 |
TrustCore SDK NanoSec API reference
version 7.0
|
|
TrustCore SDK NanoSec API reference
version 7.0
|
Provides EAP-RADIUS (EAP-remote authentication dial in user service) authentication in passthrough or server mode. More...
Functions | |
| MOC_EXTERN MSTATUS | EAP_radiusDecapsulate (ubyte *eapSessionHdl, ubyte4 instanceId, ubyte *secret, sbyte4 secretlen, RADIUS_RqstRecord *pRadiusReq, ubyte **eap_pkt, ubyte4 *eapLen) |
| Decapsulate (extract) an EAP packet from a RADIUS packet. More... | |
| MOC_EXTERN MSTATUS | EAP_radiusEncapsulate (ubyte *eapSessionHdl, ubyte4 instanceId, ubyte4 authServerID, MOC_IP_ADDRESS addr, ubyte4 nas_port, ubyte4 nas_port_type, ubyte *secret, sbyte4 secretlen, ubyte *eap_pkt, RADIUS_RqstRecord **radiusReq) |
| Encapsulate an EAP packet into a RADIUS packet. More... | |
| MOC_EXTERN MSTATUS | EAP_radiusGetMPPEKeys (ubyte *eapSessionHdl, ubyte4 instanceId, ubyte **mppeSendKey, ubyte4 *mppeSendKeyLen, ubyte **mppeRecvKey, ubyte4 *mppeRecvKeyLen) |
| Get a session's MPPE keys. More... | |
| MOC_EXTERN MSTATUS | EAP_radiusServerDecapsulate (ubyte *eapSessionHdl, ubyte4 instanceId, ubyte *secret, sbyte4 secretlen, ubyte *stateAttr, ubyte4 stateAttrLen, RADIUS_RqstRecord *pRadiusReq, ubyte **eap_pkt, ubyte4 *eapLen) |
| Decapsulate (extract) an EAP packet from a RADIUS packet. More... | |
| MOC_EXTERN MSTATUS | EAP_radiusServerEncapsulate (ubyte *eapSessionHdl, ubyte4 instanceId, ubyte4 authServerID, ubyte *secret, sbyte4 secretlen, ubyte *eap_pkt, ubyte4 eap_pkt_len, RADIUS_RqstRecord *pRadiusReq) |
| Encapsulate an EAP packet into a RADIUS packet. More... | |
| MOC_EXTERN MSTATUS EAP_radiusDecapsulate | ( | ubyte * | eapSessionHdl, |
| ubyte4 | instanceId, | ||
| ubyte * | secret, | ||
| sbyte4 | secretlen, | ||
| RADIUS_RqstRecord * | pRadiusReq, | ||
| ubyte ** | eap_pkt, | ||
| ubyte4 * | eapLen | ||
| ) |
This function decapsulates (extracts) an EAP packet from a RADIUS packet. Typically the upper layer calls this function and then subsequently passes the decapsulated packet to the lower layer for transmission to a peer, thereby providing passthrough authentication service (sending packets to a backend RADIUS authentication server).
To enable this function, the following flags must be defined in moptions.h:
__ENABLE_MOCANA_RADIUS_CLIENT__ __ENABLE_MOCANA_EAP_RADIUS__ Additionally, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_EAP_PEER__ __ENABLE_MOCANA_EAP_AUTH__ | eapSessionHdl | EAP session handle returned from EAP_sessionCreate. |
| instanceId | EAP instance ID returned from EAP_initInstance. |
| secret | Shared secret between RADIUS client and backend RADIUS authentication server. |
| secretlen | Number of bytes in secret. |
| pRadiusReq | Pointer to RADIUS packet (received from backend RADIUS authentication server) containing encapsulated EAP packet. |
| eap_pkt | On return, pointer to decapsulated EAP packet. |
| eapLen | On return, pointer to number of bytes in eap_pkt. |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN MSTATUS EAP_radiusEncapsulate | ( | ubyte * | eapSessionHdl, |
| ubyte4 | instanceId, | ||
| ubyte4 | authServerID, | ||
| MOC_IP_ADDRESS | addr, | ||
| ubyte4 | nas_port, | ||
| ubyte4 | nas_port_type, | ||
| ubyte * | secret, | ||
| sbyte4 | secretlen, | ||
| ubyte * | eap_pkt, | ||
| RADIUS_RqstRecord ** | radiusReq | ||
| ) |
This function encapsulates a given EAP packet into a RADIUS packet, appending the required attributes and returning the encapsulated packet through the radiusReq parameter. Typically the upper layer calls this function to provide passthrough authentication (sending packets to a backend RADIUS authentication server).
To enable this function, the following flags must be defined in moptions.h:
__ENABLE_MOCANA_RADIUS_CLIENT__ __ENABLE_MOCANA_EAP_RADIUS__ Additionally, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_EAP_PEER__ __ENABLE_MOCANA_EAP_AUTH__ | eapSessionHdl | EAP session handle returned from EAP_sessionCreate. |
| instanceId | EAP instance ID returned from EAP_initInstance. |
| authServerID | Backend RADIUS authentication server ID (index specified by Mocana internal code). |
| addr | Interface address of NAS (network authentication server). |
| nas_port | NAS port number. |
| nas_port_type | NAS port type (see NAS (Network Access Server) Port Types). |
| secret | Shared secret between RADIUS client and backend RADIUS authentication server. |
| secretlen | Number of bytes in secret. |
| eap_pkt | Pointer to EAP packet to be encapsulated. |
| radiusReq | On return, pointer to encapsulated RADIUS EAP packet. |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN MSTATUS EAP_radiusGetMPPEKeys | ( | ubyte * | eapSessionHdl, |
| ubyte4 | instanceId, | ||
| ubyte ** | mppeSendKey, | ||
| ubyte4 * | mppeSendKeyLen, | ||
| ubyte ** | mppeRecvKey, | ||
| ubyte4 * | mppeRecvKeyLen | ||
| ) |
This function retrieves a session's MPPE (Microsoft Point-to-Point Encryption) keys that the RADIUS server sent to the passthrough authenticator in the Access Accept Message.
To enable this function, the following flags must be defined in moptions.h:
__ENABLE_MOCANA_RADIUS_CLIENT__ __ENABLE_MOCANA_EAP_RADIUS__ Additionally, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_EAP_PEER__ __ENABLE_MOCANA_EAP_AUTH__ | eapSessionHdl | EAP session handle returned from EAP_sessionCreate. |
| instanceId | EAP instance ID returned from EAP_initInstance. |
| mppeSendKey | On return, pointer to sent MPPE key. |
| mppeSendKeyLen | On return, pointer to length of sent MPPE key (mppeSendKey). |
| mppeRecvKey | On return, pointer to received MPPE key. |
| mppeRecvKeyLen | On return, pointer to length of received MPPE key (mppeRecvKey). |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN MSTATUS EAP_radiusServerDecapsulate | ( | ubyte * | eapSessionHdl, |
| ubyte4 | instanceId, | ||
| ubyte * | secret, | ||
| sbyte4 | secretlen, | ||
| ubyte * | stateAttr, | ||
| ubyte4 | stateAttrLen, | ||
| RADIUS_RqstRecord * | pRadiusReq, | ||
| ubyte ** | eap_pkt, | ||
| ubyte4 * | eapLen | ||
| ) |
This function decapsulates (extracts) an EAP packet from a RADIUS packet. Typically the upper layer calls this function and then subsequently passes the decapsulated packet to the lower layer for transmission to a peer, thereby providing passthrough authentication service (sending packets to a backend RADIUS authentication server).
To enable this function, the following flags must be defined in moptions.h:
__ENABLE_MOCANA_EAP_AUTH__ __ENABLE_MOCANA_EAP_RADIUS__ __ENABLE_MOCANA_RADIUS_CLIENT__ __ENABLE_RADIUS_SERVER__ | eapSessionHdl | EAP session handle returned from EAP_sessionCreate. |
| instanceId | EAP instance ID returned from EAP_initInstance. |
| secret | Shared secret between RADIUS client and backend RADIUS authentication server. |
| secretlen | Number of bytes in secret. |
| stateAttr | State Attributes from backend RADIUS authentication server. |
| stateAttrLen | Number of bytes in stateAttr. |
| pRadiusReq | Pointer to RADIUS packet (received from backend RADIUS authentication server) containing encapsulated EAP packet. |
| eap_pkt | On return, pointer to decapsulated EAP packet. |
| eapLen | On return, pointer to number of bytes in eap_pkt. |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN MSTATUS EAP_radiusServerEncapsulate | ( | ubyte * | eapSessionHdl, |
| ubyte4 | instanceId, | ||
| ubyte4 | authServerID, | ||
| ubyte * | secret, | ||
| sbyte4 | secretlen, | ||
| ubyte * | eap_pkt, | ||
| ubyte4 | eap_pkt_len, | ||
| RADIUS_RqstRecord * | pRadiusReq | ||
| ) |
This function encapsulates a given EAP packet into a RADIUS packet, appending the required attributes and returning the encapsulated packet through the radiusReq parameter. Typically the upper layer calls this function to provide passthrough authentication (sending packets to a backend RADIUS authentication server).
To enable this function, the following flags must be defined in moptions.h:
__ENABLE_MOCANA_EAP_AUTH__ __ENABLE_MOCANA_EAP_RADIUS__ __ENABLE_MOCANA_RADIUS_CLIENT__ __ENABLE_RADIUS_SERVER__ | eapSessionHdl | EAP session handle returned from EAP_sessionCreate. |
| instanceId | EAP instance ID returned from EAP_initInstance. |
| authServerID | Backend RADIUS authentication server ID (index specified by Mocana internal code). |
| secret | Shared secret between RADIUS client and backend RADIUS authentication server. |
| secretlen | Number of bytes in secret. |
| eap_pkt | Pointer to EAP packet to be encapsulated. |
| eap_pkt_len | Number of bytes in eap_pkt. |
| pRadiusReq | On return, pointer to encapsulated RADIUS EAP packet. |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.