draft-josefsson-pppext-eap-tls-eap-05.txt

Linux上的802.1x 的supplicant的实现。很多supplicant程序都是基于它开发的

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|     Code      |   Identifier  |            Length             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|     Type      |   Flags   |Ver|  Data...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Code

   1 - Request
   2 - Response

Identifier

   The Identifier field is one octet and aids in matching responses with
   requests.

Length

   The Length field is two octets and indicates the length of the EAP
   packet including the Code, Identifier, Length, Type, and Data fields.
   Octets outside the range of the Length field should be treated as
   Data Link Layer padding and should be ignored on reception.

Type

   25 - PEAP

Flags

    0 1 2 3 4 5
   +-+-+-+-+-+-+
   |L M S R R R|
   +-+-+-+-+-+-+

   L = Length included
   M = More fragments
   S = PEAP start
   R = Reserved (must be zero)




Andersson et al.             Standards Track                   [Page 18]





INTERNET-DRAFT                    PEAP                    September 2002


   The L bit (length included) is set to indicate the presence of the
   four octet TLS Message Length field, and MUST be set for the first
   fragment of a fragmented TLS message or set of messages. The M bit
   (more fragments) is set on all but the last fragment. The S bit (PEAP
   start) is set in a PEAP Start message. This differentiates the PEAP
   Start message from a fragment acknowledgment.

Version

    0 1
   +-+-+
   |R 1|
   +-+-+

   R = Reserved (must be zero)

Data

   The format of the Data field is determined by the Code field.
































Andersson et al.             Standards Track                   [Page 19]





INTERNET-DRAFT                    PEAP                    September 2002


3.2.  PEAP Request Packet

A summary of the PEAP Request packet format is shown below.  The fields
are transmitted from left to right.

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|     Code      |   Identifier  |            Length             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|     Type      |   Flags   |Ver|      TLS Message Length
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|     TLS Message Length        |       TLS Data...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Code

   1

Identifier

   The Identifier field is one octet and aids in matching responses with
   requests.  The Identifier field MUST be changed on each Request
   packet.

Length

   The Length field is two octets and indicates the length of the EAP
   packet including the Code, Identifier, Length, Type, and TLS Response
   fields.

Type

   25 - PEAP

Flags

    0 1 2 3 4 5
   +-+-+-+-+-+-+
   |L M S R R R|
   +-+-+-+-+-+-+

   L = Length included
   M = More fragments
   S = PEAP start
   R = Reserved (must be zero)

   The L bit (length included) is set to indicate the presence of the



Andersson et al.             Standards Track                   [Page 20]





INTERNET-DRAFT                    PEAP                    September 2002


   four octet TLS Message Length field, and MUST be set for the first
   fragment of a fragmented TLS message or set of messages. The M bit
   (more fragments) is set on all but the last fragment. The S bit (PEAP
   start) is set in a PEAP Start message. This differentiates the PEAP
   Start message from a fragment acknowledgment.

Version

    0 1
   +-+-+
   |R 1|
   +-+-+

   R = Reserved (must be zero)

TLS Message Length

   The TLS Message Length field is four octets, and is present only if
   the L bit is set.  This field provides the total length of the TLS
   message or set of messages that is being fragmented.

TLS data

   The TLS data consists of the encapsulated packet in TLS record
   format.


























Andersson et al.             Standards Track                   [Page 21]





INTERNET-DRAFT                    PEAP                    September 2002


3.3.  PEAP Response Packet

A summary of the PEAP Response packet format is shown below.  The fields
are transmitted from left to right.

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|     Code      |   Identifier  |            Length             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|     Type      |   Flags   |Ver|      TLS Message Length
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|     TLS Message Length        |       TLS Data...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Code

   2

Identifier

   The Identifier field is one octet and MUST match the Identifier field
   from the corresponding request.

Length

   The Length field is two octets and indicates the length of the EAP
   packet including the Code, Identifier, Length, Type, and TLS data
   fields.

Type

   25 - PEAP

Flags

    0 1 2 3 4 5
   +-+-+-+-+-+-+
   |L M S R R R|
   +-+-+-+-+-+-+

   L = Length included
   M = More fragments
   S = PEAP start
   R = Reserved (must be zero)

   The L bit (length included) is set to indicate the presence of the
   four octet TLS Message Length field, and MUST be set for the first



Andersson et al.             Standards Track                   [Page 22]





INTERNET-DRAFT                    PEAP                    September 2002


   fragment of a fragmented TLS message or set of messages. The M bit
   (more fragments) is set on all but the last fragment. The S bit (PEAP
   start) is set in a PEAP Start message. This differentiates the PEAP
   Start message from a fragment acknowledgment.

Version

    0 1
   +-+-+
   |R 1|
   +-+-+

   R = Reserved (must be zero)

TLS Message Length

   The TLS Message Length field is four octets, and is present only if
   the L bit is set. This field provides the total length of the TLS
   message or set of messages that is being fragmented.

TLS data

   The TLS data consists of the encapsulated TLS packet in TLS record
   format.

4.  Security Considerations

4.1.  Method negotiation

If the peer does not support PEAP, or does not wish to utilize PEAP
authentication, it MUST respond to the initial EAP-Request/PEAP-Start
with a NAK, suggesting an alternate authentication method. Since the NAK
is sent in cleartext with no integrity protection or authentication, it
is subject to spoofing.  Unauthentic NAK packets can be used to trick
the peer and Authenticator into "negotiating down" to a weaker form of
authentication, such as EAP-MD5 (which only provides one way
authentication and does not derive a key).

Since a subsequent protected EAP conversation can take place within the
TLS session, selection of PEAP as an authentication method does not
limit the potential secondary authentication methods. As a result, the
only legitimate reason for a peer to NAK PEAP as an authentication
method is that it does not support it. Where the additional security of
PEAP is required, server implementations SHOULD respond to a NAK with an
EAP-Failure, terminating the authentication conversation.