/*
* Copyright (C) 2019 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.internal.net.eap;
import static com.android.internal.net.eap.EapAuthenticator.LOG;
import static com.android.internal.net.eap.statemachine.EapMethodStateMachine.MIN_EMSK_LEN_BYTES;
import static com.android.internal.net.eap.statemachine.EapMethodStateMachine.MIN_MSK_LEN_BYTES;
import android.annotation.NonNull;
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.net.eap.exceptions.InvalidEapResponseException;
import com.android.internal.net.eap.message.EapMessage;
/**
* EapResult represents the return type R for a process operation within the EapStateMachine.
*/
public abstract class EapResult {
/**
* EapSuccess represents a success response from the EapStateMachine.
*
* @see <a href="https://tools.ietf.org/html/rfc3748">RFC 3748, Extensible Authentication
* Protocol (EAP)</a>
*/
public static class EapSuccess extends EapResult {
private static final String TAG = EapSuccess.class.getSimpleName();
public final byte[] msk;
public final byte[] emsk;
public EapSuccess(@NonNull byte[] msk, @NonNull byte[] emsk) {
if (msk == null || emsk == null) {
throw new IllegalArgumentException("msk and emsk must not be null");
}
if (msk.length < MIN_MSK_LEN_BYTES || emsk.length < MIN_EMSK_LEN_BYTES) {
LOG.wtf(
TAG,
"MSK or EMSK does not meet the required key length: MSK="
+ LOG.pii(msk)
+ " EMSK="
+ LOG.pii(emsk));
}
this.msk = msk;
this.emsk = emsk;
}
}
/**
* EapFailure represents a failure response from the EapStateMachine.
*
* @see <a href="https://tools.ietf.org/html/rfc3748">RFC 3748, Extensible Authentication
* Protocol (EAP)</a>
*/
public static class EapFailure extends EapResult {}
/**
* EapResponse represents an outgoing message from the EapStateMachine.
*
* @see <a href="https://tools.ietf.org/html/rfc3748">RFC 3748, Extensible Authentication
* Protocol (EAP)</a>
*/
public static class EapResponse extends EapResult {
public final byte[] packet;
@VisibleForTesting
protected EapResponse(byte[] packet) {
this.packet = packet;
}
/**
* Constructs and returns an EapResult for the given EapMessage.
*
* <p>If the given EapMessage is not of type EAP-Response, an EapError object will be
* returned.
*
* @param message the EapMessage to be encoded in the EapResponse instance.
* @return an EapResponse instance for the given message. If message.eapCode != {@link
* EapMessage#EAP_CODE_RESPONSE}, an EapError instance is returned.
*/
public static EapResult getEapResponse(@NonNull EapMessage message) {
if (message == null) {
throw new IllegalArgumentException("EapMessage should not be null");
} else if (message.eapCode != EapMessage.EAP_CODE_RESPONSE) {
return new EapError(new InvalidEapResponseException(
"Cannot construct an EapResult from a non-EAP-Response message"));
}
return new EapResponse(message.encode());
}
}
/**
* EapError represents an error that occurred in the EapStateMachine.
*
* @see <a href="https://tools.ietf.org/html/rfc3748">RFC 3748, Extensible Authentication
* Protocol (EAP)</a>
*/
public static class EapError extends EapResult {
public final Exception cause;
/**
* Constructs an EapError instance for the given cause.
*
* @param cause the Exception that caused the EapError to be returned from the
* EapStateMachine
*/
public EapError(Exception cause) {
this.cause = cause;
}
}
}