1206b73d0SCy Schubert /* 2206b73d0SCy Schubert * EAP-TEAP definitions (RFC 7170) 3206b73d0SCy Schubert * Copyright (c) 2004-2019, Jouni Malinen <j@w1.fi> 4206b73d0SCy Schubert * 5206b73d0SCy Schubert * This software may be distributed under the terms of the BSD license. 6206b73d0SCy Schubert * See README for more details. 7206b73d0SCy Schubert */ 8206b73d0SCy Schubert 9206b73d0SCy Schubert #ifndef EAP_TEAP_H 10206b73d0SCy Schubert #define EAP_TEAP_H 11206b73d0SCy Schubert 12206b73d0SCy Schubert #define EAP_TEAP_VERSION 1 13206b73d0SCy Schubert #define EAP_TEAP_KEY_LEN 64 14206b73d0SCy Schubert #define EAP_TEAP_IMCK_LEN 60 15206b73d0SCy Schubert #define EAP_TEAP_SIMCK_LEN 40 16206b73d0SCy Schubert #define EAP_TEAP_CMK_LEN 20 17206b73d0SCy Schubert #define EAP_TEAP_COMPOUND_MAC_LEN 20 18206b73d0SCy Schubert #define EAP_TEAP_NONCE_LEN 32 19206b73d0SCy Schubert 20206b73d0SCy Schubert #define TEAP_TLS_EXPORTER_LABEL_SKS "EXPORTER: teap session key seed" 21206b73d0SCy Schubert 22206b73d0SCy Schubert #define TLS_EXT_PAC_OPAQUE 35 23206b73d0SCy Schubert 24206b73d0SCy Schubert /* 25206b73d0SCy Schubert * RFC 7170: Section 4.2.12.1 - Formats for PAC Attributes 26206b73d0SCy Schubert * Note: bit 0x8000 (Mandatory) and bit 0x4000 (Reserved) are also defined 27206b73d0SCy Schubert * in the general TLV format (Section 4.2.1). 28206b73d0SCy Schubert */ 29206b73d0SCy Schubert #define PAC_TYPE_PAC_KEY 1 30206b73d0SCy Schubert #define PAC_TYPE_PAC_OPAQUE 2 31206b73d0SCy Schubert #define PAC_TYPE_CRED_LIFETIME 3 32206b73d0SCy Schubert #define PAC_TYPE_A_ID 4 33206b73d0SCy Schubert #define PAC_TYPE_I_ID 5 34206b73d0SCy Schubert /* 6 - Reserved */ 35206b73d0SCy Schubert #define PAC_TYPE_A_ID_INFO 7 36206b73d0SCy Schubert #define PAC_TYPE_PAC_ACKNOWLEDGEMENT 8 37206b73d0SCy Schubert #define PAC_TYPE_PAC_INFO 9 38206b73d0SCy Schubert #define PAC_TYPE_PAC_TYPE 10 39206b73d0SCy Schubert 40206b73d0SCy Schubert #ifdef _MSC_VER 41206b73d0SCy Schubert #pragma pack(push, 1) 42206b73d0SCy Schubert #endif /* _MSC_VER */ 43206b73d0SCy Schubert 44206b73d0SCy Schubert struct pac_attr_hdr { 45206b73d0SCy Schubert be16 type; 46206b73d0SCy Schubert be16 len; 47206b73d0SCy Schubert } STRUCT_PACKED; 48206b73d0SCy Schubert 49206b73d0SCy Schubert struct teap_tlv_hdr { 50206b73d0SCy Schubert be16 tlv_type; 51206b73d0SCy Schubert be16 length; 52206b73d0SCy Schubert } STRUCT_PACKED; 53206b73d0SCy Schubert 54206b73d0SCy Schubert /* Result TLV and Intermediate-Result TLV */ 55206b73d0SCy Schubert struct teap_tlv_result { 56206b73d0SCy Schubert be16 tlv_type; 57206b73d0SCy Schubert be16 length; 58206b73d0SCy Schubert be16 status; 59206b73d0SCy Schubert /* for Intermediate-Result TLV, followed by optional TLVs */ 60206b73d0SCy Schubert } STRUCT_PACKED; 61206b73d0SCy Schubert 62206b73d0SCy Schubert struct teap_tlv_nak { 63206b73d0SCy Schubert be16 tlv_type; 64206b73d0SCy Schubert be16 length; 65206b73d0SCy Schubert be32 vendor_id; 66206b73d0SCy Schubert be16 nak_type; 67206b73d0SCy Schubert /* followed by optional TLVs */ 68206b73d0SCy Schubert } STRUCT_PACKED; 69206b73d0SCy Schubert 70206b73d0SCy Schubert struct teap_tlv_crypto_binding { 71206b73d0SCy Schubert be16 tlv_type; /* TLV Type[14b] and M/R flags */ 72206b73d0SCy Schubert be16 length; 73206b73d0SCy Schubert u8 reserved; 74206b73d0SCy Schubert u8 version; 75206b73d0SCy Schubert u8 received_version; 76206b73d0SCy Schubert u8 subtype; /* Flags[4b] and Sub-Type[4b] */ 77206b73d0SCy Schubert u8 nonce[EAP_TEAP_NONCE_LEN]; 78206b73d0SCy Schubert u8 emsk_compound_mac[EAP_TEAP_COMPOUND_MAC_LEN]; 79206b73d0SCy Schubert u8 msk_compound_mac[EAP_TEAP_COMPOUND_MAC_LEN]; 80206b73d0SCy Schubert } STRUCT_PACKED; 81206b73d0SCy Schubert 82206b73d0SCy Schubert struct teap_tlv_request_action { 83206b73d0SCy Schubert be16 tlv_type; 84206b73d0SCy Schubert be16 length; 85206b73d0SCy Schubert u8 status; 86206b73d0SCy Schubert u8 action; 87206b73d0SCy Schubert /* followed by optional TLVs */ 88206b73d0SCy Schubert } STRUCT_PACKED; 89206b73d0SCy Schubert 90206b73d0SCy Schubert enum teap_request_action { 91206b73d0SCy Schubert TEAP_REQUEST_ACTION_PROCESS_TLV = 1, 92206b73d0SCy Schubert TEAP_REQUEST_ACTION_NEGOTIATE_EAP = 2, 93206b73d0SCy Schubert }; 94206b73d0SCy Schubert 95206b73d0SCy Schubert /* PAC TLV with PAC-Acknowledgement TLV attribute */ 96206b73d0SCy Schubert struct teap_tlv_pac_ack { 97206b73d0SCy Schubert be16 tlv_type; 98206b73d0SCy Schubert be16 length; 99206b73d0SCy Schubert be16 pac_type; 100206b73d0SCy Schubert be16 pac_len; 101206b73d0SCy Schubert be16 result; 102206b73d0SCy Schubert } STRUCT_PACKED; 103206b73d0SCy Schubert 104206b73d0SCy Schubert struct teap_attr_pac_type { 105206b73d0SCy Schubert be16 type; /* PAC_TYPE_PAC_TYPE */ 106206b73d0SCy Schubert be16 length; /* 2 */ 107206b73d0SCy Schubert be16 pac_type; 108206b73d0SCy Schubert } STRUCT_PACKED; 109206b73d0SCy Schubert 110206b73d0SCy Schubert #ifdef _MSC_VER 111206b73d0SCy Schubert #pragma pack(pop) 112206b73d0SCy Schubert #endif /* _MSC_VER */ 113206b73d0SCy Schubert 114206b73d0SCy Schubert #define TEAP_CRYPTO_BINDING_SUBTYPE_REQUEST 0 115206b73d0SCy Schubert #define TEAP_CRYPTO_BINDING_SUBTYPE_RESPONSE 1 116206b73d0SCy Schubert 117206b73d0SCy Schubert #define TEAP_CRYPTO_BINDING_EMSK_CMAC 1 118206b73d0SCy Schubert #define TEAP_CRYPTO_BINDING_MSK_CMAC 2 119206b73d0SCy Schubert #define TEAP_CRYPTO_BINDING_EMSK_AND_MSK_CMAC 3 120206b73d0SCy Schubert 121206b73d0SCy Schubert 122206b73d0SCy Schubert #define EAP_TEAP_PAC_KEY_LEN 48 123206b73d0SCy Schubert 124206b73d0SCy Schubert /* RFC 7170: 4.2.12.6 PAC-Type TLV */ 125206b73d0SCy Schubert #define PAC_TYPE_TUNNEL_PAC 1 126206b73d0SCy Schubert 127206b73d0SCy Schubert 128206b73d0SCy Schubert /* RFC 7170, 4.2.1: General TLV Format */ 129206b73d0SCy Schubert enum teap_tlv_types { 130206b73d0SCy Schubert TEAP_TLV_AUTHORITY_ID = 1, 131206b73d0SCy Schubert TEAP_TLV_IDENTITY_TYPE = 2, 132206b73d0SCy Schubert TEAP_TLV_RESULT = 3, 133206b73d0SCy Schubert TEAP_TLV_NAK = 4, 134206b73d0SCy Schubert TEAP_TLV_ERROR = 5, 135206b73d0SCy Schubert TEAP_TLV_CHANNEL_BINDING = 6, 136206b73d0SCy Schubert TEAP_TLV_VENDOR_SPECIFIC = 7, 137206b73d0SCy Schubert TEAP_TLV_REQUEST_ACTION = 8, 138206b73d0SCy Schubert TEAP_TLV_EAP_PAYLOAD = 9, 139206b73d0SCy Schubert TEAP_TLV_INTERMEDIATE_RESULT = 10, 140206b73d0SCy Schubert TEAP_TLV_PAC = 11, 141206b73d0SCy Schubert TEAP_TLV_CRYPTO_BINDING = 12, 142206b73d0SCy Schubert TEAP_TLV_BASIC_PASSWORD_AUTH_REQ = 13, 143206b73d0SCy Schubert TEAP_TLV_BASIC_PASSWORD_AUTH_RESP = 14, 144206b73d0SCy Schubert TEAP_TLV_PKCS7 = 15, 145206b73d0SCy Schubert TEAP_TLV_PKCS10 = 16, 146206b73d0SCy Schubert TEAP_TLV_TRUSTED_SERVER_ROOT = 17, 147206b73d0SCy Schubert }; 148206b73d0SCy Schubert 149206b73d0SCy Schubert enum teap_tlv_result_status { 150206b73d0SCy Schubert TEAP_STATUS_SUCCESS = 1, 151206b73d0SCy Schubert TEAP_STATUS_FAILURE = 2 152206b73d0SCy Schubert }; 153206b73d0SCy Schubert 154*c1d255d3SCy Schubert /* Identity-Type values within Identity-Type TLV */ 155*c1d255d3SCy Schubert enum teap_identity_types { 156*c1d255d3SCy Schubert TEAP_IDENTITY_TYPE_USER = 1, 157*c1d255d3SCy Schubert TEAP_IDENTITY_TYPE_MACHINE = 2, 158*c1d255d3SCy Schubert }; 159*c1d255d3SCy Schubert 160206b73d0SCy Schubert #define TEAP_TLV_MANDATORY 0x8000 161206b73d0SCy Schubert #define TEAP_TLV_TYPE_MASK 0x3fff 162206b73d0SCy Schubert 163206b73d0SCy Schubert /* RFC 7170, 4.2.6: Error TLV */ 164206b73d0SCy Schubert enum teap_error_codes { 165206b73d0SCy Schubert TEAP_ERROR_INNER_METHOD = 1001, 166206b73d0SCy Schubert TEAP_ERROR_UNSPEC_AUTH_INFRA_PROBLEM = 1002, 167206b73d0SCy Schubert TEAP_ERROR_UNSPEC_AUTHENTICATION_FAILURE = 1003, 168206b73d0SCy Schubert TEAP_ERROR_UNSPEC_AUTHORIZATION_FAILURE = 1004, 169206b73d0SCy Schubert TEAP_ERROR_USER_ACCOUNT_CRED_UNAVAILABLE = 1005, 170206b73d0SCy Schubert TEAP_ERROR_USER_ACCOUNT_EXPIRED = 1006, 171206b73d0SCy Schubert TEAP_ERROR_USER_ACCOUNT_LOCKED_TRY_AGAIN_LATER = 1007, 172206b73d0SCy Schubert TEAP_ERROR_USER_ACCOUNT_LOCKED_ADMIN_REQ = 1008, 173206b73d0SCy Schubert TEAP_ERROR_TUNNEL_COMPROMISE_ERROR = 2001, 174206b73d0SCy Schubert TEAP_ERROR_UNEXPECTED_TLVS_EXCHANGED = 2002, 175206b73d0SCy Schubert }; 176206b73d0SCy Schubert 177206b73d0SCy Schubert struct wpabuf; 178206b73d0SCy Schubert struct tls_connection; 179206b73d0SCy Schubert 180206b73d0SCy Schubert struct eap_teap_tlv_parse { 181206b73d0SCy Schubert u8 *eap_payload_tlv; 182206b73d0SCy Schubert size_t eap_payload_tlv_len; 183206b73d0SCy Schubert struct teap_tlv_crypto_binding *crypto_binding; 184206b73d0SCy Schubert size_t crypto_binding_len; 185206b73d0SCy Schubert int iresult; 186206b73d0SCy Schubert int result; 187206b73d0SCy Schubert u8 *nak; 188206b73d0SCy Schubert size_t nak_len; 189206b73d0SCy Schubert u8 request_action; 190206b73d0SCy Schubert u8 request_action_status; 191206b73d0SCy Schubert u8 *pac; 192206b73d0SCy Schubert size_t pac_len; 193206b73d0SCy Schubert u8 *basic_auth_req; 194206b73d0SCy Schubert size_t basic_auth_req_len; 195206b73d0SCy Schubert u8 *basic_auth_resp; 196206b73d0SCy Schubert size_t basic_auth_resp_len; 197*c1d255d3SCy Schubert u32 error_code; 198*c1d255d3SCy Schubert u16 identity_type; 199206b73d0SCy Schubert }; 200206b73d0SCy Schubert 201206b73d0SCy Schubert void eap_teap_put_tlv_hdr(struct wpabuf *buf, u16 type, u16 len); 202206b73d0SCy Schubert void eap_teap_put_tlv(struct wpabuf *buf, u16 type, const void *data, u16 len); 203206b73d0SCy Schubert void eap_teap_put_tlv_buf(struct wpabuf *buf, u16 type, 204206b73d0SCy Schubert const struct wpabuf *data); 205206b73d0SCy Schubert struct wpabuf * eap_teap_tlv_eap_payload(struct wpabuf *buf); 206*c1d255d3SCy Schubert int eap_teap_derive_eap_msk(u16 tls_cs, const u8 *simck, u8 *msk); 207*c1d255d3SCy Schubert int eap_teap_derive_eap_emsk(u16 tls_cs, const u8 *simck, u8 *emsk); 208*c1d255d3SCy Schubert int eap_teap_derive_cmk_basic_pw_auth(u16 tls_cs, const u8 *s_imck_msk, 209*c1d255d3SCy Schubert u8 *cmk); 210*c1d255d3SCy Schubert int eap_teap_derive_imck(u16 tls_cs, 211*c1d255d3SCy Schubert const u8 *prev_s_imck_msk, const u8 *prev_s_imck_emsk, 212206b73d0SCy Schubert const u8 *msk, size_t msk_len, 213206b73d0SCy Schubert const u8 *emsk, size_t emsk_len, 214206b73d0SCy Schubert u8 *s_imck_msk, u8 *cmk_msk, 215206b73d0SCy Schubert u8 *s_imck_emsk, u8 *cmk_emsk); 216206b73d0SCy Schubert int eap_teap_compound_mac(u16 tls_cs, const struct teap_tlv_crypto_binding *cb, 217206b73d0SCy Schubert const struct wpabuf *server_outer_tlvs, 218206b73d0SCy Schubert const struct wpabuf *peer_outer_tlvs, 219206b73d0SCy Schubert const u8 *cmk, u8 *compound_mac); 220206b73d0SCy Schubert int eap_teap_parse_tlv(struct eap_teap_tlv_parse *tlv, 221206b73d0SCy Schubert int tlv_type, u8 *pos, size_t len); 222206b73d0SCy Schubert const char * eap_teap_tlv_type_str(enum teap_tlv_types type); 223206b73d0SCy Schubert struct wpabuf * eap_teap_tlv_result(int status, int intermediate); 224206b73d0SCy Schubert struct wpabuf * eap_teap_tlv_error(enum teap_error_codes error); 225*c1d255d3SCy Schubert struct wpabuf * eap_teap_tlv_identity_type(enum teap_identity_types id); 226*c1d255d3SCy Schubert enum eap_type; 227*c1d255d3SCy Schubert int eap_teap_allowed_anon_prov_phase2_method(int vendor, enum eap_type type); 228206b73d0SCy Schubert int eap_teap_allowed_anon_prov_cipher_suite(u16 cs); 229206b73d0SCy Schubert 230206b73d0SCy Schubert #endif /* EAP_TEAP_H */ 231