api-reference/nanosec/a00431_source.html

 /*
  * eap_fast.h
  *
  * EAP FAST Helper Functions
  *
  * Copyright 2019-2024 DigiCert, Inc. All Rights Reserved.
  * Proprietary and Confidential Material.
  *
  */

 #ifndef __EAP_FAST_H__
 #define __EAP_FAST_H__

 #ifdef __cplusplus
 extern "C" {
 #endif

 #if (defined(__ENABLE_MOCANA_EAP_PEER__) || defined(__ENABLE_MOCANA_EAP_AUTH__))
 #if (defined(__ENABLE_MOCANA_EAP_FAST__) || defined(__ENABLE_MOCANA_EAP_PEAPV2__))

 #define EAP_FAST_LENGTH_INCLUDED_FLAG   (0x80)
 #define EAP_FAST_MORE_FRAGMENTS_FLAG    (0x40)
 #define EAP_FAST_START_FLAG             (0x20)
 #define EAP_FAST_AUTH_ID_TYPE           (0x04)


 /* Result TLV values */
 #define EAP_FAST_RESULT_TLV_SUCCESS     1
 #define EAP_FAST_RESULT_TLV_FAILURE     2

 #define EAP_MAX_USER_LEN                (64)
 #define EAP_MAX_PASS_LEN                (64)
 #define EAP_FAST_PAC_KEY_LENGTH          32

 typedef enum eap_fast_frag_flag
 {
     EAP_FAST_FRAG_FLAG_RECV = 1,
     EAP_FAST_FRAG_FLAG_SEND

 } eap_fast_frag_flag_e;

 typedef enum eap_fast_intermediate_result
 {
     EAP_FAST_INTERMEDIATE_SUCCESS = 1,
     EAP_FAST_INTERMEDIATE_FAILURE

 } eap_fast_intermediate_result_e;

 typedef enum eap_fast_eap_state_e
 {
     EAP_FAST_EAP_INIT     = 0,
     EAP_FAST_EAP_IDENTITY = 1,
     EAP_FAST_EAP_METHOD   = 2,
     EAP_FAST_EAP_SUCCESS  = 3,
     EAP_FAST_EAP_FAILURE  = 4,

 } eap_fast_eap_state;

 typedef struct eap_fast_params
 {
     MSTATUS (*ulTransmit)(ubyte * appSessionCB,ubyte * eapPkt,ubyte4 eapPktLen,intBoolean encrypted);

     MSTATUS (*ul2ndStageReceive)(ubyte *appSessionCB, eapMethodType type,
                           eapCode code, ubyte id,
                           ubyte *eap_data, ubyte4 eap_data_len, ubyte *opaque_data);

     MSTATUS (*ulGetFastCompoundKey)(ubyte *appSessionCB, ubyte *cmk);

     MSTATUS (*ulGetPeapV2CompoundKey)(ubyte *appSessionCB, ubyte *cmk, ubyte *s_nonce, ubyte *c_nonce);

     MSTATUS (*ulAuthResultTransmit)(ubyte * appSessionCB,
                                      ubyte cryptoBindingVerified,
                                      eapAuthStatus authStatus);

     MSTATUS (*ulTLSclose)(ubyte * appSessionCB);

     ubyte          version;

     eapSessionType sessionType;     /* (PEER/AUTH) */

     eapMethodType  methodType;      /* (FAST/PEAPV2) */

     sbyte4  connectionInstance;     /* TLS COnnection Instance */

     ubyte   *tls_con;               /* EAP TLS Connection Instance */

     ubyte4  instanceId;             /* Phase 1 Instance Id */

 } EAP_FAST_params;

 typedef struct eap_fast_pac
 {
    ubyte pacKey[EAP_FAST_PAC_KEY_LENGTH];
    ubyte *a_id;
    ubyte2 a_idLen;
    ubyte *i_id;
    ubyte2 i_idLen;
    ubyte4 pacLifetime;
    ubyte *pacOpaque;
    ubyte4 pacOpaqueLen;
    ubyte  *a_idInfo;
    ubyte4  a_idInfoLen;
    ubyte4  pacType;

 }EAP_FAST_pac_t;

 MOC_EXTERN MSTATUS
 EAP_FASTFormSendPacket(void *eapFASTCb,ubyte *pkt, ubyte4 pktLen,
                        ubyte **eapResponse, ubyte4 *eapRespLen);

 MOC_EXTERN MSTATUS
 EAP_FASTauthSendCryptoBindingTlv(ubyte *appSessionHdl, ubyte *cmk,ubyte *nonce);

 MOC_EXTERN MSTATUS
 EAP_FASTauthSendMethodResult(ubyte *appSessionHdl, ubyte sendCryptoBinding,
                              ubyte *compoundKey, ubyte2 result,ubyte *nonce);

 MOC_EXTERN MSTATUS
 EAP_FASTreceiveLLPacket(void * eapFASTCb, ubyte *pkt, ubyte4 pktLen);

 MOC_EXTERN MSTATUS
 EAP_FASTdeleteSession(ubyte *eapFASTSession);

 MOC_EXTERN MSTATUS
 EAP_FASTinitSession(ubyte *appSessionCB, ubyte **eapFASTSession,
                     EAP_FAST_params *eapFASTparams);

 MOC_EXTERN MSTATUS
 EAP_FASTAuthInit(ubyte *eapCb);

 MOC_EXTERN MSTATUS
 EAP_FASTAuthInit2(ubyte *eapCb);

 MOC_EXTERN MSTATUS
 EAP_FASTulAuthSessionDelete(ubyte *eapFASTCb);

 MOC_EXTERN MSTATUS
 EAP_FASTPeerGetSessionHdl(ubyte *eapCb, ubyte **eapSessionHdl);

 MOC_EXTERN MSTATUS
 EAP_FASTAuthGetSessionHdl(ubyte *eapCb, ubyte **eapAuthSessionHdl);

 MOC_EXTERN MSTATUS
 eap_FASTPeerInit(ubyte *eapCb);

 MOC_EXTERN MSTATUS
 EAP_FASTEncapEAPPkt(ubyte *eapFastCb, ubyte *eapPkt, ubyte4 eapPktLen);

 MOC_EXTERN MSTATUS
 EAP_FASTgetTLVEncapEAPPkt(ubyte *eapPkt, ubyte4 eapPktLen,ubyte **response,ubyte4 *responseLen);

 MOC_EXTERN MSTATUS
 EAP_FASTProcessTLV(ubyte *fastHdl, ubyte *pPkt, ubyte4 pktLen);

 MOC_EXTERN MSTATUS
 EAP_FASTulPeerSessionDelete(ubyte *eapFASTCb);

 MOC_EXTERN MSTATUS
 EAP_FASTGetPAC(ubyte  *eapFASTCb, EAP_FAST_pac_t **pac);

 MOC_EXTERN MSTATUS
 EAP_FASTauthSendPAC_ResultTlv(ubyte *eapFastSessionHdl, EAP_FAST_pac_t *pac);

 MOC_EXTERN MSTATUS
 EAP_FASTulPeerTransmit (ubyte *eapSessionHdl,
                  ubyte4 instanceId,
                  eapMethodType  methodType,
                  eapCode  code,
                  eapMethodDecision  methodDecision,
                  eapMethodState methodState,
                  ubyte * eap_data,
                  ubyte4  eap_data_len);

 MOC_EXTERN MSTATUS
 EAP_FASTulAuthTransmit (ubyte *eapSessionHdl,
                  ubyte4 instanceId,
                  eapMethodType  methodType,
                  eapCode  code,
                  eapMethodDecision  methodDecision,
                  eapMethodState methodState,
                  ubyte * eap_data,
                  ubyte4  eap_data_len);

 MOC_EXTERN MSTATUS
 EAP_FASTauthGetCryptoBindingStatus(ubyte *eapFastSessionHdl,
                                     ubyte *bindingStatus);

 MOC_EXTERN MSTATUS
 EAP_FASTgetAuthId(ubyte *pkt, ubyte4 pktLen, ubyte **authId, ubyte2 *authIdLen);

 MOC_EXTERN MSTATUS
 EAP_FASTbuildAuthId(ubyte flags, ubyte *authId, ubyte2 authIdLen,
                     ubyte **eapReqData, ubyte4 *eapReqLen);

 #endif /* ((defined(__ENABLE_MOCANA_EAP_FAST__) */
 #endif /* ((defined(__ENABLE_MOCANA_EAP_PEER__) || defined(__ENABLE_MOCANA_EAP_AUTH__)) */
 #ifdef __cplusplus
 }
 #endif
 #endif /* __EAP_FAST_H__  */
EAP_FASTinitSession
MOC_EXTERN MSTATUS EAP_FASTinitSession(ubyte *appSessionCB, ubyte **eapFASTSession, EAP_FAST_params *eapFASTparams)
Create and initialize an EAP-FAST session.

EAP_FASTauthSendMethodResult
MOC_EXTERN MSTATUS EAP_FASTauthSendMethodResult(ubyte *appSessionHdl, ubyte sendCryptoBinding, ubyte *compoundKey, ubyte2 result, ubyte *nonce)
Buld a Method Result packet.

EAP_FASTulPeerTransmit
MOC_EXTERN MSTATUS EAP_FASTulPeerTransmit(ubyte *eapSessionHdl, ubyte4 instanceId, eapMethodType methodType, eapCode code, eapMethodDecision methodDecision, eapMethodState methodState, ubyte *eap_data, ubyte4 eap_data_len)
Transmit packets from peer to authenticator during second stage negotiation.

EAP_FASTulAuthTransmit
MOC_EXTERN MSTATUS EAP_FASTulAuthTransmit(ubyte *eapSessionHdl, ubyte4 instanceId, eapMethodType methodType, eapCode code, eapMethodDecision methodDecision, eapMethodState methodState, ubyte *eap_data, ubyte4 eap_data_len)
Transmit packets from authenticator to peer during second stage negotiation.

EAP_FASTgetTLVEncapEAPPkt
MOC_EXTERN MSTATUS EAP_FASTgetTLVEncapEAPPkt(ubyte *eapPkt, ubyte4 eapPktLen, ubyte **response, ubyte4 *responseLen)
Encapsulate an EAP packet into an EAP payload TLV packet.

EAP_FASTPeerGetSessionHdl
MOC_EXTERN MSTATUS EAP_FASTPeerGetSessionHdl(ubyte *eapCb, ubyte **eapSessionHdl)
Get an EAP-FAST session&#39;s second stage EAP session handle.

EAP_FAST_params::instanceId
ubyte4 instanceId
Phase 1 instance ID.
Definition: eap_fast.h:355

EAP_FAST_params::sessionType
eapSessionType sessionType
Type of session: EAP_SESSION_TYPE_PEER or EAP_SESSION_TYPE_AUTHENTICATOR.
Definition: eap_fast.h:325

EAP_FAST_params::methodType
eapMethodType methodType
Method type used by a peer.
Definition: eap_fast.h:332

EAP_FASTProcessTLV
MOC_EXTERN MSTATUS EAP_FASTProcessTLV(ubyte *fastHdl, ubyte *pPkt, ubyte4 pktLen)
Process a decrypted EAP packet&#39;s TLVs.

EAP_FASTEncapEAPPkt
MOC_EXTERN MSTATUS EAP_FASTEncapEAPPkt(ubyte *eapFastCb, ubyte *eapPkt, ubyte4 eapPktLen)
Build an EAP payload TLV from an input second stage EAP packet and then pass the packet to the first ...

EAP_FAST_params::connectionInstance
sbyte4 connectionInstance
TLS connection&#39;s session ID.
Definition: eap_fast.h:340

EAP_FASTAuthInit2
MOC_EXTERN MSTATUS EAP_FASTAuthInit2(ubyte *eapCb)
Send an Identity request to the peer.

EAP_FASTbuildAuthId
MOC_EXTERN MSTATUS EAP_FASTbuildAuthId(ubyte flags, ubyte *authId, ubyte2 authIdLen, ubyte **eapReqData, ubyte4 *eapReqLen)
Build an Authority ID Requeest packet.

EAP_FAST_params
Configuration settings and callback function pointers for EAP-FAST sessions.
Definition: eap_fast.h:106

EAP_FAST_params::tls_con
ubyte * tls_con
EAP_TLS connection control block.
Definition: eap_fast.h:349

EAP_FASTgetAuthId
MOC_EXTERN MSTATUS EAP_FASTgetAuthId(ubyte *pkt, ubyte4 pktLen, ubyte **authId, ubyte2 *authIdLen)
Extract the authority ID (if any) from an EAP-FAST packet.

EAP_FASTulAuthSessionDelete
MOC_EXTERN MSTATUS EAP_FASTulAuthSessionDelete(ubyte *eapFASTCb)
Delete an EAP-FAST authenticator second stage stack.

EAP_FASTulPeerSessionDelete
MOC_EXTERN MSTATUS EAP_FASTulPeerSessionDelete(ubyte *eapFASTCb)
Delete an EAP-FAST peer second stage stack.

EAP_FASTauthSendPAC_ResultTlv
MOC_EXTERN MSTATUS EAP_FASTauthSendPAC_ResultTlv(ubyte *eapFastSessionHdl, EAP_FAST_pac_t *pac)
Transmits Result and PAC Provisioning TLVs to the peer.

EAP_FAST_params::version
ubyte version
EAP-FAST version.
Definition: eap_fast.h:313

EAP_FASTauthSendCryptoBindingTlv
MOC_EXTERN MSTATUS EAP_FASTauthSendCryptoBindingTlv(ubyte *appSessionHdl, ubyte *cmk, ubyte *nonce)
Transmits Result and crypto binding TLVs to the peer.

EAP_FASTFormSendPacket
MOC_EXTERN MSTATUS EAP_FASTFormSendPacket(void *eapFASTCb, ubyte *pkt, ubyte4 pktLen, ubyte **eapResponse, ubyte4 *eapRespLen)
Build an EAP-FAST packet from the specified encrypted second stage payload.

EAP_FASTAuthGetSessionHdl
MOC_EXTERN MSTATUS EAP_FASTAuthGetSessionHdl(ubyte *eapCb, ubyte **eapAuthSessionHdl)
Get an EAP-FAST session&#39;s second stage EAP session handle.

EAP_FASTreceiveLLPacket
MOC_EXTERN MSTATUS EAP_FASTreceiveLLPacket(void *eapFASTCb, ubyte *pkt, ubyte4 pktLen)
Process a packet&#39;s TLVs, managing fragmentation, and send the packet on for second stage negotiation...

EAP_FASTdeleteSession
MOC_EXTERN MSTATUS EAP_FASTdeleteSession(ubyte *eapFASTSession)
Delete a second stage EAP-FAST session.