fragattacks/src/eap_common/eap_teap_common.h

/*
 * EAP-TEAP definitions (RFC 7170)
 * Copyright (c) 2004-2019, Jouni Malinen <j@w1.fi>
 *
 * This software may be distributed under the terms of the BSD license.
 * See README for more details.
 */

#ifndef EAP_TEAP_H
#define EAP_TEAP_H

#define EAP_TEAP_VERSION 1
#define EAP_TEAP_KEY_LEN 64
#define EAP_TEAP_IMCK_LEN 60
#define EAP_TEAP_SIMCK_LEN 40
#define EAP_TEAP_CMK_LEN 20
#define EAP_TEAP_COMPOUND_MAC_LEN 20
#define EAP_TEAP_NONCE_LEN 32

#define TEAP_TLS_EXPORTER_LABEL_SKS "EXPORTER: teap session key seed"

#define TLS_EXT_PAC_OPAQUE 35

/*
 * RFC 7170: Section 4.2.12.1 - Formats for PAC Attributes
 * Note: bit 0x8000 (Mandatory) and bit 0x4000 (Reserved) are also defined
 * in the general TLV format (Section 4.2.1).
 */
#define PAC_TYPE_PAC_KEY 1
#define PAC_TYPE_PAC_OPAQUE 2
#define PAC_TYPE_CRED_LIFETIME 3
#define PAC_TYPE_A_ID 4
#define PAC_TYPE_I_ID 5
/* 6 - Reserved */
#define PAC_TYPE_A_ID_INFO 7
#define PAC_TYPE_PAC_ACKNOWLEDGEMENT 8
#define PAC_TYPE_PAC_INFO 9
#define PAC_TYPE_PAC_TYPE 10

#ifdef _MSC_VER
#pragma pack(push, 1)
#endif /* _MSC_VER */

struct pac_attr_hdr {
	be16 type;
	be16 len;
} STRUCT_PACKED;

struct teap_tlv_hdr {
	be16 tlv_type;
	be16 length;
} STRUCT_PACKED;

/* Result TLV and Intermediate-Result TLV */
struct teap_tlv_result {
	be16 tlv_type;
	be16 length;
	be16 status;
	/* for Intermediate-Result TLV, followed by optional TLVs */
} STRUCT_PACKED;

struct teap_tlv_nak {
	be16 tlv_type;
	be16 length;
	be32 vendor_id;
	be16 nak_type;
	/* followed by optional TLVs */
} STRUCT_PACKED;

struct teap_tlv_crypto_binding {
	be16 tlv_type; /* TLV Type[14b] and M/R flags */
	be16 length;
	u8 reserved;
	u8 version;
	u8 received_version;
	u8 subtype; /* Flags[4b] and Sub-Type[4b] */
	u8 nonce[EAP_TEAP_NONCE_LEN];
	u8 emsk_compound_mac[EAP_TEAP_COMPOUND_MAC_LEN];
	u8 msk_compound_mac[EAP_TEAP_COMPOUND_MAC_LEN];
} STRUCT_PACKED;

struct teap_tlv_request_action {
	be16 tlv_type;
	be16 length;
	u8 status;
	u8 action;
	/* followed by optional TLVs */
} STRUCT_PACKED;

enum teap_request_action {
	TEAP_REQUEST_ACTION_PROCESS_TLV = 1,
	TEAP_REQUEST_ACTION_NEGOTIATE_EAP = 2,
};

/* PAC TLV with PAC-Acknowledgement TLV attribute */
struct teap_tlv_pac_ack {
	be16 tlv_type;
	be16 length;
	be16 pac_type;
	be16 pac_len;
	be16 result;
} STRUCT_PACKED;

struct teap_attr_pac_type {
	be16 type; /* PAC_TYPE_PAC_TYPE */
	be16 length; /* 2 */
	be16 pac_type;
} STRUCT_PACKED;

#ifdef _MSC_VER
#pragma pack(pop)
#endif /* _MSC_VER */

#define TEAP_CRYPTO_BINDING_SUBTYPE_REQUEST 0
#define TEAP_CRYPTO_BINDING_SUBTYPE_RESPONSE 1

#define TEAP_CRYPTO_BINDING_EMSK_CMAC 1
#define TEAP_CRYPTO_BINDING_MSK_CMAC 2
#define TEAP_CRYPTO_BINDING_EMSK_AND_MSK_CMAC 3


#define EAP_TEAP_PAC_KEY_LEN 48

/* RFC 7170: 4.2.12.6 PAC-Type TLV */
#define PAC_TYPE_TUNNEL_PAC 1


/* RFC 7170, 4.2.1: General TLV Format */
enum teap_tlv_types {
	TEAP_TLV_AUTHORITY_ID = 1,
	TEAP_TLV_IDENTITY_TYPE = 2,
	TEAP_TLV_RESULT = 3,
	TEAP_TLV_NAK = 4,
	TEAP_TLV_ERROR = 5,
	TEAP_TLV_CHANNEL_BINDING = 6,
	TEAP_TLV_VENDOR_SPECIFIC = 7,
	TEAP_TLV_REQUEST_ACTION = 8,
	TEAP_TLV_EAP_PAYLOAD = 9,
	TEAP_TLV_INTERMEDIATE_RESULT = 10,
	TEAP_TLV_PAC = 11,
	TEAP_TLV_CRYPTO_BINDING = 12,
	TEAP_TLV_BASIC_PASSWORD_AUTH_REQ = 13,
	TEAP_TLV_BASIC_PASSWORD_AUTH_RESP = 14,
	TEAP_TLV_PKCS7 = 15,
	TEAP_TLV_PKCS10 = 16,
	TEAP_TLV_TRUSTED_SERVER_ROOT = 17,
};

enum teap_tlv_result_status {
	TEAP_STATUS_SUCCESS = 1,
	TEAP_STATUS_FAILURE = 2
};

#define TEAP_TLV_MANDATORY 0x8000
#define TEAP_TLV_TYPE_MASK 0x3fff

/* RFC 7170, 4.2.6: Error TLV */
enum teap_error_codes {
	TEAP_ERROR_INNER_METHOD = 1001,
	TEAP_ERROR_UNSPEC_AUTH_INFRA_PROBLEM = 1002,
	TEAP_ERROR_UNSPEC_AUTHENTICATION_FAILURE = 1003,
	TEAP_ERROR_UNSPEC_AUTHORIZATION_FAILURE = 1004,
	TEAP_ERROR_USER_ACCOUNT_CRED_UNAVAILABLE = 1005,
	TEAP_ERROR_USER_ACCOUNT_EXPIRED = 1006,
	TEAP_ERROR_USER_ACCOUNT_LOCKED_TRY_AGAIN_LATER = 1007,
	TEAP_ERROR_USER_ACCOUNT_LOCKED_ADMIN_REQ = 1008,
	TEAP_ERROR_TUNNEL_COMPROMISE_ERROR = 2001,
	TEAP_ERROR_UNEXPECTED_TLVS_EXCHANGED = 2002,
};

struct wpabuf;
struct tls_connection;

struct eap_teap_tlv_parse {
	u8 *eap_payload_tlv;
	size_t eap_payload_tlv_len;
	struct teap_tlv_crypto_binding *crypto_binding;
	size_t crypto_binding_len;
	int iresult;
	int result;
	u8 *nak;
	size_t nak_len;
	u8 request_action;
	u8 request_action_status;
	u8 *pac;
	size_t pac_len;
	u8 *basic_auth_req;
	size_t basic_auth_req_len;
	u8 *basic_auth_resp;
	size_t basic_auth_resp_len;
};

void eap_teap_put_tlv_hdr(struct wpabuf *buf, u16 type, u16 len);
void eap_teap_put_tlv(struct wpabuf *buf, u16 type, const void *data, u16 len);
void eap_teap_put_tlv_buf(struct wpabuf *buf, u16 type,
			  const struct wpabuf *data);
struct wpabuf * eap_teap_tlv_eap_payload(struct wpabuf *buf);
int eap_teap_derive_eap_msk(const u8 *simck, u8 *msk);
int eap_teap_derive_eap_emsk(const u8 *simck, u8 *emsk);
int eap_teap_derive_cmk_basic_pw_auth(const u8 *s_imck_msk, u8 *cmk);
int eap_teap_derive_imck(const u8 *prev_s_imck_msk, const u8 *prev_s_imck_emsk,
			 const u8 *msk, size_t msk_len,
			 const u8 *emsk, size_t emsk_len,
			 u8 *s_imck_msk, u8 *cmk_msk,
			 u8 *s_imck_emsk, u8 *cmk_emsk);
int eap_teap_compound_mac(u16 tls_cs, const struct teap_tlv_crypto_binding *cb,
			  const struct wpabuf *server_outer_tlvs,
			  const struct wpabuf *peer_outer_tlvs,
			  const u8 *cmk, u8 *compound_mac);
int eap_teap_parse_tlv(struct eap_teap_tlv_parse *tlv,
		       int tlv_type, u8 *pos, size_t len);
const char * eap_teap_tlv_type_str(enum teap_tlv_types type);
struct wpabuf * eap_teap_tlv_result(int status, int intermediate);
struct wpabuf * eap_teap_tlv_error(enum teap_error_codes error);
int eap_teap_allowed_anon_prov_phase2_method(u8 type);
int eap_teap_allowed_anon_prov_cipher_suite(u16 cs);

#endif /* EAP_TEAP_H */
EAP-TEAP server and peer implementation (RFC 7170) This adds support for a new EAP method: EAP-TEAP (Tunnel Extensible Authentication Protocol). This should be considered experimental since RFC 7170 has number of conflicting statements and missing details to allow unambiguous interpretation. As such, there may be interoperability issues with other implementations and this version should not be deployed for production purposes until those unclear areas are resolved. This does not yet support use of NewSessionTicket message to deliver a new PAC (either in the server or peer implementation). In other words, only the in-tunnel distribution of PAC-Opaque is supported for now. Use of the NewSessionTicket mechanism would require TLS library support to allow arbitrary data to be specified as the contents of the message. Signed-off-by: Jouni Malinen <j@w1.fi> 2019-07-09 09:56:02 -04:00			`/*`
			`* EAP-TEAP definitions (RFC 7170)`
			`* Copyright (c) 2004-2019, Jouni Malinen <j@w1.fi>`
			`*`
			`* This software may be distributed under the terms of the BSD license.`
			`* See README for more details.`
			`*/`

			`#ifndef EAP_TEAP_H`
			`#define EAP_TEAP_H`

			`#define EAP_TEAP_VERSION 1`
			`#define EAP_TEAP_KEY_LEN 64`
			`#define EAP_TEAP_IMCK_LEN 60`
			`#define EAP_TEAP_SIMCK_LEN 40`
			`#define EAP_TEAP_CMK_LEN 20`
			`#define EAP_TEAP_COMPOUND_MAC_LEN 20`
			`#define EAP_TEAP_NONCE_LEN 32`

			`#define TEAP_TLS_EXPORTER_LABEL_SKS "EXPORTER: teap session key seed"`

			`#define TLS_EXT_PAC_OPAQUE 35`

			`/*`
			`* RFC 7170: Section 4.2.12.1 - Formats for PAC Attributes`
			`* Note: bit 0x8000 (Mandatory) and bit 0x4000 (Reserved) are also defined`
			`* in the general TLV format (Section 4.2.1).`
			`*/`
			`#define PAC_TYPE_PAC_KEY 1`
			`#define PAC_TYPE_PAC_OPAQUE 2`
			`#define PAC_TYPE_CRED_LIFETIME 3`
			`#define PAC_TYPE_A_ID 4`
			`#define PAC_TYPE_I_ID 5`
			`/* 6 - Reserved */`
			`#define PAC_TYPE_A_ID_INFO 7`
			`#define PAC_TYPE_PAC_ACKNOWLEDGEMENT 8`
			`#define PAC_TYPE_PAC_INFO 9`
			`#define PAC_TYPE_PAC_TYPE 10`

			`#ifdef _MSC_VER`
			`#pragma pack(push, 1)`
			`#endif /* _MSC_VER */`

			`struct pac_attr_hdr {`
			`be16 type;`
			`be16 len;`
			`} STRUCT_PACKED;`

			`struct teap_tlv_hdr {`
			`be16 tlv_type;`
			`be16 length;`
			`} STRUCT_PACKED;`

			`/* Result TLV and Intermediate-Result TLV */`
			`struct teap_tlv_result {`
			`be16 tlv_type;`
			`be16 length;`
			`be16 status;`
			`/* for Intermediate-Result TLV, followed by optional TLVs */`
			`} STRUCT_PACKED;`

			`struct teap_tlv_nak {`
			`be16 tlv_type;`
			`be16 length;`
			`be32 vendor_id;`
			`be16 nak_type;`
			`/* followed by optional TLVs */`
			`} STRUCT_PACKED;`

			`struct teap_tlv_crypto_binding {`
			`be16 tlv_type; /* TLV Type[14b] and M/R flags */`
			`be16 length;`
			`u8 reserved;`
			`u8 version;`
			`u8 received_version;`
			`u8 subtype; /* Flags[4b] and Sub-Type[4b] */`
			`u8 nonce[EAP_TEAP_NONCE_LEN];`
			`u8 emsk_compound_mac[EAP_TEAP_COMPOUND_MAC_LEN];`
			`u8 msk_compound_mac[EAP_TEAP_COMPOUND_MAC_LEN];`
			`} STRUCT_PACKED;`

			`struct teap_tlv_request_action {`
			`be16 tlv_type;`
			`be16 length;`
			`u8 status;`
			`u8 action;`
			`/* followed by optional TLVs */`
			`} STRUCT_PACKED;`

			`enum teap_request_action {`
			`TEAP_REQUEST_ACTION_PROCESS_TLV = 1,`
			`TEAP_REQUEST_ACTION_NEGOTIATE_EAP = 2,`
			`};`

			`/* PAC TLV with PAC-Acknowledgement TLV attribute */`
			`struct teap_tlv_pac_ack {`
			`be16 tlv_type;`
			`be16 length;`
			`be16 pac_type;`
			`be16 pac_len;`
			`be16 result;`
			`} STRUCT_PACKED;`

			`struct teap_attr_pac_type {`
			`be16 type; /* PAC_TYPE_PAC_TYPE */`
			`be16 length; /* 2 */`
			`be16 pac_type;`
			`} STRUCT_PACKED;`

			`#ifdef _MSC_VER`
			`#pragma pack(pop)`
			`#endif /* _MSC_VER */`

			`#define TEAP_CRYPTO_BINDING_SUBTYPE_REQUEST 0`
			`#define TEAP_CRYPTO_BINDING_SUBTYPE_RESPONSE 1`

			`#define TEAP_CRYPTO_BINDING_EMSK_CMAC 1`
			`#define TEAP_CRYPTO_BINDING_MSK_CMAC 2`
			`#define TEAP_CRYPTO_BINDING_EMSK_AND_MSK_CMAC 3`


			`#define EAP_TEAP_PAC_KEY_LEN 48`

			`/* RFC 7170: 4.2.12.6 PAC-Type TLV */`
			`#define PAC_TYPE_TUNNEL_PAC 1`


			`/* RFC 7170, 4.2.1: General TLV Format */`
			`enum teap_tlv_types {`
			`TEAP_TLV_AUTHORITY_ID = 1,`
			`TEAP_TLV_IDENTITY_TYPE = 2,`
			`TEAP_TLV_RESULT = 3,`
			`TEAP_TLV_NAK = 4,`
			`TEAP_TLV_ERROR = 5,`
			`TEAP_TLV_CHANNEL_BINDING = 6,`
			`TEAP_TLV_VENDOR_SPECIFIC = 7,`
			`TEAP_TLV_REQUEST_ACTION = 8,`
			`TEAP_TLV_EAP_PAYLOAD = 9,`
			`TEAP_TLV_INTERMEDIATE_RESULT = 10,`
			`TEAP_TLV_PAC = 11,`
			`TEAP_TLV_CRYPTO_BINDING = 12,`
			`TEAP_TLV_BASIC_PASSWORD_AUTH_REQ = 13,`
			`TEAP_TLV_BASIC_PASSWORD_AUTH_RESP = 14,`
			`TEAP_TLV_PKCS7 = 15,`
			`TEAP_TLV_PKCS10 = 16,`
			`TEAP_TLV_TRUSTED_SERVER_ROOT = 17,`
			`};`

			`enum teap_tlv_result_status {`
			`TEAP_STATUS_SUCCESS = 1,`
			`TEAP_STATUS_FAILURE = 2`
			`};`

			`#define TEAP_TLV_MANDATORY 0x8000`
			`#define TEAP_TLV_TYPE_MASK 0x3fff`

			`/* RFC 7170, 4.2.6: Error TLV */`
			`enum teap_error_codes {`
			`TEAP_ERROR_INNER_METHOD = 1001,`
			`TEAP_ERROR_UNSPEC_AUTH_INFRA_PROBLEM = 1002,`
			`TEAP_ERROR_UNSPEC_AUTHENTICATION_FAILURE = 1003,`
			`TEAP_ERROR_UNSPEC_AUTHORIZATION_FAILURE = 1004,`
			`TEAP_ERROR_USER_ACCOUNT_CRED_UNAVAILABLE = 1005,`
			`TEAP_ERROR_USER_ACCOUNT_EXPIRED = 1006,`
			`TEAP_ERROR_USER_ACCOUNT_LOCKED_TRY_AGAIN_LATER = 1007,`
			`TEAP_ERROR_USER_ACCOUNT_LOCKED_ADMIN_REQ = 1008,`
			`TEAP_ERROR_TUNNEL_COMPROMISE_ERROR = 2001,`
			`TEAP_ERROR_UNEXPECTED_TLVS_EXCHANGED = 2002,`
			`};`

			`struct wpabuf;`
			`struct tls_connection;`

			`struct eap_teap_tlv_parse {`
			`u8 *eap_payload_tlv;`
			`size_t eap_payload_tlv_len;`
			`struct teap_tlv_crypto_binding *crypto_binding;`
			`size_t crypto_binding_len;`
			`int iresult;`
			`int result;`
			`u8 *nak;`
			`size_t nak_len;`
			`u8 request_action;`
			`u8 request_action_status;`
			`u8 *pac;`
			`size_t pac_len;`
			`u8 *basic_auth_req;`
			`size_t basic_auth_req_len;`
			`u8 *basic_auth_resp;`
			`size_t basic_auth_resp_len;`
			`};`

			`void eap_teap_put_tlv_hdr(struct wpabuf *buf, u16 type, u16 len);`
			`void eap_teap_put_tlv(struct wpabuf buf, u16 type, const void data, u16 len);`
			`void eap_teap_put_tlv_buf(struct wpabuf *buf, u16 type,`
			`const struct wpabuf *data);`
			`struct wpabuf * eap_teap_tlv_eap_payload(struct wpabuf *buf);`
			`int eap_teap_derive_eap_msk(const u8 simck, u8 msk);`
			`int eap_teap_derive_eap_emsk(const u8 simck, u8 emsk);`
			`int eap_teap_derive_cmk_basic_pw_auth(const u8 s_imck_msk, u8 cmk);`
			`int eap_teap_derive_imck(const u8 prev_s_imck_msk, const u8 prev_s_imck_emsk,`
			`const u8 *msk, size_t msk_len,`
			`const u8 *emsk, size_t emsk_len,`
			`u8 s_imck_msk, u8 cmk_msk,`
			`u8 s_imck_emsk, u8 cmk_emsk);`
			`int eap_teap_compound_mac(u16 tls_cs, const struct teap_tlv_crypto_binding *cb,`
			`const struct wpabuf *server_outer_tlvs,`
			`const struct wpabuf *peer_outer_tlvs,`
			`const u8 cmk, u8 compound_mac);`
			`int eap_teap_parse_tlv(struct eap_teap_tlv_parse *tlv,`
			`int tlv_type, u8 *pos, size_t len);`
			`const char * eap_teap_tlv_type_str(enum teap_tlv_types type);`
			`struct wpabuf * eap_teap_tlv_result(int status, int intermediate);`
			`struct wpabuf * eap_teap_tlv_error(enum teap_error_codes error);`
			`int eap_teap_allowed_anon_prov_phase2_method(u8 type);`
			`int eap_teap_allowed_anon_prov_cipher_suite(u16 cs);`

			`#endif /* EAP_TEAP_H */`