139beb93cSSam Leffler /* 239beb93cSSam Leffler * EAP-FAST definitions (RFC 4851) 339beb93cSSam Leffler * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi> 439beb93cSSam Leffler * 5f05cddf9SRui Paulo * This software may be distributed under the terms of the BSD license. 6f05cddf9SRui Paulo * See README for more details. 739beb93cSSam Leffler */ 839beb93cSSam Leffler 939beb93cSSam Leffler #ifndef EAP_FAST_H 1039beb93cSSam Leffler #define EAP_FAST_H 1139beb93cSSam Leffler 1239beb93cSSam Leffler #define EAP_FAST_VERSION 1 1339beb93cSSam Leffler #define EAP_FAST_KEY_LEN 64 1439beb93cSSam Leffler #define EAP_FAST_SIMCK_LEN 40 1539beb93cSSam Leffler #define EAP_FAST_SKS_LEN 40 1639beb93cSSam Leffler #define EAP_FAST_CMK_LEN 20 1739beb93cSSam Leffler 1839beb93cSSam Leffler #define TLS_EXT_PAC_OPAQUE 35 1939beb93cSSam Leffler 2039beb93cSSam Leffler /* 213157ba21SRui Paulo * RFC 5422: Section 4.2.1 - Formats for PAC TLV Attributes / Type Field 2239beb93cSSam Leffler * Note: bit 0x8000 (Mandatory) and bit 0x4000 (Reserved) are also defined 2339beb93cSSam Leffler * in the general PAC TLV format (Section 4.2). 2439beb93cSSam Leffler */ 2539beb93cSSam Leffler #define PAC_TYPE_PAC_KEY 1 2639beb93cSSam Leffler #define PAC_TYPE_PAC_OPAQUE 2 2739beb93cSSam Leffler #define PAC_TYPE_CRED_LIFETIME 3 2839beb93cSSam Leffler #define PAC_TYPE_A_ID 4 2939beb93cSSam Leffler #define PAC_TYPE_I_ID 5 3039beb93cSSam Leffler /* 3139beb93cSSam Leffler * 6 was previous assigned for SERVER_PROTECTED_DATA, but 3239beb93cSSam Leffler * draft-cam-winget-eap-fast-provisioning-02.txt changed this to Reserved. 3339beb93cSSam Leffler */ 3439beb93cSSam Leffler #define PAC_TYPE_A_ID_INFO 7 3539beb93cSSam Leffler #define PAC_TYPE_PAC_ACKNOWLEDGEMENT 8 3639beb93cSSam Leffler #define PAC_TYPE_PAC_INFO 9 3739beb93cSSam Leffler #define PAC_TYPE_PAC_TYPE 10 3839beb93cSSam Leffler 3939beb93cSSam Leffler #ifdef _MSC_VER 4039beb93cSSam Leffler #pragma pack(push, 1) 4139beb93cSSam Leffler #endif /* _MSC_VER */ 4239beb93cSSam Leffler 4339beb93cSSam Leffler struct pac_tlv_hdr { 4439beb93cSSam Leffler be16 type; 4539beb93cSSam Leffler be16 len; 4639beb93cSSam Leffler } STRUCT_PACKED; 4739beb93cSSam Leffler 4839beb93cSSam Leffler #ifdef _MSC_VER 4939beb93cSSam Leffler #pragma pack(pop) 5039beb93cSSam Leffler #endif /* _MSC_VER */ 5139beb93cSSam Leffler 5239beb93cSSam Leffler 5339beb93cSSam Leffler #define EAP_FAST_PAC_KEY_LEN 32 5439beb93cSSam Leffler 553157ba21SRui Paulo /* RFC 5422: 4.2.6 PAC-Type TLV */ 5639beb93cSSam Leffler #define PAC_TYPE_TUNNEL_PAC 1 5739beb93cSSam Leffler /* Application Specific Short Lived PACs (only in volatile storage) */ 5839beb93cSSam Leffler /* User Authorization PAC */ 5939beb93cSSam Leffler #define PAC_TYPE_USER_AUTHORIZATION 3 6039beb93cSSam Leffler /* Application Specific Long Lived PACs */ 6139beb93cSSam Leffler /* Machine Authentication PAC */ 6239beb93cSSam Leffler #define PAC_TYPE_MACHINE_AUTHENTICATION 2 6339beb93cSSam Leffler 6439beb93cSSam Leffler 6539beb93cSSam Leffler /* 663157ba21SRui Paulo * RFC 5422: 673157ba21SRui Paulo * Section 3.3 - Key Derivations Used in the EAP-FAST Provisioning Exchange 6839beb93cSSam Leffler */ 6939beb93cSSam Leffler struct eap_fast_key_block_provisioning { 7039beb93cSSam Leffler /* Extra key material after TLS key_block */ 7139beb93cSSam Leffler u8 session_key_seed[EAP_FAST_SKS_LEN]; 7239beb93cSSam Leffler u8 server_challenge[16]; /* MSCHAPv2 ServerChallenge */ 7339beb93cSSam Leffler u8 client_challenge[16]; /* MSCHAPv2 ClientChallenge */ 7439beb93cSSam Leffler }; 7539beb93cSSam Leffler 7639beb93cSSam Leffler 7739beb93cSSam Leffler struct wpabuf; 7839beb93cSSam Leffler struct tls_connection; 7939beb93cSSam Leffler 8039beb93cSSam Leffler struct eap_fast_tlv_parse { 8139beb93cSSam Leffler u8 *eap_payload_tlv; 8239beb93cSSam Leffler size_t eap_payload_tlv_len; 8339beb93cSSam Leffler struct eap_tlv_crypto_binding_tlv *crypto_binding; 8439beb93cSSam Leffler size_t crypto_binding_len; 8539beb93cSSam Leffler int iresult; 8639beb93cSSam Leffler int result; 8739beb93cSSam Leffler int request_action; 8839beb93cSSam Leffler u8 *pac; 8939beb93cSSam Leffler size_t pac_len; 9039beb93cSSam Leffler }; 9139beb93cSSam Leffler 9239beb93cSSam Leffler void eap_fast_put_tlv_hdr(struct wpabuf *buf, u16 type, u16 len); 9339beb93cSSam Leffler void eap_fast_put_tlv(struct wpabuf *buf, u16 type, const void *data, 9439beb93cSSam Leffler u16 len); 9539beb93cSSam Leffler void eap_fast_put_tlv_buf(struct wpabuf *buf, u16 type, 9639beb93cSSam Leffler const struct wpabuf *data); 9739beb93cSSam Leffler struct wpabuf * eap_fast_tlv_eap_payload(struct wpabuf *buf); 9839beb93cSSam Leffler void eap_fast_derive_master_secret(const u8 *pac_key, const u8 *server_random, 9939beb93cSSam Leffler const u8 *client_random, u8 *master_secret); 10039beb93cSSam Leffler u8 * eap_fast_derive_key(void *ssl_ctx, struct tls_connection *conn, 101*780fb4a2SCy Schubert size_t len); 102*780fb4a2SCy Schubert int eap_fast_derive_eap_msk(const u8 *simck, u8 *msk); 103*780fb4a2SCy Schubert int eap_fast_derive_eap_emsk(const u8 *simck, u8 *emsk); 10439beb93cSSam Leffler int eap_fast_parse_tlv(struct eap_fast_tlv_parse *tlv, 1055b9c547cSRui Paulo int tlv_type, u8 *pos, size_t len); 10639beb93cSSam Leffler 10739beb93cSSam Leffler #endif /* EAP_FAST_H */ 108