doc/authenticator_8h_source.html

/**

 * @file authenticator.h

 * @brief 802.1X authenticator

 *

 * @section License

 *

 * SPDX-License-Identifier: GPL-2.0-or-later

 *

 * Copyright (C) 2022-2024 Oryx Embedded SARL. All rights reserved.

 *

 * This file is part of CycloneEAP Open.

 *

 * This program is free software; you can redistribute it and/or

 * modify it under the terms of the GNU General Public License

 * as published by the Free Software Foundation; either version 2

 * of the License, or (at your option) any later version.

 *

 * This program is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 * GNU General Public License for more details.

 *

 * You should have received a copy of the GNU General Public License

 * along with this program; if not, write to the Free Software Foundation,

 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 *

 * @author Oryx Embedded SARL (www.oryx-embedded.com)

 * @version 2.4.4

 **/


#ifndef _AUTHENTICATOR_H

#define _AUTHENTICATOR_H


//Forward declaration of AuthenticatorContext structure

struct _AuthenticatorContext;

#define AuthenticatorContext struct _AuthenticatorContext


//Forward declaration of AuthenticatorPort structure

struct _AuthenticatorPort;

#define AuthenticatorPort struct _AuthenticatorPort


//Dependencies

#include "eap/eap.h"

#include "eap/eap_full_auth_fsm.h"

#include "authenticator/authenticator_pae_fsm.h"

#include "authenticator/authenticator_backend_fsm.h"

#include "authenticator/authenticator_reauth_timer_fsm.h"

#include "mac/hmac.h"


//802.1X authenticator support

#ifndef AUTHENTICATOR_SUPPORT

   #define AUTHENTICATOR_SUPPORT ENABLED

#elif (AUTHENTICATOR_SUPPORT != ENABLED && AUTHENTICATOR_SUPPORT != DISABLED)

   #error AUTHENTICATOR_SUPPORT parameter is not valid

#endif


//Stack size required to run the 802.1X authenticator

#ifndef AUTHENTICATOR_STACK_SIZE

   #define AUTHENTICATOR_STACK_SIZE 750

#elif (AUTHENTICATOR_STACK_SIZE < 1)

   #error AUTHENTICATOR_STACK_SIZE parameter is not valid

#endif


//Priority at which the 802.1X authenticator should run

#ifndef AUTHENTICATOR_PRIORITY

   #define AUTHENTICATOR_PRIORITY OS_TASK_PRIORITY_NORMAL

#endif


//802.1X authenticator tick interval (in milliseconds)

#ifndef AUTHENTICATOR_TICK_INTERVAL

   #define AUTHENTICATOR_TICK_INTERVAL 1000

#elif (AUTHENTICATOR_TICK_INTERVAL < 10)

   #error AUTHENTICATOR_TICK_INTERVAL parameter is not valid

#endif


//Size of the transmission buffer

#ifndef AUTHENTICATOR_TX_BUFFER_SIZE

   #define AUTHENTICATOR_TX_BUFFER_SIZE 1500

#elif (AUTHENTICATOR_TX_BUFFER_SIZE < 1)

   #error AUTHENTICATOR_TX_BUFFER_SIZE parameter is not valid

#endif


//Size of the reception buffer

#ifndef AUTHENTICATOR_RX_BUFFER_SIZE

   #define AUTHENTICATOR_RX_BUFFER_SIZE 1500

#elif (AUTHENTICATOR_RX_BUFFER_SIZE < 1)

   #error AUTHENTICATOR_RX_BUFFER_SIZE parameter is not valid

#endif


//Maximum length of the RADIUS server's key

#ifndef AUTHENTICATOR_MAX_SERVER_KEY_LEN

   #define AUTHENTICATOR_MAX_SERVER_KEY_LEN 64

#elif (AUTHENTICATOR_MAX_SERVER_KEY_LEN < 1)

   #error AUTHENTICATOR_MAX_SERVER_KEY_LEN parameter is not valid

#endif


//Default value for the quietPeriod parameter

#ifndef AUTHENTICATOR_DEFAULT_QUIET_PERIOD

   #define AUTHENTICATOR_DEFAULT_QUIET_PERIOD 60

#elif (AUTHENTICATOR_DEFAULT_QUIET_PERIOD < 0)

   #error AUTHENTICATOR_DEFAULT_QUIET_PERIOD parameter is not valid

#endif


//Maximum acceptable value for the quietPeriod parameter

#ifndef AUTHENTICATOR_MAX_QUIET_PERIOD

   #define AUTHENTICATOR_MAX_QUIET_PERIOD 65535

#elif (AUTHENTICATOR_MAX_QUIET_PERIOD < AUTHENTICATOR_DEFAULT_QUIET_PERIOD)

   #error AUTHENTICATOR_MAX_QUIET_PERIOD parameter is not valid

#endif


//Maximum number of reauthentication attempts

#ifndef AUTHENTICATOR_DEFAULT_REAUTH_MAX

   #define AUTHENTICATOR_DEFAULT_REAUTH_MAX 2

#elif (AUTHENTICATOR_DEFAULT_REAUTH_MAX < 0)

   #error AUTHENTICATOR_DEFAULT_REAUTH_MAX parameter is not valid

#endif


//Minimum acceptable value for the serverTimeout parameter

#ifndef AUTHENTICATOR_MIN_SERVER_TIMEOUT

   #define AUTHENTICATOR_MIN_SERVER_TIMEOUT 1

#elif (AUTHENTICATOR_MIN_SERVER_TIMEOUT < 0)

   #error AUTHENTICATOR_MIN_SERVER_TIMEOUT parameter is not valid

#endif


//Default value for the serverTimeout parameter

#ifndef AUTHENTICATOR_DEFAULT_SERVER_TIMEOUT

   #define AUTHENTICATOR_DEFAULT_SERVER_TIMEOUT 30

#elif (AUTHENTICATOR_DEFAULT_SERVER_TIMEOUT < AUTHENTICATOR_MIN_SERVER_TIMEOUT)

   #error AUTHENTICATOR_DEFAULT_SERVER_TIMEOUT parameter is not valid

#endif


//Maximum acceptable value for the serverTimeout parameter

#ifndef AUTHENTICATOR_MAX_SERVER_TIMEOUT

   #define AUTHENTICATOR_MAX_SERVER_TIMEOUT 3600

#elif (AUTHENTICATOR_MAX_SERVER_TIMEOUT < AUTHENTICATOR_DEFAULT_SERVER_TIMEOUT)

   #error AUTHENTICATOR_MAX_SERVER_TIMEOUT parameter is not valid

#endif


//Maximum number of retransmissions before aborting

#ifndef AUTHENTICATOR_DEFAULT_MAX_RETRANS

   #define AUTHENTICATOR_DEFAULT_MAX_RETRANS 4

#elif (AUTHENTICATOR_DEFAULT_MAX_RETRANS < 0)

   #error AUTHENTICATOR_DEFAULT_MAX_RETRANS parameter is not valid

#endif


//Minimum acceptable value for the reAuthPeriod parameter

#ifndef AUTHENTICATOR_MIN_REAUTH_PERIOD

   #define AUTHENTICATOR_MIN_REAUTH_PERIOD 10

#elif (AUTHENTICATOR_MIN_REAUTH_PERIOD < 0)

   #error AUTHENTICATOR_MIN_REAUTH_PERIOD parameter is not valid

#endif


//Default value for the reAuthPeriod parameter

#ifndef AUTHENTICATOR_DEFAULT_REAUTH_PERIOD

   #define AUTHENTICATOR_DEFAULT_REAUTH_PERIOD 3600

#elif (AUTHENTICATOR_DEFAULT_REAUTH_PERIOD < AUTHENTICATOR_MIN_REAUTH_PERIOD)

   #error AUTHENTICATOR_DEFAULT_REAUTH_PERIOD parameter is not valid

#endif


//Maximum acceptable value for the reAuthPeriod parameter

#ifndef AUTHENTICATOR_MAX_REAUTH_PERIOD

   #define AUTHENTICATOR_MAX_REAUTH_PERIOD 86400

#elif (AUTHENTICATOR_MAX_REAUTH_PERIOD < AUTHENTICATOR_DEFAULT_REAUTH_PERIOD)

   #error AUTHENTICATOR_MAX_REAUTH_PERIOD parameter is not valid

#endif


//Maximum length of identity

#ifndef AUTHENTICATOR_MAX_ID_LEN

   #define AUTHENTICATOR_MAX_ID_LEN 64

#elif (AUTHENTICATOR_MAX_ID_LEN < 1)

   #error AUTHENTICATOR_MAX_ID_LEN parameter is not valid

#endif


//Maximum length of State attribute

#ifndef AUTHENTICATOR_MAX_STATE_SIZE

   #define AUTHENTICATOR_MAX_STATE_SIZE 64

#elif (AUTHENTICATOR_MAX_STATE_SIZE < 1)

   #error AUTHENTICATOR_MAX_STATE_SIZE parameter is not valid

#endif


//Method timeout

#ifndef AUTHENTICATOR_DEFAULT_METHOD_TIMEOUT

   #define AUTHENTICATOR_DEFAULT_METHOD_TIMEOUT 5

#elif (AUTHENTICATOR_DEFAULT_METHOD_TIMEOUT < 0)

   #error AUTHENTICATOR_DEFAULT_METHOD_TIMEOUT parameter is not valid

#endif


//Maximum number of retransmissions of RADIUS requests

#ifndef AUTHENTICATOR_MAX_RADIUS_RETRANS

   #define AUTHENTICATOR_MAX_RADIUS_RETRANS 4

#elif (AUTHENTICATOR_MAX_RADIUS_RETRANS < 0)

   #error AUTHENTICATOR_MAX_RADIUS_RETRANS parameter is not valid

#endif


//RADIUS response timeout

#ifndef AUTHENTICATOR_RADIUS_TIMEOUT

   #define AUTHENTICATOR_RADIUS_TIMEOUT 5

#elif (AUTHENTICATOR_RADIUS_TIMEOUT < 0)

   #error AUTHENTICATOR_RADIUS_TIMEOUT parameter is not valid

#endif


//C++ guard

#ifdef __cplusplus

extern "C" {

#endif


/**

 * @brief Session terminate cause

 **/


typedef enum

{

   AUTHENTICATOR_TERMINATE_CAUSE_NOT_TERMINATED_YET        = 0,

   AUTHENTICATOR_TERMINATE_CAUSE_SUPPLICANT_LOGOFF         = 1,

   AUTHENTICATOR_TERMINATE_CAUSE_PORT_FAILURE              = 2,

   AUTHENTICATOR_TERMINATE_CAUSE_SUPPLICANT_RESTART        = 3,

   AUTHENTICATOR_TERMINATE_CAUSE_REAUTH_FAILED             = 4,

   AUTHENTICATOR_TERMINATE_CAUSE_AUTH_CONTROL_FORCE_UNAUTH = 5,

   AUTHENTICATOR_TERMINATE_CAUSE_PORT_REINIT               = 6,

   AUTHENTICATOR_TERMINATE_CAUSE_PORT_ADMIN_DISABLED       = 7

} AuthenticatorTerminateCause;


/**

 * @brief Authenticator PAE state change callback function

 **/


typedef void (*AuthenticatorPaeStateChangeCallback)(AuthenticatorPort *port,

   AuthenticatorPaeState state);


/**

 * @brief Backend authentication state change callback function

 **/


typedef void (*AuthenticatorBackendStateChangeCallback)(AuthenticatorPort *port,

   AuthenticatorBackendState state);


/**

 * @brief Reauthentication timer state change callback function

 **/


typedef void (*AuthenticatorReauthTimerStateChangeCallback)(AuthenticatorPort *port,

   AuthenticatorReauthTimerState state);


/**

 * @brief EAP full authenticator state change callback function

 **/


typedef void (*EapFullAuthStateChangeCallback)(AuthenticatorPort *port,

   EapFullAuthState state);


/**

 * @brief Tick callback function

 **/


typedef void (*AuthenticatorTickCallback)(AuthenticatorContext *context);


/**

 * @brief Statistics information

 **/


typedef struct

{

   uint32_t eapolFramesRx;

   uint32_t eapolFramesTx;

   uint32_t eapolStartFramesRx;

   uint32_t eapolLogoffFramesRx;

   uint32_t eapolRespIdFramesRx;

   uint32_t eapolRespFramesRx;

   uint32_t eapolReqIdFramesTx;

   uint32_t eapolReqFramesTx;

   uint32_t invalidEapolFramesRx;

   uint32_t eapLengthErrorFramesRx;

   uint32_t lastEapolFrameVersion;

} AuthenticatorStats;


/**

 * @brief Session statistics information

 **/


typedef struct

{

   uint64_t sessionOctetsRx;

   uint64_t sessionOctetsTx;

   uint32_t sessionFramesRx;

   uint32_t sessionFramesTx;

   uint32_t sessionTime;

   uint_t sessionTerminateCause;

} AuthenticatorSessionStats;


/**

 * @brief Port context

 **/


struct _AuthenticatorPort

{

   AuthenticatorContext *context;                     ///<802.1X authenticator context

   uint8_t portIndex;                                 ///<Port index

   MacAddr macAddr;                                   ///<MAC address of the port


   AuthenticatorPaeState authPaeState;                ///<Authenticator PAE state

   AuthenticatorBackendState authBackendState;        ///<Backend authentication state

   AuthenticatorReauthTimerState reauthTimerState;    ///<Reauthentication timer state


   uint_t aWhile;                                     ///<Timer used by the backend authentication state machine (8.2.2.1 a)

   uint_t quietWhile;                                 ///<Timer used by the authenticator PAE state machine (8.2.2.1 d)

   uint_t reAuthWhen;                                 ///<Timer used to determine when reauthentication takes place (8.2.2.1 e)


   bool_t authAbort;                                  ///<Abort authentication procedure (8.2.2.2 a)

   bool_t authFail;                                   ///<Authentication process has failed (8.2.2.2 b)

   AuthenticatorPortStatus authPortStatus;            ///<Current authorization state of the authenticator PAE state machine (8.2.2.2 c)

   bool_t authStart;                                  ///Start authentication procedure (8.2.2.2 d)

   bool_t authTimeout;                                ///<Failed to obtain a response from the supplicant(8.2.2.2 e)

   bool_t authSuccess;                                ///<Successful authentication process (8.2.2.2 f)

   bool_t eapFail;                                    ///<The authentication has failed (8.2.2.2 g)

   bool_t eapolEap;                                   ///<EAPOL PDU carrying a packet Type of EAP-Packet is received (8.2.2.2 h)

   bool_t eapSuccess;                                 ///<The authentication process succeeds (8.2.2.2 i)

   bool_t eapTimeout;                                 ///<The supplicant is not responding to requests (8.2.2.2 j)


   bool_t initialize;                                 ///<Forces all EAPOL state machines to their initial state (8.2.2.2 k)

   bool_t keyDone;                                    ///<This variable is set by the key machine (8.2.2.2 m)

   bool_t keyRun;                                     ///<Run transmit key machine (8.2.2.2 n)

   AuthenticatorPortMode portControl;                 ///<Port control (8.2.2.2 p)

   bool_t portEnabled;                                ///<Operational state of the port (8.2.2.2 q)

   bool_t portValid;                                  ///<The value of this variable is set externally (8.2.2.2 s)

   bool_t reAuthenticate;                             ///<The reAuthWhen timer has expired (8.2.2.2 t)


   bool_t eapolLogoff;                                ///<EAPOL-Logoff received (8.2.4.1.1 a)

   bool_t eapolStart;                                 ///<EAPOL-Start received (8.2.4.1.1 b)

   bool_t eapRestart;                                 ///<Restart Authenticator state machine (8.2.4.1.1 d)

   AuthenticatorPortMode portMode;                    ///<Port mode (8.2.4.1.1 e)

   uint_t reAuthCount;                                ///<Number of times the CONNECTING state is re-entered (8.2.4.1.1 f)


   uint_t quietPeriod;                                ///<Initialization value used for the quietWhile timer (8.2.4.1.2 a)

   uint_t reAuthMax;                                  ///<Maximum number of reauthentication attempts (8.2.4.1.2 b)


   bool_t keyTxEnabled;                               ///<Current value of the KeyTransmissionEnabled parameter (8.2.6.1.2)


   uint_t reAuthPeriod;                               ///<Number of seconds between periodic reauthentication (8.2.8.1 a)

   bool_t reAuthEnabled;                              ///<Enable or disable reauthentication (8.2.8.1 b)


   bool_t eapNoReq;                                   ///<No EAP frame to be sent to the supplicant (8.2.9.1.1 a)

   bool_t eapReq;                                     ///<An EAP frame to be sent to the supplicant (8.2.9.1.1 b)

   bool_t eapResp;                                    ///<A new EAP frame available for the higher layer to process (8.2.9.1.1 c)


   uint_t serverTimeout;                              ///<Initialization value used for the aWhile timer (8.2.9.1.2 a)


   EapFullAuthState eapFullAuthState;                 ///<EAP full authenticator state


   const uint8_t *eapRespData;                        ///<The EAP packet to be processed (5.1.1)

   size_t eapRespDataLen;                             ///<Length of the EAP response

   uint_t retransWhile;                               ///<Timer (5.1.1)


   uint8_t *eapReqData;                               ///<The actual EAP request to be sent (5.1.2)

   size_t eapReqDataLen;                              ///<Length of the EAP request

   uint8_t *eapKeyData;                               ///<EAP key (5.1.2)

   bool_t eapKeyAvailable;                            ///<Keying material is available (5.1.2)


   EapMethodType currentMethod;                       ///<Current method (5.3.1)

   uint_t currentId;                                  ///<Identifier value of the currently outstanding EAP request (5.3.1)

   EapMethodState methodState;                        ///<Method state (5.3.1)

   uint_t retransCount;                               ///<Current number of retransmissions (5.3.1)

   uint8_t *lastReqData;                              ///<EAP packet containing the last sent request (5.3.1)

   size_t lastReqDataLen;                             ///<Length of the last EAP request

   uint_t methodTimeout;                              ///<Method-provided hint for suitable retransmission timeout (5.3.1)


   bool_t rxResp;                                     ///<The current received packet is an EAP response (5.3.2)

   uint_t respId;                                     ///<Identifier from the current EAP response (5.3.2)

   EapMethodType respMethod;                          ///<Method type of the current EAP response (5.3.2)

   bool_t ignore;                                     ///<The method has decided to drop the current packet (5.3.2)

   EapDecision decision;                              ///<Decision (5.3.2)


   bool_t aaaEapReq;                                  ///<A new EAP request is ready to be sent (6.1.2)

   bool_t aaaEapNoReq;                                ///<No new request to send (6.1.2)

   bool_t aaaSuccess;                                 ///<The state machine has reached the SUCCESS state (6.1.2)

   bool_t aaaFail;                                    ///<The state machine has reached the FAILURE state (6.1.2)

   uint8_t *aaaEapReqData;                            ///<The actual EAP request to be sent (6.1.2)

   size_t aaaEapReqDataLen;                           ///<Length of the EAP request

   uint8_t *aaaEapKeyData;                            ///<EAP key (6.1.2)

   bool_t aaaEapKeyAvailable;                         ///<Keying material is available (6.1.2)

   uint_t aaaMethodTimeout;                           ///<Method-provided hint for suitable retransmission timeout (6.1.2)


   bool_t aaaEapResp;                                 ///<An EAP response is available for processing by the AAA server (7.1.2)

   const uint8_t *aaaEapRespData;                     ///<The EAP packet to be processed (5.1.2)

   size_t aaaEapRespDataLen;                          ///<Length of the EAP response

   char_t aaaIdentity[AUTHENTICATOR_MAX_ID_LEN + 1];  ///<Identity (5.1.2)


   uint_t maxRetrans;                                 ///<Maximum number of retransmissions before aborting (5.1.3)


   bool_t aaaTimeout;                                 ///<No response from the AAA layer (7.1.2)


   uint8_t aaaReqId;                                  ///<Identifier value of the currently outstanding RADIUS request

   uint8_t *aaaReqData;                               ///<RADIUS request

   size_t aaaReqDataLen;                              ///<Length of the RADIUS request

   uint_t aaaRetransTimer;                            ///<RADIUS retransmission timer

   uint_t aaaRetransCount;                            ///<Current number of retransmissions or RADIUS requests

   uint8_t reqAuthenticator[16];                      ///<Request Authenticator field

   uint8_t serverState[AUTHENTICATOR_MAX_STATE_SIZE]; ///<State attribute received from the server

   size_t serverStateLen;                             ///<Length of the state attribute, in byte

   MacAddr supplicantMacAddr;                         ///<Supplicant's MAC address


   uint8_t eapTxBuffer[AUTHENTICATOR_TX_BUFFER_SIZE]; ///<Transmission buffer for EAP requests

   uint8_t aaaTxBuffer[AUTHENTICATOR_TX_BUFFER_SIZE]; ///<Transmission buffer for RADIUS requests


   AuthenticatorStats stats;                          ///<Statistics information

   AuthenticatorSessionStats sessionStats;            ///<Session statistics information

};


/**

 * @brief 802.1X authenticator settings

 **/


typedef struct

{

   OsTaskParameters task;                                                      ///<Task parameters

   NetInterface *interface;                                                    ///<Underlying network interface

   uint_t numPorts;                                                            ///<Number of ports

   AuthenticatorPort *ports;                                                   ///<Ports

   NetInterface *serverInterface;                                              ///<RADIUS server interface

   uint_t serverPortIndex;                                                     ///<Switch port used to reach the RADIUS server

   IpAddr serverIpAddr;                                                        ///<RADIUS server's IP address

   uint16_t serverPort;                                                        ///<RADIUS server's port

   const PrngAlgo *prngAlgo;                                                   ///<Pseudo-random number generator to be used

   void *prngContext;                                                          ///<Pseudo-random number generator context

   AuthenticatorPaeStateChangeCallback paeStateChangeCallback;                 ///<Authenticator PAE state change callback function

   AuthenticatorBackendStateChangeCallback backendStateChangeCallback;         ///<Backend authentication state change callback function

   AuthenticatorReauthTimerStateChangeCallback reauthTimerStateChangeCallback; ///<Reauthentication timer state change callback function

   EapFullAuthStateChangeCallback eapFullAuthStateChangeCallback;              ///<EAP full authenticator state change callback function

   AuthenticatorTickCallback tickCallback;                                     ///<Tick callback function

} AuthenticatorSettings;


/**

 * @brief 802.1X authenticator context

 **/


struct _AuthenticatorContext

{

   bool_t running;                                      ///<Operational state of the authenticator

   bool_t stop;                                         ///<Stop request

   OsMutex mutex;                                       ///<Mutex preventing simultaneous access to 802.1X authenticator context

   OsEvent event;                                       ///<Event object used to poll the sockets

   OsTaskParameters taskParams;                         ///<Task parameters

   OsTaskId taskId;                                     ///<Task identifier

   NetInterface *interface;                             ///<Underlying network interface

   uint_t numPorts;                                     ///<Number of ports

   AuthenticatorPort *ports;                            ///<Ports

   NetInterface *serverInterface;                       ///<RADIUS server interface

   uint_t serverPortIndex;                              ///<Switch port used to reach the RADIUS server

   IpAddr serverIpAddr;                                 ///<RADIUS server's IP address

   uint16_t serverPort;                                 ///<RADIUS server's port

   uint8_t serverKey[AUTHENTICATOR_MAX_SERVER_KEY_LEN]; ///<RADIUS server's key

   size_t serverKeyLen;                                 ///<Length of the RADIUS server's key, in bytes

   const PrngAlgo *prngAlgo;                            ///<Pseudo-random number generator to be used

   void *prngContext;                                   ///<Pseudo-random number generator context

   Socket *peerSocket;                                  ///<Raw socket used to send/receive EAP packets

   Socket *serverSocket;                                ///<UDP socket used to send/receive RADIUS packets

   AuthenticatorPaeStateChangeCallback paeStateChangeCallback;                 ///<Authenticator PAE state change callback function

   AuthenticatorBackendStateChangeCallback backendStateChangeCallback;         ///<Backend authentication state change callback function

   AuthenticatorReauthTimerStateChangeCallback reauthTimerStateChangeCallback; ///<Reauthentication timer state change callback function

   EapFullAuthStateChangeCallback eapFullAuthStateChangeCallback;              ///<EAP full authenticator state change callback function

   AuthenticatorTickCallback tickCallback;              ///<Tick callback function

   systime_t timestamp;                                 ///<Timestamp to manage timeout


   uint_t radiusId;                                     ///<RADIUS packet identifier

   bool_t busy;                                         ///<Busy flag


   uint8_t txBuffer[AUTHENTICATOR_TX_BUFFER_SIZE];      ///<Transmission buffer

   uint8_t rxBuffer[AUTHENTICATOR_RX_BUFFER_SIZE];      ///<Reception buffer

   HmacContext hmacContext;                             ///<HMAC context

};


//Authenticator related functions

void authenticatorGetDefaultSettings(AuthenticatorSettings *settings);


error_t authenticatorInit(AuthenticatorContext *context,

   const AuthenticatorSettings *settings);


error_t authenticatorSetServerAddr(AuthenticatorContext *context,

   const IpAddr *serverIpAddr, uint16_t serverPort);


error_t authenticatorSetServerKey(AuthenticatorContext *context,

   const uint8_t *key, size_t keyLen);


error_t authenticatorInitPort(AuthenticatorContext *context,

   uint_t portIndex);


error_t authenticatorReauthenticate(AuthenticatorContext *context,

   uint_t portIndex);


error_t authenticatorSetPortControl(AuthenticatorContext *context,

   uint_t portIndex, AuthenticatorPortMode portControl);


error_t authenticatorSetQuietPeriod(AuthenticatorContext *context,

   uint_t portIndex, uint_t quietPeriod);


error_t authenticatorSetServerTimeout(AuthenticatorContext *context,

   uint_t portIndex, uint_t serverTimeout);


error_t authenticatorSetReAuthEnabled(AuthenticatorContext *context,

   uint_t portIndex, bool_t reAuthEnabled);


error_t authenticatorSetReAuthPeriod(AuthenticatorContext *context,

   uint_t portIndex, uint_t reAuthPeriod);


error_t authenticatorGetPortControl(AuthenticatorContext *context,

   uint_t portIndex, AuthenticatorPortMode *portControl);


error_t authenticatorGetQuietPeriod(AuthenticatorContext *context,

   uint_t portIndex, uint_t *quietPeriod);


error_t authenticatorGetServerTimeout(AuthenticatorContext *context,

   uint_t portIndex, uint_t *serverTimeout);


error_t authenticatorGetReAuthEnabled(AuthenticatorContext *context,

   uint_t portIndex, bool_t *reAuthEnabled);


error_t authenticatorGetReAuthPeriod(AuthenticatorContext *context,

   uint_t portIndex, uint_t *reAuthPeriod);


error_t authenticatorGetPortStatus(AuthenticatorContext *context,

   uint_t portIndex, AuthenticatorPortStatus *portStatus);


error_t authenticatorGetPaeState(AuthenticatorContext *context,

   uint_t portIndex, AuthenticatorPaeState *paeState);


error_t authenticatorGetBackendState(AuthenticatorContext *context,

   uint_t portIndex, AuthenticatorBackendState *backendState);


error_t authenticatorGetReauthTimerState(AuthenticatorContext *context,

   uint_t portIndex, AuthenticatorReauthTimerState *reauthTimerState);


error_t authenticatorGetEapFullAuthState(AuthenticatorContext *context,

   uint_t portIndex, EapFullAuthState *eapFullAuthState);


error_t authenticatorStart(AuthenticatorContext *context);

error_t authenticatorStop(AuthenticatorContext *context);


void authenticatorTask(AuthenticatorContext *context);


void authenticatorDeinit(AuthenticatorContext *context);


//C++ guard

#ifdef __cplusplus

}

#endif


#endif