3.2.5.4.7 Received EAP TLV Extensions Method Packet

  • Article

If the currentState datum is set to TUNNEL_ESTABLISHED or PHASE2_EAP_INPROGRESS, then the following steps are applied in sequence:

  1. If a Result TLV (section 2.2.8.1.2) is received with the value field set to 2, then prepare an EAP TLV Extensions Method (section 2.2.8.1) packet with Result TLV (the value field set to 2). Change the currentState datum to FAILURE_TLV_SENT and proceed to step 11.

  2. If the currentState datum is set to PHASE2_EAP_INPROGRESS and the authentication result flag returned by isEAPAuthSuccess indicates FALSE, then prepare an EAP TLV Extensions Method packet with Result TLV (the value field set to 2). Change the currentState datum to FAILURE_TLV_SENT and proceed to step 11.

  3. If the currentState datum is set to PHASE2_EAP_INPROGRESS and the authentication result flag returned by isEAPAuthSuccess indicates TRUE, then store the InnerMPPESendKey, InnerMPPESendKeyLength, InnerMPPERecvKey, and InnerMPPERecvKeyLength as returned by isEAPAuthSuccess.

  4. If the currentState datum is set to TUNNEL_ESTABLISHED and isFastReconnectAllowed is set to FALSE, then prepare an EAP TLV Extensions Method packet with Result TLV (the value field set to 2) and keep the currentState datum set to the same value and proceed to step 11.

  5. If the currentState datum is set to TUNNEL_ESTABLISHED and isFastReconnectAllowed is set to TRUE, but the peer cannot start fast reconnect because of implementation defined reasons, then prepare an EAP TLV Extensions Method packet with Result TLV (the value field set to 2) and keep the currentState datum set to the same value. Set isFastReconnectAllowed to FALSE and proceed to step 11.

  6. If isCryptoSupported is set to TRUE and a Cryptobinding TLV (section 2.2.8.1.1) is received whose validation (described in section 3.2.5.3) fails, then prepare an EAP TLV Extensions Method packet with Result TLV (the value field set to 2). Change the currentState datum to FAILURE_TLV_SENT and proceed to step 11.

  7. If isCryptoSupported is set to TRUE, isCryptoRequired is set to TRUE and the received packet has only a Result TLV (the value field set to 1), then prepare an EAP TLV Extensions Method packet with Result TLV (the value field set to 2). If the currentState datum is set to PHASE2_EAP_INPROGRESS then change it to FAILURE_TLV_SENT and proceed to step 11. If the currentState datum is set to TUNNEL_ESTABLISHED, then keep it the same and proceed to step 11.

  8. If the received EAP TLV Extensions Method packet contains both a Cryptobinding TLV and a Result TLV, and isCryptoSupported is set to TRUE, then prepare an EAP TLV Extensions Method packet with both Result TLV (the value field set to 1) and Cryptobinding TLV (the value field set to the computed value). Change the currentState datum to SUCCESS_TLV_SENT and proceed to step 11.

  9. If the received EAP TLV Extensions Method packet contains both a Cryptobinding TLV and a Result TLV, and isCryptoSupported is set to FALSE, then prepare an EAP TLV Extensions Method packet with Result TLV (the value field set to 1). Change the currentState datum to SUCCESS_TLV_SENT and proceed to step 11.

  10. If the received EAP TLV Extensions Method packet contains only a Result TLV and no Cryptobinding TLV, then prepare an EAP TLV Extensions Method packet with Result TLV (the value field set to 1). Change the currentState datum to SUCCESS_TLV_SENT and stop processing the packet.

  11. If the received packet does not meet any of the above conditions, then ignore the packet and keep the currentState datum set to the same value.

  12. Encrypt the EAP TLV Extensions Method packet obtained above by passing it to the TLS layer using the EncryptMessage method.

  13. Prepare a PEAP packet by keeping the encrypted data returned by the EncryptMessage method as the Data field of the PEAP packet. Then, send the PEAP packet to the server (see section 3.1.5.2.2).

If the currentState datum is set to INNER_IDENTITY_SENT, then:

  1. If a Result TLV is received with the value field set to 2, then prepare an EAP TLV Extensions Method packet with Result TLV (the value field set to 2). Change the currentState datum to FAILURE_TLV_SENT.

  2. If the received packet does not meet the above condition, then ignore the packet, keep the currentState datum set to the same value, and stop processing the packet.

  3. Encrypt the EAP TLV Extensions Method packet obtained above by passing it to the TLS layer using the EncryptMessage method.

  4. Prepare a PEAP packet, keeping the encrypted data returned by the EncryptMessage method as the Data field. Then, send the PEAP packet to the server (see section 3.1.5.2.2).

If the currentState datum is not set to TUNNEL_ESTABLISHED, PHASE2_EAP_INPROGRESS, or INNER_IDENTITY_SENT, then the packet is ignored.