📄 draft-cam-winget-eap-fast-03.txt
字号:
represent warnings, and codes 2000-2999 represent fatal errors. A
fatal Error TLV MUST be accompanied by a Result TLV indicating
failure and the conversation must be terminated as described in
Section 3.4.2. The Error TLV is defined as follows:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|M|R| TLV Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Error-Code |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
M
Mandatory, set to one (1)
R
Reserved, set to zero (0)
TLV Type
5 for Error TLV
Length
4
Error-Code
The Error-Code field is four octets. Currently defined values
for Error-Code include:
Cam-Winget, et al. Expires April 22, 2006 [Page 23]
Internet-Draft EAP-FAST October 2005
2001 Tunnel_Compromise_Error
2002 Unexpected_TLVs_Exchanged
4.2.5 Vendor-Specific TLV
The Vendor-Specific TLV is available to allow vendors to support
their own extended attributes not suitable for general usage. A
Vendor-Specific TLV attribute can contain one or more TLVs, referred
to as Vendor TLVs. The TLV-type of a Vendor-TLV is defined by the
vendor. All the Vendor TLVs inside a single Vendor-Specific TLV
belong to the same vendor. The can be multiple Vendor-Specific TLVs
from different vendors in the same message.
Vendor TLVs may be optional or mandatory. Vendor TLVs sent with
Result TLVs MUST be marked as optional.
The Vendor-Specific TLV is defined as follows:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|M|R| TLV Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Vendor-Id |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Vendor TLVs....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
M
0 or 1
R
Reserved, set to zero (0)
TLV Type
7 for Vendor Specific TLV
Length
>=4
Cam-Winget, et al. Expires April 22, 2006 [Page 24]
Internet-Draft EAP-FAST October 2005
Vendor-Id
The Vendor-Id field is four octets, and contains the Vendor-Id
of the TLV. The high-order octet is 0 and the low-order 3
octets are the SMI Network Management Private Enterprise Code
of the Vendor in network byte order.
Vendor TLVs
This field is of indefinite length. It contains vendor-
specific TLVs, in a format defined by the vendor.
4.2.6 EAP-Payload TLV
To allow piggybacking EAP request and response with other TLVs, the
EAP-Payload TLV is defined, which includes an encapsulated EAP packet
and a list of optional TLVs. The optional TLVs are provided for
future extensibility to provide hints about the current EAP
authentication. Only one EAP-Payload TLV is allowed in a message.
The EAP-Payload TLV is defined as follows:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|M|R| TLV Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| EAP packet...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TLVs...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
M
Mandatory, set to (1)
R
Reserved, set to zero (0)
TLV Type
9 for EAP-Payload TLV
Cam-Winget, et al. Expires April 22, 2006 [Page 25]
Internet-Draft EAP-FAST October 2005
Length
>=0
EAP packet
This field contains a complete EAP packet, including the EAP
header (Code, Identifier, Length, Type) fields. The length of
this field is determined by the Length field of the
encapsulated EAP packet.
TLVs
This (optional) field contains a list of TLVs associated with
the EAP packet field. The TLVs MUST NOT have the mandatory bit
set. The total length of this field is equal to the Length
field of the EAP-Payload TLV, minus the Length field in the EAP
header of the EAP packet field.
4.2.7 Intermediate-Result TLV
The Intermediate-Result TLV provides support for acknowledged
intermediate Success and Failure messages between multiple inner EAP
methods within EAP. An Intermediate-Result TLV indicating success
MUST be accompanied by a Crypto-Binding TLV. The optional TLVs
associated with this TLV are provided for future extensibility to
provide hints about the current result. The Intermediate-Result TLV
is defined as follows:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|M|R| TLV Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Status | TLVs...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
M
Mandatory, set to (1)
R
Reserved, set to zero (0)
Cam-Winget, et al. Expires April 22, 2006 [Page 26]
Internet-Draft EAP-FAST October 2005
TLV Type
10 for Intermediate-Result TLV
Length
>=2
Status
The Status field is two octets. Values include:
1 Success
2 Failure
TLVs
This (optional) field is of indeterminate length, and contains
the TLVs associated with the Intermediate Result TLV. The TLVs
in this field MUST NOT have the mandatory bit set.
4.2.8 Crypto-Binding TLV
The Crypto-Binding TLV is used to prove that both the peer and server
participated in the tunnel establishment and sequence of
authentications. It also provides verification of the EAP-FAST
version negotiated before TLS tunnel establishment, see Section 3.1.
The Crypto-Binding TLV MUST be included with Intermediate-Result TLV
to perform Cryptographic Binding after each successful EAP method in
a sequence of EAP methods. The Crypto-Binding TLV can be issued at
other times as well.
The Crypto-Binding TLV is valid only if the following checks pass:
o The Crypto-Binding TLV version is supported
o The MAC verifies correctly
o The received version in the Crypto-Binding TLV matches the version
sent by the receiver during the EAP version negotiation
o The subtype is set to the correct value
If any of the above checks fail then the TLV is invalid. An invalid
Crypto-Binding TLV is a fatal error and is handled as described in
Section 3.4.2
The Crypto-Binding TLV is defined as follows:
Cam-Winget, et al. Expires April 22, 2006 [Page 27]
Internet-Draft EAP-FAST October 2005
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|M|R| TLV Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved | Version | Received Ver. | Sub-Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
~ Nonce ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
~ Compound MAC ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
M
Mandatory, set to (1)
R
Reserved, set to zero (0)
TLV Type
12 for Crypto-Binding TLV
Length
56
Reserved
Reserved, set to zero (0)
Version
The Version field is a single octet, which is s⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -