gtc

type GetChallenge ¶

type GetChallenge func() []byte

type Payload ¶

type Payload struct {
	Challenge []byte
	// contains filtered or unexported fields
}

func (p *Payload) Decode(raw []byte) error

func (p *Payload) Encode() ([]byte, error)

func (p *Payload) Handle(ctx protocol.Context) protocol.Payload

func (p *Payload) Offerable() bool

func (p *Payload) String() string

func (p *Payload) Type() protocol.Type

type Settings ¶

type Settings struct {
	ChallengeHandler func(ctx protocol.Context) (GetChallenge, ValidateResponse)
}

type State ¶

type State struct {
	// contains filtered or unexported fields
}

type ValidateResponse ¶

type ValidateResponse func(answer []byte) protocol.Status

ValidateResponse evaluates the peer's cleartext answer and returns the outcome as a protocol.Status:

StatusSuccess - the answer is accepted; the tunnel emits a protected success
                Result TLV.
StatusError   - the answer is rejected definitively; the inner method ends and
                the tunnel emits EAP-Failure.
StatusUnknown - no decision yet (e.g. a wrong answer with retries remaining);
                the method re-issues the challenge.

The decision is applied by the GTC payload against the *current* request context. A consumer MUST NOT call ctx.EndInnerProtocol from here: the getChallenge/validateResponse closures capture the context from the round in which the challenge handler first ran, so ending the protocol through it would target a stale, already-completed request and never terminate the conversation.