TrustCore SDK NanoSec API reference  version 7.0
EAP-MD5 Functions

Provides EAP-MD5 (EAP-message digest 5) authentication. More...

Functions

MOC_EXTERN MSTATUS EAP_MD5_getChallenge (ubyte *buf, ubyte4 len)
 Generate a challenge for an MD5 request. More...
 
MOC_EXTERN MSTATUS EAP_MD5ProcessAuth (ubyte *appSessionHdl, ubyte *eapSessionHdl, ubyte4 instanceId, eapCode code, ubyte id, ubyte *data, ubyte4 len, ubyte *passwordString, ubyte4 passLen, ubyte *challenge, ubyte4 challengeLen, sbyte4 *cmp)
 Validate an MD5 challenge response. More...
 
MOC_EXTERN MSTATUS EAP_MD5ProcessPeer (ubyte *appSessionHdl, ubyte *eapSessionHdl, ubyte4 instanceId, ubyte id, ubyte *data, ubyte4 len, ubyte *passwordString, ubyte4 passLen, ubyte **eapRespData, ubyte4 *eapRespLen)
 Generate an MD5 challenge response. More...
 

Detailed Description

Function Documentation

◆ EAP_MD5_getChallenge()

MOC_EXTERN MSTATUS EAP_MD5_getChallenge ( ubyte *  buf,
ubyte4  len 
)

This function generates a challenge for an MD5 request. The challenge is in the form of random data that's used as a nonce — a unique, random value inserted into a message to protect against replays — to hash a user's password using the MD5 algorithm. The challenge sequence is as follows:

  • The server (authenticator) sends the nonce.
  • The client (peer) hashes a clear text password using the nonce with MD5, and then sends the reply to the server.
  • The server hashes the same clear text password using the same nonce and MD5 algorithm, and then compares the result with the result sent by the peer. Matching client and server results indicate a successful challenge.
Since
1.41
Version
1.41 and later

To enable this function, the following flag must be defined in moptions.h:

  • __ENABLE_MOCANA_EAP_MD5__

Additionally, at least one of the following flags must be defined in moptions.h:

  • __ENABLE_MOCANA_EAP_PEER__
  • __ENABLE_MOCANA_EAP_AUTH__

eap_md5.h

Parameters
bufOn return, pointer to buffer containing the challenge.
lenLength of challenge to generate.
Returns
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.
See also
EAP_MD5ProcessAuth
EAP_MD5ProcessPeer

eap_md5.h

◆ EAP_MD5ProcessAuth()

MOC_EXTERN MSTATUS EAP_MD5ProcessAuth ( ubyte *  appSessionHdl,
ubyte *  eapSessionHdl,
ubyte4  instanceId,
eapCode  code,
ubyte  id,
ubyte *  data,
ubyte4  len,
ubyte *  passwordString,
ubyte4  passLen,
ubyte *  challenge,
ubyte4  challengeLen,
sbyte4 *  cmp 
)

This function validates an MD5 challenge response, indicating the result by its function return: OK, ERR_EAP_MD5_INVALID_CHALLENGE_LENGTH, or ERR_EAP_MD5_AUTH_FAILURE. Your application should use this function to process responses received from peers.

Since
1.41
Version
1.41 and later

To enable this function, the following flag must be defined in moptions.h:

  • __ENABLE_MOCANA_EAP_MD5__

Additionally, at least one of the following flags must be defined in moptions.h:

  • __ENABLE_MOCANA_EAP_PEER__
  • __ENABLE_MOCANA_EAP_AUTH__

eap_md5.h

Parameters
appSessionHdlCookie given by the application to identify the session.
eapSessionHdlEAP session handle returned from EAP_sessionCreate.
instanceIdEAP instance ID returned from EAP_initInstance.
codeAny of the eapCode enumerated values (see eap_proto.h).
idEAP packet ID
dataEAP request payload, in the following format: <Type, Chlg Len, Challenge>.
lenNumber of bytes in EAP request payload.
passwordStringSession password for the response.
passLenNumber of bytes in passwordString.
challengePointer to previously sent challenge.
challengeLenNumber of bytes in challenge.
cmpOn return, pointer to challenge comparison result (0 indicates a match).
Returns
One of the following:

  • OK (0) if successful.
  • ERR_EAP_MD5_INVALID_CHALLENGE_LENGTH if the EAP request's Chlg Len doesn't match the length of the previously sent challenge (as specified by the challengeLen parameter value.
  • ERR_EAP_MD5_AUTH_FAILURE if the challenge is invalid.
See also
EAP_MD5_getChallenge
EAP_MD5ProcessPeer

eap_md5.h

◆ EAP_MD5ProcessPeer()

MOC_EXTERN MSTATUS EAP_MD5ProcessPeer ( ubyte *  appSessionHdl,
ubyte *  eapSessionHdl,
ubyte4  instanceId,
ubyte  id,
ubyte *  data,
ubyte4  len,
ubyte *  passwordString,
ubyte4  passLen,
ubyte **  eapRespData,
ubyte4 *  eapRespLen 
)

This function calculates an MD5 hash (the challenge response) and returns the resultant EAP payload. Your application should use this function for MD5 peer packet processing.

Since
1.41
Version
1.41 and later

To enable this function, the following flag must be defined in moptions.h:

  • __ENABLE_MOCANA_EAP_MD5__

Additionally, at least one of the following flags must be defined in moptions.h:

  • __ENABLE_MOCANA_EAP_PEER__
  • __ENABLE_MOCANA_EAP_AUTH__

eap_md5.h

Parameters
appSessionHdlCookie given by the application to identify the session.
eapSessionHdlEAP session handle returned from EAP_sessionCreate.
instanceIdEAP instance ID returned from EAP_initInstance.
idEAP packet ID
dataEAP request payload, in the following format <Type, Chlg Len, Challenge>.
lenNumber of bytes in EAP request payload.
passwordStringSession password for the response.
passLenNumber of bytes in passwordString.
eapRespDataOn return, pointer to EAP response payload.
eapRespLenOn return, pointer to number of bytes in eapRespData.
Returns
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.
See also
EAP_MD5_getChallenge
EAP_MD5ProcessAuth

eap_md5.h