eap_md5.hxx

Diameter协议栈

      received, or an optional retry counter expires.

      A Challenge packet MAY also be transmitted at any time during the
      Network-Layer Protocol phase to ensure that the connection has not
      been altered.

      The peer SHOULD expect Challenge packets during the Authentication
      phase and the Network-Layer Protocol phase.  Whenever a Challenge
      packet is received, the peer MUST transmit a CHAP packet with the
      Code field set to 2 (Response).

      Whenever a Response packet is received, the authenticator compares
      the Response Value with its own calculation of the expected value.
      Based on this comparison, the authenticator MUST send a Success or
      Failure packet (described below).

         Implementation Notes: Because the Success might be lost, the
         authenticator MUST allow repeated Response packets during the
         Network-Layer Protocol phase after completing the
         Authentication phase.  To prevent discovery of alternative
         Names and Secrets, any Response packets received having the
         current Challenge Identifier MUST return the same reply Code
         previously returned for that specific Challenge (the message
         portion MAY be different).  Any Response packets received
         during any other phase MUST be silently discarded.

         When the Failure is lost, and the authenticator terminates the
         link, the LCP Terminate-Request and Terminate-Ack provide an
         alternative indication that authentication failed.


   A summary of the Challenge and Response packet format is shown below.
   The fields are transmitted from left to right.

   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Code      |  Identifier   |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  Value-Size   |  Value ...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  Name ...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Code

      1 for Challenge;

      2 for Response.

   Identifier

      The Identifier field is one octet.  The Identifier field MUST be
      changed each time a Challenge is sent.

      The Response Identifier MUST be copied from the Identifier field
      of the Challenge which caused the Response.

   Value-Size

      This field is one octet and indicates the length of the Value
      field.

   Value

      The Value field is one or more octets.  The most significant octet
      is transmitted first.

      The Challenge Value is a variable stream of octets.  The
      importance of the uniqueness of the Challenge Value and its
      relationship to the secret is described above.  The Challenge
      Value MUST be changed each time a Challenge is sent.  The length
      of the Challenge Value depends upon the method used to generate
      the octets, and is independent of the hash algorithm used.

      The Response Value is the one-way hash calculated over a stream of
      octets consisting of the Identifier, followed by (concatenated
      with) the "secret", followed by (concatenated with) the Challenge
      Value.  The length of the Response Value depends upon the hash
      algorithm used (16 octets for MD5).


   Name

      The Name field is one or more octets representing the
      identification of the system transmitting the packet.  There are
      no limitations on the content of this field.  For example, it MAY
      contain ASCII character strings or globally unique identifiers in
      ASN.1 syntax.  The Name should not be NUL or CR/LF terminated.
      The size is determined from the Length field."

*/

/// Peer state machine for EAP MD5-Challenge authentication method.
class EAP_EXPORTS EapPeerMD5ChallengeStateMachine 
  :  public EapMethodStateMachine,
     public EapStateMachine<EapPeerMD5ChallengeStateMachine>
{
  friend class EapMethodStateMachineCreator<EapPeerMD5ChallengeStateMachine>;
  friend class EapPeerMD5ChallengeStateTable_S;
public:

  /// Reimplemented from EapMethodStateMachine
  void Start() throw(AAA_Error)
  {
    isDone = false;
    EapStateMachine<EapPeerMD5ChallengeStateMachine>::Start();
  }

  /// Reimplemented from EapMethodStateMachine
  inline void Notify(AAA_Event ev)
  {
    EapStateMachine<EapPeerMD5ChallengeStateMachine>::Notify(ev);
  }

  /// This pure virtual function is a callback used when a passpharase
  /// needs to be obtained.
  virtual void InputPassphrase()=0;

  /// This function is used for getting the passphrase data.
  std::string& Passphrase() { return passphrase; }

  /// This function is used for getting the value data.
  std::string& Value() { return value; }

  /// This function is used for getting myName data.
  std::string& MyName() { return myName; }

  /// This function is used for getting peerName data.
  std::string& PeerName() { return peerName; }

protected:
  EapPeerMD5ChallengeStateMachine(EapSwitchStateMachine &s);
  ~EapPeerMD5ChallengeStateMachine() {} 

private:
  /// Shared secret.
  std::string passphrase;

  /// My name and peer name.
  std::string myName, peerName;

  /// The value data to send.
  std::string value;
};

/// Authenticator state machine for EAP MD5-Challenge method.
class EAP_EXPORTS EapAuthMD5ChallengeStateMachine 
  : public EapMethodStateMachine,
    public EapStateMachine<EapAuthMD5ChallengeStateMachine>
{
  friend class EapMethodStateMachineCreator<EapAuthMD5ChallengeStateMachine>;
  friend class EapAuthMD5ChallengeStateTable_S;  
public:

  /// Reimplemented from EapMethodStateMachine
  void Start() throw(AAA_Error)
  {
    EapStateMachine<EapAuthMD5ChallengeStateMachine>::Start();
  }

  /// Reimplemented from EapMethodStateMachine
  inline void Notify(AAA_Event ev)
  {
    EapStateMachine<EapAuthMD5ChallengeStateMachine>::Notify(ev);
  }

  void Receive(AAAMessageBlock *b) {}

  /// This pure virtual function is a callback used when a passpharase
  /// needs to be obtained.
  virtual void InputPassphrase()=0;

  /// This function is used for getting the passphrase data.
  std::string& Passphrase() { return passphrase; }

  /// This function is used for getting the value data.
  std::string& Value() { return value; }

  /// This function is used for setting the value data.
  //  void Value(std::string& str) { value=str; }

  /// This function is used for getting myName data.
  std::string& MyName() { return myName; }

  /// This function is used for getting peerName data.
  std::string& PeerName() { return peerName; }

protected:
  EapAuthMD5ChallengeStateMachine(EapSwitchStateMachine &s);
  ~EapAuthMD5ChallengeStateMachine() {} 

private:
  /// Shared secret.
  std::string passphrase;

  /// My name and peer name.
  std::string myName, peerName;

  /// The value data to send.
  std::string value;
};

#endif // __EAP_MD5_HXX__