1*39beb93cSSam Leffler /* 2*39beb93cSSam Leffler * EAP-FAST definitions (RFC 4851) 3*39beb93cSSam Leffler * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi> 4*39beb93cSSam Leffler * 5*39beb93cSSam Leffler * This program is free software; you can redistribute it and/or modify 6*39beb93cSSam Leffler * it under the terms of the GNU General Public License version 2 as 7*39beb93cSSam Leffler * published by the Free Software Foundation. 8*39beb93cSSam Leffler * 9*39beb93cSSam Leffler * Alternatively, this software may be distributed under the terms of BSD 10*39beb93cSSam Leffler * license. 11*39beb93cSSam Leffler * 12*39beb93cSSam Leffler * See README and COPYING for more details. 13*39beb93cSSam Leffler */ 14*39beb93cSSam Leffler 15*39beb93cSSam Leffler #ifndef EAP_FAST_H 16*39beb93cSSam Leffler #define EAP_FAST_H 17*39beb93cSSam Leffler 18*39beb93cSSam Leffler #define EAP_FAST_VERSION 1 19*39beb93cSSam Leffler #define EAP_FAST_KEY_LEN 64 20*39beb93cSSam Leffler #define EAP_FAST_SIMCK_LEN 40 21*39beb93cSSam Leffler #define EAP_FAST_SKS_LEN 40 22*39beb93cSSam Leffler #define EAP_FAST_CMK_LEN 20 23*39beb93cSSam Leffler 24*39beb93cSSam Leffler #define TLS_EXT_PAC_OPAQUE 35 25*39beb93cSSam Leffler 26*39beb93cSSam Leffler /* 27*39beb93cSSam Leffler * draft-cam-winget-eap-fast-provisioning-04.txt: 28*39beb93cSSam Leffler * Section 4.2.1 - Formats for PAC TLV Attributes / Type Field 29*39beb93cSSam Leffler * Note: bit 0x8000 (Mandatory) and bit 0x4000 (Reserved) are also defined 30*39beb93cSSam Leffler * in the general PAC TLV format (Section 4.2). 31*39beb93cSSam Leffler */ 32*39beb93cSSam Leffler #define PAC_TYPE_PAC_KEY 1 33*39beb93cSSam Leffler #define PAC_TYPE_PAC_OPAQUE 2 34*39beb93cSSam Leffler #define PAC_TYPE_CRED_LIFETIME 3 35*39beb93cSSam Leffler #define PAC_TYPE_A_ID 4 36*39beb93cSSam Leffler #define PAC_TYPE_I_ID 5 37*39beb93cSSam Leffler /* 38*39beb93cSSam Leffler * 6 was previous assigned for SERVER_PROTECTED_DATA, but 39*39beb93cSSam Leffler * draft-cam-winget-eap-fast-provisioning-02.txt changed this to Reserved. 40*39beb93cSSam Leffler */ 41*39beb93cSSam Leffler #define PAC_TYPE_A_ID_INFO 7 42*39beb93cSSam Leffler #define PAC_TYPE_PAC_ACKNOWLEDGEMENT 8 43*39beb93cSSam Leffler #define PAC_TYPE_PAC_INFO 9 44*39beb93cSSam Leffler #define PAC_TYPE_PAC_TYPE 10 45*39beb93cSSam Leffler 46*39beb93cSSam Leffler #ifdef _MSC_VER 47*39beb93cSSam Leffler #pragma pack(push, 1) 48*39beb93cSSam Leffler #endif /* _MSC_VER */ 49*39beb93cSSam Leffler 50*39beb93cSSam Leffler struct pac_tlv_hdr { 51*39beb93cSSam Leffler be16 type; 52*39beb93cSSam Leffler be16 len; 53*39beb93cSSam Leffler } STRUCT_PACKED; 54*39beb93cSSam Leffler 55*39beb93cSSam Leffler #ifdef _MSC_VER 56*39beb93cSSam Leffler #pragma pack(pop) 57*39beb93cSSam Leffler #endif /* _MSC_VER */ 58*39beb93cSSam Leffler 59*39beb93cSSam Leffler 60*39beb93cSSam Leffler #define EAP_FAST_PAC_KEY_LEN 32 61*39beb93cSSam Leffler 62*39beb93cSSam Leffler /* draft-cam-winget-eap-fast-provisioning-04.txt: 4.2.6 PAC-Type TLV 63*39beb93cSSam Leffler * Note: Machine Authentication PAC and User Authorization PAC were removed in 64*39beb93cSSam Leffler * draft-cam-winget-eap-fast-provisioning-03.txt 65*39beb93cSSam Leffler */ 66*39beb93cSSam Leffler #define PAC_TYPE_TUNNEL_PAC 1 67*39beb93cSSam Leffler /* Application Specific Short Lived PACs (only in volatile storage) */ 68*39beb93cSSam Leffler /* User Authorization PAC */ 69*39beb93cSSam Leffler #define PAC_TYPE_USER_AUTHORIZATION 3 70*39beb93cSSam Leffler /* Application Specific Long Lived PACs */ 71*39beb93cSSam Leffler /* Machine Authentication PAC */ 72*39beb93cSSam Leffler #define PAC_TYPE_MACHINE_AUTHENTICATION 2 73*39beb93cSSam Leffler 74*39beb93cSSam Leffler 75*39beb93cSSam Leffler /* 76*39beb93cSSam Leffler * draft-cam-winget-eap-fast-provisioning-04.txt: 77*39beb93cSSam Leffler * Section 3.4 - Key Derivations Used in the EAP-FAST Provisioning Exchange 78*39beb93cSSam Leffler */ 79*39beb93cSSam Leffler struct eap_fast_key_block_provisioning { 80*39beb93cSSam Leffler /* Extra key material after TLS key_block */ 81*39beb93cSSam Leffler u8 session_key_seed[EAP_FAST_SKS_LEN]; 82*39beb93cSSam Leffler u8 server_challenge[16]; /* MSCHAPv2 ServerChallenge */ 83*39beb93cSSam Leffler u8 client_challenge[16]; /* MSCHAPv2 ClientChallenge */ 84*39beb93cSSam Leffler }; 85*39beb93cSSam Leffler 86*39beb93cSSam Leffler 87*39beb93cSSam Leffler struct wpabuf; 88*39beb93cSSam Leffler struct tls_connection; 89*39beb93cSSam Leffler 90*39beb93cSSam Leffler struct eap_fast_tlv_parse { 91*39beb93cSSam Leffler u8 *eap_payload_tlv; 92*39beb93cSSam Leffler size_t eap_payload_tlv_len; 93*39beb93cSSam Leffler struct eap_tlv_crypto_binding_tlv *crypto_binding; 94*39beb93cSSam Leffler size_t crypto_binding_len; 95*39beb93cSSam Leffler int iresult; 96*39beb93cSSam Leffler int result; 97*39beb93cSSam Leffler int request_action; 98*39beb93cSSam Leffler u8 *pac; 99*39beb93cSSam Leffler size_t pac_len; 100*39beb93cSSam Leffler }; 101*39beb93cSSam Leffler 102*39beb93cSSam Leffler void eap_fast_put_tlv_hdr(struct wpabuf *buf, u16 type, u16 len); 103*39beb93cSSam Leffler void eap_fast_put_tlv(struct wpabuf *buf, u16 type, const void *data, 104*39beb93cSSam Leffler u16 len); 105*39beb93cSSam Leffler void eap_fast_put_tlv_buf(struct wpabuf *buf, u16 type, 106*39beb93cSSam Leffler const struct wpabuf *data); 107*39beb93cSSam Leffler struct wpabuf * eap_fast_tlv_eap_payload(struct wpabuf *buf); 108*39beb93cSSam Leffler void eap_fast_derive_master_secret(const u8 *pac_key, const u8 *server_random, 109*39beb93cSSam Leffler const u8 *client_random, u8 *master_secret); 110*39beb93cSSam Leffler u8 * eap_fast_derive_key(void *ssl_ctx, struct tls_connection *conn, 111*39beb93cSSam Leffler const char *label, size_t len); 112*39beb93cSSam Leffler void eap_fast_derive_eap_msk(const u8 *simck, u8 *msk); 113*39beb93cSSam Leffler void eap_fast_derive_eap_emsk(const u8 *simck, u8 *emsk); 114*39beb93cSSam Leffler int eap_fast_parse_tlv(struct eap_fast_tlv_parse *tlv, 115*39beb93cSSam Leffler int tlv_type, u8 *pos, int len); 116*39beb93cSSam Leffler 117*39beb93cSSam Leffler #endif /* EAP_FAST_H */ 118