1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
|
/* $OpenBSD: eap.h,v 1.3 2013/01/08 10:38:19 reyk Exp $ */
/*
* Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#ifndef _IKEV2_EAP_H
#define _IKEV2_EAP_H
struct eap_header {
u_int8_t eap_code;
u_int8_t eap_id;
u_int16_t eap_length;
} __packed;
struct eap_message {
u_int8_t eap_code;
u_int8_t eap_id;
u_int16_t eap_length;
u_int8_t eap_type;
/* Followed by type-specific data */
} __packed;
#define EAP_CODE_REQUEST 1 /* Request */
#define EAP_CODE_RESPONSE 2 /* Response */
#define EAP_CODE_SUCCESS 3 /* Success */
#define EAP_CODE_FAILURE 4 /* Failure */
extern struct iked_constmap eap_code_map[];
/* http://www.iana.org/assignments/eap-numbers */
#define EAP_TYPE_NONE 0 /* NONE */
#define EAP_TYPE_IDENTITY 1 /* RFC3748 */
#define EAP_TYPE_NOTIFICATION 2 /* RFC3748 */
#define EAP_TYPE_NAK 3 /* RFC3748 */
#define EAP_TYPE_MD5 4 /* RFC3748 */
#define EAP_TYPE_OTP 5 /* RFC3748 */
#define EAP_TYPE_GTC 6 /* RFC3748 */
#define EAP_TYPE_RSA 9 /* Whelan */
#define EAP_TYPE_DSS 10 /* Nace */
#define EAP_TYPE_KEA 11 /* Nace */
#define EAP_TYPE_KEA_VALIDATE 12 /* Nace */
#define EAP_TYPE_TLS 13 /* RFC-simon-emu-rfc2716bis-13.txt */
#define EAP_TYPE_AXENT 14 /* Rosselli */
#define EAP_TYPE_SECURID 15 /* Nystrm */
#define EAP_TYPE_ARCOT 16 /* Jerdonek */
#define EAP_TYPE_CISCO 17 /* Norman */
#define EAP_TYPE_SIM 18 /* RFC4186 */
#define EAP_TYPE_SRP_SHA1 19 /* Carlson */
#define EAP_TYPE_TTLS 21 /* Funk */
#define EAP_TYPE_RAS 22 /* Fields */
#define EAP_TYPE_OAAKA 23 /* RFC4187 */
#define EAP_TYPE_3COM 24 /* Young */
#define EAP_TYPE_PEAP 25 /* Palekar */
#define EAP_TYPE_MSCHAP_V2 26 /* Palekar */
#define EAP_TYPE_MAKE 27 /* Berrendonner */
#define EAP_TYPE_CRYPTOCARD 28 /* Webb */
#define EAP_TYPE_MSCHAP_V2_2 29 /* Potter */
#define EAP_TYPE_DYNAMID 30 /* Merlin */
#define EAP_TYPE_ROB 31 /* Ullah */
#define EAP_TYPE_POTP 32 /* RFC4794 */
#define EAP_TYPE_MS_TLV 33 /* Palekar */
#define EAP_TYPE_SENTRINET 34 /* Kelleher */
#define EAP_TYPE_ACTIONTEC 35 /* Chang */
#define EAP_TYPE_BIOMETRICS 36 /* Xiong */
#define EAP_TYPE_AIRFORTRESS 37 /* Hibbard */
#define EAP_TYPE_HTTP_DIGEST 38 /* Tavakoli */
#define EAP_TYPE_SECURESUITE 39 /* Clements */
#define EAP_TYPE_DEVICECONNECT 40 /* Pitard */
#define EAP_TYPE_SPEKE 41 /* Zick */
#define EAP_TYPE_MOBAC 42 /* Rixom */
#define EAP_TYPE_FAST 43 /* Cam-Winget */
#define EAP_TYPE_ZLX 44 /* Bogue */
#define EAP_TYPE_LINK 45 /* Zick */
#define EAP_TYPE_PAX 46 /* Clancy */
#define EAP_TYPE_PSK 47 /* RFC-bersani-eap-psk-11.txt */
#define EAP_TYPE_SAKE 48 /* RFC-vanderveen-eap-sake-02.txt */
#define EAP_TYPE_IKEV2 49 /* RFC5106 */
#define EAP_TYPE_AKA2 50 /* RFC5448 */
#define EAP_TYPE_GPSK 51 /* RFC5106 */
#define EAP_TYPE_PWD 52 /* RFC-harkins-emu-eap-pwd-12.txt */
#define EAP_TYPE_EXPANDED_TYPE 254 /* RFC3748 */
#define EAP_TYPE_EXPERIMENTAL 255 /* RFC3748 */
extern struct iked_constmap eap_type_map[];
/*
* EAP MSCHAP-V2
*/
#define EAP_MSCHAP_CHALLENGE_SZ 16
#define EAP_MSCHAP_RESPONSE_SZ 49
#define EAP_MSCHAP_NTRESPONSE_SZ 24
#define EAP_MSCHAP_SUCCESS_SZ 42
#define EAP_MSOPCODE_CHALLENGE 1 /* Challenge */
#define EAP_MSOPCODE_RESPONSE 2 /* Response */
#define EAP_MSOPCODE_SUCCESS 3 /* Success */
#define EAP_MSOPCODE_FAILURE 4 /* Failure */
#define EAP_MSOPCODE_CHANGE_PASSWORD 7 /* Change Password */
extern struct iked_constmap eap_msopcode_map[];
struct eap_mschap {
u_int8_t ms_opcode;
} __packed;
struct eap_mschap_challenge {
u_int8_t msc_opcode;
u_int8_t msc_id;
u_int16_t msc_length;
u_int8_t msc_valuesize;
u_int8_t msc_challenge[EAP_MSCHAP_CHALLENGE_SZ];
/* Followed by variable-size name field */
} __packed;
struct eap_mschap_peer {
u_int8_t msp_challenge[EAP_MSCHAP_CHALLENGE_SZ];
u_int8_t msp_reserved[8];
u_int8_t msp_ntresponse[EAP_MSCHAP_NTRESPONSE_SZ];
u_int8_t msp_flags;
};
struct eap_mschap_response {
u_int8_t msr_opcode;
u_int8_t msr_id;
u_int16_t msr_length;
u_int8_t msr_valuesize;
union {
u_int8_t resp_data[EAP_MSCHAP_RESPONSE_SZ];
struct eap_mschap_peer resp_peer;
} msr_response;
/* Followed by variable-size name field */
} __packed;
struct eap_mschap_success {
u_int8_t mss_opcode;
u_int8_t mss_id;
u_int16_t mss_length;
/* Followed by variable-size success message */
} __packed;
struct eap_mschap_failure {
u_int8_t msf_opcode;
u_int8_t msf_id;
u_int16_t msf_length;
/* Followed by variable-size message field */
} __packed;
#define EAP_MSERROR_RESTRICTED_LOGON_HOURS 646 /* eap-mschapv2 */
#define EAP_MSERROR_ACCT_DISABLED 647 /* eap-mschapv2 */
#define EAP_MSERROR_PASSWD_EXPIRED 648 /* eap-mschapv2 */
#define EAP_MSERROR_NO_DIALIN_PERMISSION 649 /* eap-mschapv2 */
#define EAP_MSERROR_AUTHENTICATION_FAILURE 691 /* eap-mschapv2 */
#define EAP_MSERROR_CHANGING_PASSWORD 709 /* eap-mschapv2 */
extern struct iked_constmap eap_mserror_map[];
#endif /* _IKEV2_EAP_H */
|