //#if defined(USE_FAST_EAP_TYPE)
+
+	// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+	
+	void send_error_notification(const eap_status_e error);
+
+	eap_status_e finish_successful_authentication();
+
+	eap_status_e finish_unsuccessful_authentication(
+		const bool authentication_cancelled);
+
+	eap_status_e complete_eap_identity_query();
+
+	eap_status_e complete_failure_retry_response();
+
+	eap_status_e complete_change_password_query();
+
+	eap_status_e client_packet_process(
+		eap_header_wr_c * const eap, ///< This is pointer to EAP header and data.
+		const u32_t eap_packet_length ///< This is length of received EAP packet.
+		);
+
+	eap_status_e client_mschapv2_packet_process(
+	eap_header_wr_c * const received_eap,
+	const u32_t eap_packet_length);
+
+	eap_status_e client_handle_challenge_request(mschapv2_header_c &challenge_request);
+
+	eap_status_e client_handle_success_request(mschapv2_header_c &success_request);
+
+	eap_status_e client_handle_failure_request(mschapv2_header_c &success_request);
+
+	eap_status_e client_send_challenge_response();
+
+
+	/**
+	 * This function processes the MS-CHAP-V2 packets.
+	 */
+	eap_status_e mschapv2_packet_process(
+		eap_header_wr_c * const eap, ///< This is pointer to EAP header and data.
+		const u32_t eap_packet_length ///< This is length of received EAP packet.
+		);
+
+	/**
+	 * This function tells if the object is a client or a server..
+	 */
+	bool get_is_client();
+
+	eap_buf_chain_wr_c * create_send_packet(u32_t length);
+
+	eap_status_e packet_send(
+		eap_buf_chain_wr_c * const data,
+		const u32_t data_length);
+
+	eap_status_e send_success_failure_response(bool is_success_response);
+
+	eap_status_e mschapv2_convert_unicode_to_ascii(eap_variable_data_c & dest_ascii, const eap_variable_data_c & src_unicode);
+
+	eap_status_e mschapv2_convert_ascii_to_unicode(eap_variable_data_c & dest_unicode, const eap_variable_data_c & src_ascii);
+
+	/* From Ms-CHAP-v2 RFC */
+
+	eap_status_e generate_nt_response(
+		const u8_t * const authenticator_challenge,
+		const u8_t * const peer_challenge,
+		const u8_t * const username_utf8,
+		const u32_t username_size,
+		const eap_variable_data_c * const password_hash,
+		u8_t * const response);
+
+	eap_status_e challenge_hash(
+		const u8_t * const peer_challenge,
+		const u8_t * const authenticator_challenge,
+		const u8_t * const username_utf8,
+		const u32_t username_size,
+		u8_t * const challenge);
+
+	eap_status_e challenge_response(
+		const u8_t * const challenge,
+		const u8_t * const password_hash,
+		u8_t * const response);
+
+	eap_status_e des_crypt(
+		const u8_t * const data_in,
+		const u8_t * const key,
+		u8_t * const data_out,
+		const bool is_encrypt);
+
+	eap_status_e des_encrypt(
+		const u8_t * const clear,
+		const u8_t * const block,
+		u8_t * const cypher)
+	{
+		return des_crypt(clear, block, cypher, true);
+	}
+
+	eap_status_e des_decrypt(
+		u8_t * const clear,
+		const u8_t * const block,
+		const u8_t * const cypher)
+	{
+		return des_crypt(cypher, block, clear, false);
+	}
+
+	eap_status_e generate_authenticator_response(
+		const u8_t * const password_hash_hash,
+		const u8_t * const nt_response,
+		const u8_t * const peer_challenge,
+		const u8_t * const authenticator_challenge,
+		const u8_t * const username,
+		const u32_t username_size,
+		u8_t * const authenticator_response);
+
+	eap_status_e check_authenticator_response(
+		const eap_variable_data_c * const password_hash_hash,
+		const u8_t * const nt_response,
+		const u8_t * const peer_challenge,
+		const u8_t * const authenticator_challenge,
+		const u8_t * const username,
+		const u32_t username_size,
+		const u8_t * const received_response,
+		bool & response_ok);
+
+	eap_status_e new_password_encrypted_with_old_nt_password_hash(
+		const eap_variable_data_c * const new_password_utf8,
+		const eap_variable_data_c * const old_password_hash,
+		u8_t * encrypted_pw_block);
+
+	eap_status_e encrypt_pw_block_with_password_hash(
+		const eap_variable_data_c * const new_password_utf8,
+		const u8_t * const password_hash,
+		u8_t * pw_block);
+
+	eap_status_e rc4_encrypt(
+		const u8_t * const clear,
+		const u32_t clear_length,
+		const u8_t * const key,
+		const u32_t key_length,
+		u8_t * const cypher);
+
+	eap_status_e old_nt_password_hash_encrypted_with_new_nt_password_hash(
+		const eap_variable_data_c * const new_password_hash,
+		const eap_variable_data_c * const old_password_hash,
+		eap_variable_data_c * const encrypted_password_hash);
+
+	eap_status_e nt_password_hash_encrypted_with_block(
+		const eap_variable_data_c * const password_hash,
+		const eap_variable_data_c * const block,
+		eap_variable_data_c * const cypher);
+
+	eap_status_e generate_session_key(
+		eap_master_session_key_c * const key);
+
+	/***************************/
+
+#if defined(EAP_MSCHAPV2_SERVER)
+
+	eap_status_e server_packet_process(
+		eap_header_wr_c * const received_eap,
+		const u32_t eap_packet_length);
+
+	eap_status_e server_mschapv2_packet_process(
+		eap_header_wr_c * const received_eap,
+		const u32_t eap_packet_length);
+
+	bool check_expired_password();
+
+	eap_status_e server_handle_challenge_response(mschapv2_header_c &machapv2_packet);
+
+	eap_status_e server_handle_success_response();
+
+	eap_status_e server_handle_failure_response();
+
+	eap_status_e server_handle_password_change(mschapv2_header_c &machapv2_packet);
+
+	/**
+	 * This function parses all payloads of the whole MSCHAPV2 EAP packet.
+	 */
+	eap_status_e parse_mschapv2_packet(
+		eap_header_wr_c * const eap, ///< This is pointer to EAP header and data.
+		const u32_t eap_packet_length ///< This is length of received EAP packet.
+		);
+
+
+	eap_status_e parse_mschapv2_payload(
+		eap_header_wr_c * const eap, ///< This is pointer to EAP header and data.
+		const u32_t eap_packet_length ///< This is length of received EAP packet.
+		);
+
+	eap_status_e send_failure_request(
+		const bool retry_allowed,
+		const u8_t * const message,
+		const u32_t message_length);
+
+	eap_status_e send_success_request(
+		const u8_t * const message,
+		const u32_t message_length);
+
+	 /**
+	 * This function handles the received EAP-Response/Identity message and chenge challenge request to client.
+	 */
+	eap_status_e handle_identity_response_message();
+
+	eap_status_e rc4_decrypt(
+		const u8_t * const cypher,
+		const u32_t cypher_length,
+		const u8_t * const key,
+		const u32_t key_length,
+		u8_t * const clear);
+
+#endif //#if defined(EAP_MSCHAPV2_SERVER)
+
+	/******************************/
+
+protected:
+
+public:
+
+	/**
+	 * Destructor cancels all timers and deletes member attributes.
+	 */
+	EAP_FUNC_IMPORT virtual ~eap_type_mschapv2_c();
+
+	/**
+	 * Constructor initializes all member attributes.
+	 */
+	EAP_FUNC_IMPORT eap_type_mschapv2_c(
+		abs_eap_am_tools_c * const tools,
+		abs_eap_base_type_c * const partner,
+		eap_am_type_mschapv2_c * const am_type_mschapv2,
+		const bool free_am_type_mschapv2,
+		const bool is_client_when_true,
+		const eap_am_network_id_c * const receive_network_id);
+
+	/**
+	 * The partner class calls this function when EAP/MS-CHAP-v2 packet is received.
+	 * see also eap_base_type_c::packet_process().
+	 */
+	EAP_FUNC_IMPORT eap_status_e packet_process(
+		const eap_am_network_id_c * const receive_network_id, ///< This is the network identity of the received EAP packet.
+		eap_header_wr_c * const eap, ///< This is pointer to EAP header and data.
+		const u32_t eap_packet_length ///< This is length of received EAP packet.
+		);
+
+	// This is commented in eap_base_type_c::get_is_valid().
+	EAP_FUNC_IMPORT bool get_is_valid();
+	
+	EAP_FUNC_IMPORT void set_is_valid();
+
+	/**
+	 * This function resets the reused eap_type_mschapv2_c object.
+	 */
+	EAP_FUNC_IMPORT eap_status_e reset();
+
+	EAP_FUNC_IMPORT eap_status_e shutdown();
+
+	EAP_FUNC_IMPORT eap_status_e set_initial_eap_identifier(
+		const eap_am_network_id_c * const receive_network_id,
+		const u8_t initial_identifier);
+
+	// This is commented in eap_base_type_c::eap_acknowledge().
+	EAP_FUNC_IMPORT eap_status_e eap_acknowledge(
+		const eap_am_network_id_c * const receive_network_id);
+
+	EAP_FUNC_IMPORT eap_status_e configure();
+
+	// This is commented in eap_base_type_c::query_eap_identity().
+	EAP_FUNC_IMPORT eap_status_e query_eap_identity(
+		const bool must_be_synchronous,
+		eap_variable_data_c * const identity,
+		const eap_am_network_id_c * const receive_network_id,
+		const u8_t eap_identifier);
+
+}; // class eap_type_mschap_c
+
+#endif // _MSCHAPV2_CORE_H_