2
* EAP-FAST definitions (RFC 4851)
3
* Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
5
* This program is free software; you can redistribute it and/or modify
6
* it under the terms of the GNU General Public License version 2 as
7
* published by the Free Software Foundation.
9
* Alternatively, this software may be distributed under the terms of BSD
12
* See README and COPYING for more details.
22
#define EAP_FAST_VERSION 1
23
#define EAP_FAST_KEY_LEN 64
24
#define EAP_FAST_SIMCK_LEN 40
25
#define EAP_FAST_SKS_LEN 40
26
#define EAP_FAST_CMK_LEN 20
28
#define TLS_EXT_PAC_OPAQUE 35
31
* RFC 5422: Section 4.2.1 - Formats for PAC TLV Attributes / Type Field
32
* Note: bit 0x8000 (Mandatory) and bit 0x4000 (Reserved) are also defined
33
* in the general PAC TLV format (Section 4.2).
35
#define PAC_TYPE_PAC_KEY 1
36
#define PAC_TYPE_PAC_OPAQUE 2
37
#define PAC_TYPE_CRED_LIFETIME 3
38
#define PAC_TYPE_A_ID 4
39
#define PAC_TYPE_I_ID 5
41
* 6 was previous assigned for SERVER_PROTECTED_DATA, but
42
* draft-cam-winget-eap-fast-provisioning-02.txt changed this to Reserved.
44
#define PAC_TYPE_A_ID_INFO 7
45
#define PAC_TYPE_PAC_ACKNOWLEDGEMENT 8
46
#define PAC_TYPE_PAC_INFO 9
47
#define PAC_TYPE_PAC_TYPE 10
63
#define EAP_FAST_PAC_KEY_LEN 32
65
/* RFC 5422: 4.2.6 PAC-Type TLV */
66
#define PAC_TYPE_TUNNEL_PAC 1
67
/* Application Specific Short Lived PACs (only in volatile storage) */
68
/* User Authorization PAC */
69
#define PAC_TYPE_USER_AUTHORIZATION 3
70
/* Application Specific Long Lived PACs */
71
/* Machine Authentication PAC */
72
#define PAC_TYPE_MACHINE_AUTHENTICATION 2
77
* Section 3.3 - Key Derivations Used in the EAP-FAST Provisioning Exchange
79
struct eap_fast_key_block_provisioning {
80
/* Extra key material after TLS key_block */
81
u8 session_key_seed[EAP_FAST_SKS_LEN];
82
u8 server_challenge[16]; /* MSCHAPv2 ServerChallenge */
83
u8 client_challenge[16]; /* MSCHAPv2 ClientChallenge */
88
struct tls_connection;
90
struct eap_fast_tlv_parse {
92
size_t eap_payload_tlv_len;
93
struct eap_tlv_crypto_binding_tlv *crypto_binding;
94
size_t crypto_binding_len;
102
void eap_fast_put_tlv_hdr(struct wpabuf *buf, u16 type, u16 len);
103
void eap_fast_put_tlv(struct wpabuf *buf, u16 type, const void *data,
105
void eap_fast_put_tlv_buf(struct wpabuf *buf, u16 type,
106
const struct wpabuf *data);
107
struct wpabuf * eap_fast_tlv_eap_payload(struct wpabuf *buf);
108
void eap_fast_derive_master_secret(const u8 *pac_key, const u8 *server_random,
109
const u8 *client_random, u8 *master_secret);
110
u8 * eap_fast_derive_key(void *ssl_ctx, struct tls_connection *conn,
111
const char *label, size_t len);
112
void eap_fast_derive_eap_msk(const u8 *simck, u8 *msk);
113
void eap_fast_derive_eap_emsk(const u8 *simck, u8 *emsk);
114
int eap_fast_parse_tlv(struct eap_fast_tlv_parse *tlv,
115
int tlv_type, u8 *pos, int len);
121
#endif /* EAP_FAST_H */