1 /* $OpenBSD: eap.h,v 1.7 2024/07/13 12:22:46 yasuoka Exp $ */ 2 3 /* 4 * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 #ifndef IKED_EAP_H 20 #define IKED_EAP_H 21 22 struct eap_header { 23 uint8_t eap_code; 24 uint8_t eap_id; 25 uint16_t eap_length; 26 } __packed; 27 28 struct eap_message { 29 uint8_t eap_code; 30 uint8_t eap_id; 31 uint16_t eap_length; 32 uint8_t eap_type; 33 /* Followed by type-specific data */ 34 } __packed; 35 36 #define EAP_CODE_REQUEST 1 /* Request */ 37 #define EAP_CODE_RESPONSE 2 /* Response */ 38 #define EAP_CODE_SUCCESS 3 /* Success */ 39 #define EAP_CODE_FAILURE 4 /* Failure */ 40 41 extern struct iked_constmap eap_code_map[]; 42 43 /* http://www.iana.org/assignments/eap-numbers */ 44 #define EAP_TYPE_NONE 0 /* NONE */ 45 #define EAP_TYPE_IDENTITY 1 /* RFC3748 */ 46 #define EAP_TYPE_NOTIFICATION 2 /* RFC3748 */ 47 #define EAP_TYPE_NAK 3 /* RFC3748 */ 48 #define EAP_TYPE_MD5 4 /* RFC3748 */ 49 #define EAP_TYPE_OTP 5 /* RFC3748 */ 50 #define EAP_TYPE_GTC 6 /* RFC3748 */ 51 #define EAP_TYPE_RSA 9 /* Whelan */ 52 #define EAP_TYPE_DSS 10 /* Nace */ 53 #define EAP_TYPE_KEA 11 /* Nace */ 54 #define EAP_TYPE_KEA_VALIDATE 12 /* Nace */ 55 #define EAP_TYPE_TLS 13 /* RFC5216 */ 56 #define EAP_TYPE_AXENT 14 /* Rosselli */ 57 #define EAP_TYPE_SECURID 15 /* Nystrm */ 58 #define EAP_TYPE_ARCOT 16 /* Jerdonek */ 59 #define EAP_TYPE_CISCO 17 /* Norman */ 60 #define EAP_TYPE_SIM 18 /* RFC4186 */ 61 #define EAP_TYPE_SRP_SHA1 19 /* Carlson */ 62 #define EAP_TYPE_TTLS 21 /* Funk */ 63 #define EAP_TYPE_RAS 22 /* Fields */ 64 #define EAP_TYPE_OAAKA 23 /* RFC4187 */ 65 #define EAP_TYPE_3COM 24 /* Young */ 66 #define EAP_TYPE_PEAP 25 /* Palekar */ 67 #define EAP_TYPE_MSCHAP_V2 26 /* Palekar */ 68 #define EAP_TYPE_MAKE 27 /* Berrendonner */ 69 #define EAP_TYPE_CRYPTOCARD 28 /* Webb */ 70 #define EAP_TYPE_MSCHAP_V2_2 29 /* Potter */ 71 #define EAP_TYPE_DYNAMID 30 /* Merlin */ 72 #define EAP_TYPE_ROB 31 /* Ullah */ 73 #define EAP_TYPE_POTP 32 /* RFC4794 */ 74 #define EAP_TYPE_MS_TLV 33 /* Palekar */ 75 #define EAP_TYPE_SENTRINET 34 /* Kelleher */ 76 #define EAP_TYPE_ACTIONTEC 35 /* Chang */ 77 #define EAP_TYPE_BIOMETRICS 36 /* Xiong */ 78 #define EAP_TYPE_AIRFORTRESS 37 /* Hibbard */ 79 #define EAP_TYPE_HTTP_DIGEST 38 /* Tavakoli */ 80 #define EAP_TYPE_SECURESUITE 39 /* Clements */ 81 #define EAP_TYPE_DEVICECONNECT 40 /* Pitard */ 82 #define EAP_TYPE_SPEKE 41 /* Zick */ 83 #define EAP_TYPE_MOBAC 42 /* Rixom */ 84 #define EAP_TYPE_FAST 43 /* Cam-Winget */ 85 #define EAP_TYPE_ZLX 44 /* Bogue */ 86 #define EAP_TYPE_LINK 45 /* Zick */ 87 #define EAP_TYPE_PAX 46 /* Clancy */ 88 #define EAP_TYPE_PSK 47 /* RFC-bersani-eap-psk-11.txt */ 89 #define EAP_TYPE_SAKE 48 /* RFC-vanderveen-eap-sake-02.txt */ 90 #define EAP_TYPE_IKEV2 49 /* RFC5106 */ 91 #define EAP_TYPE_AKA2 50 /* RFC5448 */ 92 #define EAP_TYPE_GPSK 51 /* RFC5106 */ 93 #define EAP_TYPE_PWD 52 /* RFC-harkins-emu-eap-pwd-12.txt */ 94 #define EAP_TYPE_EXPANDED_TYPE 254 /* RFC3748 */ 95 #define EAP_TYPE_EXPERIMENTAL 255 /* RFC3748 */ 96 #define EAP_TYPE_RADIUS 10001 /* internal use for EAP RADIUS */ 97 98 extern struct iked_constmap eap_type_map[]; 99 100 /* 101 * EAP MSCHAP-V2 102 */ 103 104 #define EAP_MSCHAP_CHALLENGE_SZ 16 105 #define EAP_MSCHAP_RESPONSE_SZ 49 106 #define EAP_MSCHAP_NTRESPONSE_SZ 24 107 #define EAP_MSCHAP_SUCCESS_SZ 42 108 109 #define EAP_MSOPCODE_CHALLENGE 1 /* Challenge */ 110 #define EAP_MSOPCODE_RESPONSE 2 /* Response */ 111 #define EAP_MSOPCODE_SUCCESS 3 /* Success */ 112 #define EAP_MSOPCODE_FAILURE 4 /* Failure */ 113 #define EAP_MSOPCODE_CHANGE_PASSWORD 7 /* Change Password */ 114 115 extern struct iked_constmap eap_msopcode_map[]; 116 117 struct eap_mschap { 118 uint8_t ms_opcode; 119 } __packed; 120 121 struct eap_mschap_challenge { 122 uint8_t msc_opcode; 123 uint8_t msc_id; 124 uint16_t msc_length; 125 uint8_t msc_valuesize; 126 uint8_t msc_challenge[EAP_MSCHAP_CHALLENGE_SZ]; 127 /* Followed by variable-size name field */ 128 } __packed; 129 130 struct eap_mschap_peer { 131 uint8_t msp_challenge[EAP_MSCHAP_CHALLENGE_SZ]; 132 uint8_t msp_reserved[8]; 133 uint8_t msp_ntresponse[EAP_MSCHAP_NTRESPONSE_SZ]; 134 uint8_t msp_flags; 135 }; 136 137 struct eap_mschap_response { 138 uint8_t msr_opcode; 139 uint8_t msr_id; 140 uint16_t msr_length; 141 uint8_t msr_valuesize; 142 union { 143 uint8_t resp_data[EAP_MSCHAP_RESPONSE_SZ]; 144 struct eap_mschap_peer resp_peer; 145 } msr_response; 146 /* Followed by variable-size name field */ 147 } __packed; 148 149 struct eap_mschap_success { 150 uint8_t mss_opcode; 151 uint8_t mss_id; 152 uint16_t mss_length; 153 /* Followed by variable-size success message */ 154 } __packed; 155 156 struct eap_mschap_failure { 157 uint8_t msf_opcode; 158 uint8_t msf_id; 159 uint16_t msf_length; 160 /* Followed by variable-size message field */ 161 } __packed; 162 163 #define EAP_MSERROR_RESTRICTED_LOGON_HOURS 646 /* eap-mschapv2 */ 164 #define EAP_MSERROR_ACCT_DISABLED 647 /* eap-mschapv2 */ 165 #define EAP_MSERROR_PASSWD_EXPIRED 648 /* eap-mschapv2 */ 166 #define EAP_MSERROR_NO_DIALIN_PERMISSION 649 /* eap-mschapv2 */ 167 #define EAP_MSERROR_AUTHENTICATION_FAILURE 691 /* eap-mschapv2 */ 168 #define EAP_MSERROR_CHANGING_PASSWORD 709 /* eap-mschapv2 */ 169 170 extern struct iked_constmap eap_mserror_map[]; 171 172 #endif /* IKED_EAP_H */ 173