EAP - LogeshVel/802.11 GitHub Wiki

Extensible Authentication Protocol

PPP

EAP Packet Format

EAP is carried in PPP frames with a protocol number of 0xC227. There is no strict requirement that EAP run on PPP.

Code

The Code field, the first field in the packet, is one byte long and identifies the type of EAP packet. It is used to interpret the Data field of the packet.

Identifier

The Identifier field is one byte long. It contains an unsigned integer used to match requests with responses to them. Retransmissions reuse the same identifier numbers, but new transmissions use new identifier numbers.

Length

The Length field is two bytes long. It is the number of bytes in the entire packet, which includes the Code, Identifier, Length, and Data fields. On some link layer protocols, padding may be required. EAP assumes that any data in excess of the Length field is link-layer padding and can be ignored.

Data

The last field is the variable-length Data field. Depending on the type of packet, the Data field may be zero bytes long. Interpretation of the Data field is based on the value of the Code field.

image

EAP Requests and Responses

EAP exchanges are composed of requests and responses. The authenticator sends requests to the system seeking access, and based on the responses, access may be granted or denied.

image

  • The Code field is set to 1 for requests and 2 for responses.

  • The Identifier and Length fields are used as described in the previous section on the generic format.

  • The Data field carries the data used in requests and responses.

  • Each Data field carries one type of data, broken down into a type identifier code and the associated data

Type

The Type field is a one-byte field that indicates the type of request or response. Only one type is used in each packet. With one exception, the Type field of the response matches the corresponding request. That exception is that when a request is unacceptable, the peer may send a NAK to suggest an alternative type. Types greater than or equal to 4 indicate authentication methods.

Type-Data

The Type-Data field is a variable field that must be interpreted according to the rules for each type.

Type code 1: Identity

image

Type Code 2: Notification

image

Type code 3: NAK

image

Type code 4: MD-5 Challenge

image

Type code 5: One-time password (OTP)

image

Type code 6: Generic Token Card

image

Type code 13: TLS

image

EAP Success and Failure

image

Sample EAP Exchange

image

image