The FreeRADIUS server $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Loading...
Searching...
No Matches
eap_fast.h
Go to the documentation of this file.
1#pragma once
2/*
3 * This program is free software; you can redistribute it and/or modify
4 * it under the terms of the GNU General Public License as published by
5 * the Free Software Foundation; either version 2 of the License, or (at
6 * your option) any later version.
7 *
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
12 *
13 * You should have received a copy of the GNU General Public License
14 * along with this program; if not, write to the Free Software
15 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
16 */
17
18/**
19 * $Id: c0b9157e6245cdd650d7284b4a9b6680676a81a4 $
20 * @file eap_fast.h
21 * @brief Function declarations and packet structures
22 *
23 * @author Alexander Clouter (alex@digriz.org.uk)
24 *
25 * @copyright 2016 Alan DeKok (aland@freeradius.org)
26 * @copyright 2016 The FreeRADIUS server project
27 */
28RCSIDH(eap_fast_h, "$Id: c0b9157e6245cdd650d7284b4a9b6680676a81a4 $")
29
30#include <freeradius-devel/eap/tls.h>
31#include <freeradius-devel/radius/radius.h>
32#include <freeradius-devel/util/chap.h>
33
34#define EAP_FAST_VERSION 1
35
36#define EAP_FAST_KEY_LEN 64
37#define EAP_EMSK_LEN 64
38#define EAP_FAST_SKS_LEN 40
39#define EAP_FAST_SIMCK_LEN 40
40#define EAP_FAST_CMK_LEN 20
41
42#define EAP_FAST_TLV_MANDATORY 0x8000
43#define EAP_FAST_TLV_TYPE 0x3fff
44
45#define EAP_FAST_FATAL_ERROR 2000
46#define EAP_FAST_ERR_TUNNEL_COMPROMISED 2001
47#define EAP_FAST_ERR_UNEXPECTED_TLV 2002
48
49#define EAP_FAST_TLV_RESULT_SUCCESS 1
50#define EAP_FAST_TLV_RESULT_FAILURE 2
51
59
66
73
74#define PAC_KEY_LENGTH 32
75#define PAC_A_ID_LENGTH 16
76#define PAC_I_ID_LENGTH 16
77#define PAC_A_ID_INFO_LENGTH 32
78
79typedef struct {
80 uint16_t type;
81 uint16_t length;
82} CC_HINT(__packed__) eap_fast_pac_attr_hdr_t;
83
84typedef struct {
85 eap_fast_pac_attr_hdr_t hdr;
86 uint32_t data; // secs since epoch
87} CC_HINT(__packed__) eap_fast_pac_attr_lifetime_t;
88
93
98
103
108
113
119
120typedef struct {
121 eap_fast_pac_attr_hdr_t hdr;
122 unsigned char aad[PAC_A_ID_LENGTH];
123 unsigned char iv[EVP_MAX_IV_LENGTH];
124 unsigned char tag[EVP_GCM_TLS_TAG_LEN];
125 uint8_t data[sizeof(eap_fast_attr_pac_opaque_plaintext_t) * 2]; // space for EVP
126} CC_HINT(__packed__) eap_fast_attr_pac_opaque_t;
127
135
141
142/* RFC 4851, Section 4.2.8 - Crypto-Binding TLV */
153
158
159/* RFC 5422: Section 3.3 - Key Derivations Used in the EAP-FAST Provisioning Exchange */
160typedef struct {
161 uint8_t session_key_seed[EAP_FAST_SKS_LEN];
162 uint8_t server_challenge[MD5_DIGEST_LENGTH];
163 uint8_t client_challenge[MD5_DIGEST_LENGTH];
164} CC_HINT(__packed__) eap_fast_keyblock_t;
165
166typedef struct {
167 fr_pair_t *username;
168
169 bool authenticated;
170
171 int mode;
172 eap_fast_stage_t stage;
173 eap_fast_keyblock_t *keyblock;
174 uint8_t *s_imck;
175 uint8_t *cmk;
176 int imck_count;
177 struct {
178 uint8_t mppe_send[MD5_DIGEST_LENGTH];
179 uint8_t mppe_recv[MD5_DIGEST_LENGTH];
180 } CC_HINT(__packed__) isk;
181 uint8_t *msk;
182 uint8_t *emsk;
183
184 int default_method;
185 int default_provisioning_method;
186
187 fr_time_delta_t pac_lifetime;
188 char const *authority_identity;
189 uint8_t const *a_id;
190 uint8_t const *pac_opaque_key;
191
192 struct {
193 uint8_t *key;
194 eap_fast_pac_type_t type;
195 fr_time_t expires;
196 bool expired;
197 bool send;
198 } pac;
199
200 bool result_final;
201
202#ifdef WITH_PROXY
203 bool proxy_tunneled_request_as_eap; //!< Proxy tunneled session as EAP, or as de-capsulated
204 //!< protocol.
205#endif
206 CONF_SECTION *server_cs;
207} eap_fast_tunnel_t;
RCSIDH
#define RCSIDH(h, id)
Definition build.h:486
cf_section
A section grouping multiple CONF_PAIR.
Definition cf_priv.h:101
eap_tlv_crypto_binding_tlv_t::tlv_type
uint16_t tlv_type
Definition eap_fast.h:144
eap_fast_tunnel_t::result_final
bool result_final
Definition eap_fast.h:200
eap_fast_tunnel_t::a_id
uint8_t const * a_id
Definition eap_fast.h:189
EAP_FAST_SKS_LEN
#define EAP_FAST_SKS_LEN
Definition eap_fast.h:38
eap_fast_attr_pac_opaque_plaintext_t::lifetime
eap_fast_pac_attr_lifetime_t lifetime
Definition eap_fast.h:116
eap_fast_pac_attr_i_id_t::hdr
eap_fast_pac_attr_hdr_t hdr
Definition eap_fast.h:95
eap_fast_tunnel_t::authenticated
bool authenticated
Definition eap_fast.h:169
eap_fast_pac_attr_a_id_info_t::hdr
eap_fast_pac_attr_hdr_t hdr
Definition eap_fast.h:100
eap_fast_attr_pac_info_t::lifetime
eap_fast_pac_attr_lifetime_t lifetime
Definition eap_fast.h:130
eap_fast_tunnel_t::stage
eap_fast_stage_t stage
Definition eap_fast.h:172
eap_fast_pac_attr_pac_type_t::data
uint16_t data
Definition eap_fast.h:106
PAC_A_ID_LENGTH
#define PAC_A_ID_LENGTH
Definition eap_fast.h:75
eap_fast_pac_t::key
eap_fast_pac_attr_pac_key_t key
Definition eap_fast.h:137
eap_fast_tunnel_t::keyblock
eap_fast_keyblock_t * keyblock
Definition eap_fast.h:173
eap_fast_pac_attr_lifetime_t::hdr
eap_fast_pac_attr_hdr_t hdr
Definition eap_fast.h:85
eap_fast_tunnel_t::pac_lifetime
fr_time_delta_t pac_lifetime
Definition eap_fast.h:187
eap_fast_tunnel_t::s_imck
uint8_t * s_imck
Definition eap_fast.h:174
eap_fast_pac_attr_lifetime_t::data
uint32_t data
Definition eap_fast.h:86
eap_fast_tlv_crypto_binding_tlv_subtype_t
eap_fast_tlv_crypto_binding_tlv_subtype_t
Definition eap_fast.h:154
EAP_FAST_TLV_CRYPTO_BINDING_SUBTYPE_REQUEST
@ EAP_FAST_TLV_CRYPTO_BINDING_SUBTYPE_REQUEST
Definition eap_fast.h:155
EAP_FAST_TLV_CRYPTO_BINDING_SUBTYPE_RESPONSE
@ EAP_FAST_TLV_CRYPTO_BINDING_SUBTYPE_RESPONSE
Definition eap_fast.h:156
eap_tlv_crypto_binding_tlv_t::reserved
uint8_t reserved
Definition eap_fast.h:146
eap_fast_pac_attr_hdr_t::type
uint16_t type
Definition eap_fast.h:80
eap_fast_attr_pac_info_t::a_id_info
eap_fast_pac_attr_a_id_info_t a_id_info
Definition eap_fast.h:132
eap_tlv_crypto_binding_tlv_t::subtype
uint8_t subtype
Definition eap_fast.h:149
eap_tlv_crypto_binding_tlv_t::version
uint8_t version
Definition eap_fast.h:147
eap_fast_tunnel_t::default_provisioning_method
int default_provisioning_method
Definition eap_fast.h:185
eap_fast_attr_pac_info_t::hdr
eap_fast_pac_attr_hdr_t hdr
Definition eap_fast.h:129
PAC_I_ID_LENGTH
#define PAC_I_ID_LENGTH
Definition eap_fast.h:76
eap_fast_tunnel_t::default_method
int default_method
Definition eap_fast.h:184
eap_tlv_crypto_binding_tlv_t::length
uint16_t length
Definition eap_fast.h:145
eap_fast_tunnel_t::username
fr_pair_t * username
Definition eap_fast.h:167
eap_fast_attr_pac_opaque_t::hdr
eap_fast_pac_attr_hdr_t hdr
Definition eap_fast.h:121
eap_fast_tunnel_t::emsk
uint8_t * emsk
Definition eap_fast.h:182
eap_fast_pac_attr_pac_key_t::hdr
eap_fast_pac_attr_hdr_t hdr
Definition eap_fast.h:110
eap_fast_pac_t::opaque
eap_fast_attr_pac_opaque_t opaque
Definition eap_fast.h:139
eap_fast_attr_pac_opaque_plaintext_t::type
eap_fast_pac_attr_pac_type_t type
Definition eap_fast.h:115
eap_fast_pac_attr_a_id_t::hdr
eap_fast_pac_attr_hdr_t hdr
Definition eap_fast.h:90
eap_fast_tunnel_t::authority_identity
char const * authority_identity
Definition eap_fast.h:188
eap_fast_pac_t::info
eap_fast_attr_pac_info_t info
Definition eap_fast.h:138
PAC_A_ID_INFO_LENGTH
#define PAC_A_ID_INFO_LENGTH
Definition eap_fast.h:77
eap_fast_attr_pac_info_t::a_id
eap_fast_pac_attr_a_id_t a_id
Definition eap_fast.h:131
eap_fast_pac_attr_pac_type_t::hdr
eap_fast_pac_attr_hdr_t hdr
Definition eap_fast.h:105
eap_fast_tunnel_t::cmk
uint8_t * cmk
Definition eap_fast.h:175
eap_fast_attr_pac_info_t::type
eap_fast_pac_attr_pac_type_t type
Definition eap_fast.h:133
eap_fast_pac_attr_hdr_t::length
uint16_t length
Definition eap_fast.h:81
eap_fast_tunnel_t::mode
int mode
Definition eap_fast.h:171
eap_fast_stage_t
eap_fast_stage_t
Definition eap_fast.h:52
EAP_FAST_COMPLETE
@ EAP_FAST_COMPLETE
Definition eap_fast.h:57
EAP_FAST_AUTHENTICATION
@ EAP_FAST_AUTHENTICATION
Definition eap_fast.h:54
EAP_FAST_CRYPTOBIND_CHECK
@ EAP_FAST_CRYPTOBIND_CHECK
Definition eap_fast.h:55
EAP_FAST_PROVISIONING
@ EAP_FAST_PROVISIONING
Definition eap_fast.h:56
EAP_FAST_TLS_SESSION_HANDSHAKE
@ EAP_FAST_TLS_SESSION_HANDSHAKE
Definition eap_fast.h:53
PAC_KEY_LENGTH
#define PAC_KEY_LENGTH
Definition eap_fast.h:74
eap_fast_auth_type_t
eap_fast_auth_type_t
Definition eap_fast.h:60
EAP_FAST_UNKNOWN
@ EAP_FAST_UNKNOWN
Definition eap_fast.h:61
EAP_FAST_NORMAL_AUTH
@ EAP_FAST_NORMAL_AUTH
Definition eap_fast.h:64
EAP_FAST_PROVISIONING_ANON
@ EAP_FAST_PROVISIONING_ANON
Definition eap_fast.h:62
EAP_FAST_PROVISIONING_AUTH
@ EAP_FAST_PROVISIONING_AUTH
Definition eap_fast.h:63
eap_fast_tunnel_t::imck_count
int imck_count
Definition eap_fast.h:176
eap_fast_tunnel_t::server_cs
CONF_SECTION * server_cs
Definition eap_fast.h:206
eap_fast_attr_pac_opaque_plaintext_t::key
eap_fast_pac_attr_pac_key_t key
Definition eap_fast.h:117
eap_fast_pac_type_t
eap_fast_pac_type_t
Definition eap_fast.h:67
PAC_TYPE_MAX
@ PAC_TYPE_MAX
Definition eap_fast.h:71
PAC_TYPE_USER_AUTHZ
@ PAC_TYPE_USER_AUTHZ
Definition eap_fast.h:70
PAC_TYPE_TUNNEL
@ PAC_TYPE_TUNNEL
Definition eap_fast.h:68
PAC_TYPE_MACHINE_AUTH
@ PAC_TYPE_MACHINE_AUTH
Definition eap_fast.h:69
eap_tlv_crypto_binding_tlv_t::received_version
uint8_t received_version
Definition eap_fast.h:148
eap_fast_tunnel_t::pac_opaque_key
uint8_t const * pac_opaque_key
Definition eap_fast.h:190
eap_fast_tunnel_t::msk
uint8_t * msk
Definition eap_fast.h:181
eap_fast_attr_pac_info_t
Definition eap_fast.h:128
eap_fast_attr_pac_opaque_plaintext_t
Definition eap_fast.h:114
eap_fast_attr_pac_opaque_t
Definition eap_fast.h:120
eap_fast_keyblock_t
Definition eap_fast.h:160
eap_fast_pac_attr_a_id_info_t
Definition eap_fast.h:99
eap_fast_pac_attr_a_id_t
Definition eap_fast.h:89
eap_fast_pac_attr_hdr_t
Definition eap_fast.h:79
eap_fast_pac_attr_i_id_t
Definition eap_fast.h:94
eap_fast_pac_attr_lifetime_t
Definition eap_fast.h:84
eap_fast_pac_attr_pac_key_t
Definition eap_fast.h:109
eap_fast_pac_attr_pac_type_t
Definition eap_fast.h:104
eap_fast_pac_t
Definition eap_fast.h:136
eap_fast_tunnel_t
Definition eap_fast.h:166
eap_tlv_crypto_binding_tlv_t
Definition eap_fast.h:143
MD5_DIGEST_LENGTH
#define MD5_DIGEST_LENGTH
Definition merged_model.c:242
uint16_t
unsigned short uint16_t
Definition merged_model.c:31
uint32_t
unsigned int uint32_t
Definition merged_model.c:33
uint8_t
unsigned char uint8_t
Definition merged_model.c:30
type
fr_aka_sim_id_type_t type
Definition state_machine.c:3654
value_pair_s
Stores an attribute, a value and various bits of other data.
Definition pair.h:68
fr_time_delta_s
A time delta, a difference in time measured in nanoseconds.
Definition time.h:80
fr_time_s
"server local" time.
Definition time.h:69
data
static fr_slen_t data
Definition value.h:1291
Generated by   doxygen 1.9.8