[thirdparty/hostap.git] / src / eap_common / eap_fast_common.c

/*
 * EAP-FAST common helper functions (RFC 4851)
 * Copyright (c) 2008, Jouni Malinen <j@w1.fi>
 *
 * This software may be distributed under the terms of the BSD license.
 * See README for more details.
 */

#include "includes.h"

#include "common.h"
#include "crypto/sha1.h"
#include "crypto/tls.h"
#include "eap_defs.h"
#include "eap_tlv_common.h"
#include "eap_fast_common.h"


void eap_fast_put_tlv_hdr(struct wpabuf *buf, u16 type, u16 len)
{
	struct pac_tlv_hdr hdr;
	hdr.type = host_to_be16(type);
	hdr.len = host_to_be16(len);
	wpabuf_put_data(buf, &hdr, sizeof(hdr));
}


void eap_fast_put_tlv(struct wpabuf *buf, u16 type, const void *data,
			     u16 len)
{
	eap_fast_put_tlv_hdr(buf, type, len);
	wpabuf_put_data(buf, data, len);
}


void eap_fast_put_tlv_buf(struct wpabuf *buf, u16 type,
				 const struct wpabuf *data)
{
	eap_fast_put_tlv_hdr(buf, type, wpabuf_len(data));
	wpabuf_put_buf(buf, data);
}


struct wpabuf * eap_fast_tlv_eap_payload(struct wpabuf *buf)
{
	struct wpabuf *e;

	if (buf == NULL)
		return NULL;

	/* Encapsulate EAP packet in EAP-Payload TLV */
	wpa_printf(MSG_DEBUG, "EAP-FAST: Add EAP-Payload TLV");
	e = wpabuf_alloc(sizeof(struct pac_tlv_hdr) + wpabuf_len(buf));
	if (e == NULL) {
		wpa_printf(MSG_DEBUG, "EAP-FAST: Failed to allocate memory "
			   "for TLV encapsulation");
		wpabuf_free(buf);
		return NULL;
	}
	eap_fast_put_tlv_buf(e,
			     EAP_TLV_TYPE_MANDATORY | EAP_TLV_EAP_PAYLOAD_TLV,
			     buf);
	wpabuf_free(buf);
	return e;
}


void eap_fast_derive_master_secret(const u8 *pac_key, const u8 *server_random,
				   const u8 *client_random, u8 *master_secret)
{
#define TLS_RANDOM_LEN 32
#define TLS_MASTER_SECRET_LEN 48
	u8 seed[2 * TLS_RANDOM_LEN];

	wpa_hexdump(MSG_DEBUG, "EAP-FAST: client_random",
		    client_random, TLS_RANDOM_LEN);
	wpa_hexdump(MSG_DEBUG, "EAP-FAST: server_random",
		    server_random, TLS_RANDOM_LEN);

	/*
	 * RFC 4851, Section 5.1:
	 * master_secret = T-PRF(PAC-Key, "PAC to master secret label hash", 
	 *                       server_random + client_random, 48)
	 */
	os_memcpy(seed, server_random, TLS_RANDOM_LEN);
	os_memcpy(seed + TLS_RANDOM_LEN, client_random, TLS_RANDOM_LEN);
	sha1_t_prf(pac_key, EAP_FAST_PAC_KEY_LEN,
		   "PAC to master secret label hash",
		   seed, sizeof(seed), master_secret, TLS_MASTER_SECRET_LEN);

	wpa_hexdump_key(MSG_DEBUG, "EAP-FAST: master_secret",
			master_secret, TLS_MASTER_SECRET_LEN);
}


u8 * eap_fast_derive_key(void *ssl_ctx, struct tls_connection *conn,
			 const char *label, size_t len)
{
	struct tls_keys keys;
	u8 *rnd = NULL, *out;
	int block_size;

	block_size = tls_connection_get_keyblock_size(ssl_ctx, conn);
	if (block_size < 0)
		return NULL;

	out = os_malloc(block_size + len);
	if (out == NULL)
		return NULL;

	if (tls_connection_prf(ssl_ctx, conn, label, 1, out, block_size + len)
	    == 0) {
		os_memmove(out, out + block_size, len);
		return out;
	}

	if (tls_connection_get_keys(ssl_ctx, conn, &keys))
		goto fail;

	rnd = os_malloc(keys.client_random_len + keys.server_random_len);
	if (rnd == NULL)
		goto fail;

	os_memcpy(rnd, keys.server_random, keys.server_random_len);
	os_memcpy(rnd + keys.server_random_len, keys.client_random,
		  keys.client_random_len);

	wpa_hexdump_key(MSG_MSGDUMP, "EAP-FAST: master_secret for key "
			"expansion", keys.master_key, keys.master_key_len);
	if (tls_prf_sha1_md5(keys.master_key, keys.master_key_len,
			     label, rnd, keys.client_random_len +
			     keys.server_random_len, out, block_size + len))
		goto fail;
	os_free(rnd);
	os_memmove(out, out + block_size, len);
	return out;

fail:
	os_free(rnd);
	os_free(out);
	return NULL;
}


void eap_fast_derive_eap_msk(const u8 *simck, u8 *msk)
{
	/*
	 * RFC 4851, Section 5.4: EAP Master Session Key Generation
	 * MSK = T-PRF(S-IMCK[j], "Session Key Generating Function", 64)
	 */

	sha1_t_prf(simck, EAP_FAST_SIMCK_LEN,
		   "Session Key Generating Function", (u8 *) "", 0,
		   msk, EAP_FAST_KEY_LEN);
	wpa_hexdump_key(MSG_DEBUG, "EAP-FAST: Derived key (MSK)",
			msk, EAP_FAST_KEY_LEN);
}


void eap_fast_derive_eap_emsk(const u8 *simck, u8 *emsk)
{
	/*
	 * RFC 4851, Section 5.4: EAP Master Session Key Genreration
	 * EMSK = T-PRF(S-IMCK[j],
	 *        "Extended Session Key Generating Function", 64)
	 */

	sha1_t_prf(simck, EAP_FAST_SIMCK_LEN,
		   "Extended Session Key Generating Function", (u8 *) "", 0,
		   emsk, EAP_EMSK_LEN);
	wpa_hexdump_key(MSG_DEBUG, "EAP-FAST: Derived key (EMSK)",
			emsk, EAP_EMSK_LEN);
}


int eap_fast_parse_tlv(struct eap_fast_tlv_parse *tlv,
		       int tlv_type, u8 *pos, size_t len)
{
	switch (tlv_type) {
	case EAP_TLV_EAP_PAYLOAD_TLV:
		wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: EAP-Payload TLV",
			    pos, len);
		if (tlv->eap_payload_tlv) {
			wpa_printf(MSG_DEBUG, "EAP-FAST: More than one "
				   "EAP-Payload TLV in the message");
			tlv->iresult = EAP_TLV_RESULT_FAILURE;
			return -2;
		}
		tlv->eap_payload_tlv = pos;
		tlv->eap_payload_tlv_len = len;
		break;
	case EAP_TLV_RESULT_TLV:
		wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: Result TLV", pos, len);
		if (tlv->result) {
			wpa_printf(MSG_DEBUG, "EAP-FAST: More than one "
				   "Result TLV in the message");
			tlv->result = EAP_TLV_RESULT_FAILURE;
			return -2;
		}
		if (len < 2) {
			wpa_printf(MSG_DEBUG, "EAP-FAST: Too short "
				   "Result TLV");
			tlv->result = EAP_TLV_RESULT_FAILURE;
			break;
		}
		tlv->result = WPA_GET_BE16(pos);
		if (tlv->result != EAP_TLV_RESULT_SUCCESS &&
		    tlv->result != EAP_TLV_RESULT_FAILURE) {
			wpa_printf(MSG_DEBUG, "EAP-FAST: Unknown Result %d",
				   tlv->result);
			tlv->result = EAP_TLV_RESULT_FAILURE;
		}
		wpa_printf(MSG_DEBUG, "EAP-FAST: Result: %s",
			   tlv->result == EAP_TLV_RESULT_SUCCESS ?
			   "Success" : "Failure");
		break;
	case EAP_TLV_INTERMEDIATE_RESULT_TLV:
		wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: Intermediate Result TLV",
			    pos, len);
		if (len < 2) {
			wpa_printf(MSG_DEBUG, "EAP-FAST: Too short "
				   "Intermediate-Result TLV");
			tlv->iresult = EAP_TLV_RESULT_FAILURE;
			break;
		}
		if (tlv->iresult) {
			wpa_printf(MSG_DEBUG, "EAP-FAST: More than one "
				   "Intermediate-Result TLV in the message");
			tlv->iresult = EAP_TLV_RESULT_FAILURE;
			return -2;
		}
		tlv->iresult = WPA_GET_BE16(pos);
		if (tlv->iresult != EAP_TLV_RESULT_SUCCESS &&
		    tlv->iresult != EAP_TLV_RESULT_FAILURE) {
			wpa_printf(MSG_DEBUG, "EAP-FAST: Unknown Intermediate "
				   "Result %d", tlv->iresult);
			tlv->iresult = EAP_TLV_RESULT_FAILURE;
		}
		wpa_printf(MSG_DEBUG, "EAP-FAST: Intermediate Result: %s",
			   tlv->iresult == EAP_TLV_RESULT_SUCCESS ?
			   "Success" : "Failure");
		break;
	case EAP_TLV_CRYPTO_BINDING_TLV:
		wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: Crypto-Binding TLV",
			    pos, len);
		if (tlv->crypto_binding) {
			wpa_printf(MSG_DEBUG, "EAP-FAST: More than one "
				   "Crypto-Binding TLV in the message");
			tlv->iresult = EAP_TLV_RESULT_FAILURE;
			return -2;
		}
		tlv->crypto_binding_len = sizeof(struct eap_tlv_hdr) + len;
		if (tlv->crypto_binding_len < sizeof(*tlv->crypto_binding)) {
			wpa_printf(MSG_DEBUG, "EAP-FAST: Too short "
				   "Crypto-Binding TLV");
			tlv->iresult = EAP_TLV_RESULT_FAILURE;
			return -2;
		}
		tlv->crypto_binding = (struct eap_tlv_crypto_binding_tlv *)
			(pos - sizeof(struct eap_tlv_hdr));
		break;
	case EAP_TLV_REQUEST_ACTION_TLV:
		wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: Request-Action TLV",
			    pos, len);
		if (tlv->request_action) {
			wpa_printf(MSG_DEBUG, "EAP-FAST: More than one "
				   "Request-Action TLV in the message");
			tlv->iresult = EAP_TLV_RESULT_FAILURE;
			return -2;
		}
		if (len < 2) {
			wpa_printf(MSG_DEBUG, "EAP-FAST: Too short "
				   "Request-Action TLV");
			tlv->iresult = EAP_TLV_RESULT_FAILURE;
			break;
		}
		tlv->request_action = WPA_GET_BE16(pos);
		wpa_printf(MSG_DEBUG, "EAP-FAST: Request-Action: %d",
			   tlv->request_action);
		break;
	case EAP_TLV_PAC_TLV:
		wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: PAC TLV", pos, len);
		if (tlv->pac) {
			wpa_printf(MSG_DEBUG, "EAP-FAST: More than one "
				   "PAC TLV in the message");
			tlv->iresult = EAP_TLV_RESULT_FAILURE;
			return -2;
		}
		tlv->pac = pos;
		tlv->pac_len = len;
		break;
	default:
		/* Unknown TLV */
		return -1;
	}

	return 0;
}
Commit	Line	Data
a4819630 JM	1	/*
	2	* EAP-FAST common helper functions (RFC 4851)
	3	* Copyright (c) 2008, Jouni Malinen <j@w1.fi>
	4	*
0f3d578e JM	5	* This software may be distributed under the terms of the BSD license.
0f3d578e JM	6	* See README for more details.
a4819630 JM	7	*/
	8
	9	#include "includes.h"
	10
	11	#include "common.h"
03da66bd JM	12	#include "crypto/sha1.h"
03da66bd JM	13	#include "crypto/tls.h"
7f4c1d43 JM	14	#include "eap_defs.h"
7f4c1d43 JM	15	#include "eap_tlv_common.h"
a4819630 JM	16	#include "eap_fast_common.h"
	17
	18
	19	void eap_fast_put_tlv_hdr(struct wpabuf *buf, u16 type, u16 len)
	20	{
	21	struct pac_tlv_hdr hdr;
	22	hdr.type = host_to_be16(type);
	23	hdr.len = host_to_be16(len);
	24	wpabuf_put_data(buf, &hdr, sizeof(hdr));
	25	}
	26
	27
	28	void eap_fast_put_tlv(struct wpabuf buf, u16 type, const void data,
	29	u16 len)
	30	{
	31	eap_fast_put_tlv_hdr(buf, type, len);
	32	wpabuf_put_data(buf, data, len);
	33	}
	34
	35
	36	void eap_fast_put_tlv_buf(struct wpabuf *buf, u16 type,
	37	const struct wpabuf *data)
	38	{
	39	eap_fast_put_tlv_hdr(buf, type, wpabuf_len(data));
	40	wpabuf_put_buf(buf, data);
	41	}
7f4c1d43 JM	42
	43
	44	struct wpabuf * eap_fast_tlv_eap_payload(struct wpabuf *buf)
	45	{
	46	struct wpabuf *e;
	47
	48	if (buf == NULL)
	49	return NULL;
	50
	51	/* Encapsulate EAP packet in EAP-Payload TLV */
	52	wpa_printf(MSG_DEBUG, "EAP-FAST: Add EAP-Payload TLV");
	53	e = wpabuf_alloc(sizeof(struct pac_tlv_hdr) + wpabuf_len(buf));
	54	if (e == NULL) {
	55	wpa_printf(MSG_DEBUG, "EAP-FAST: Failed to allocate memory "
	56	"for TLV encapsulation");
	57	wpabuf_free(buf);
	58	return NULL;
	59	}
	60	eap_fast_put_tlv_buf(e,
	61	EAP_TLV_TYPE_MANDATORY \| EAP_TLV_EAP_PAYLOAD_TLV,
	62	buf);
	63	wpabuf_free(buf);
	64	return e;
	65	}
	66
	67
	68	void eap_fast_derive_master_secret(const u8 pac_key, const u8 server_random,
	69	const u8 client_random, u8 master_secret)
	70	{
	71	#define TLS_RANDOM_LEN 32
	72	#define TLS_MASTER_SECRET_LEN 48
	73	u8 seed[2 * TLS_RANDOM_LEN];
	74
	75	wpa_hexdump(MSG_DEBUG, "EAP-FAST: client_random",
	76	client_random, TLS_RANDOM_LEN);
	77	wpa_hexdump(MSG_DEBUG, "EAP-FAST: server_random",
	78	server_random, TLS_RANDOM_LEN);
	79
	80	/*
	81	* RFC 4851, Section 5.1:
	82	* master_secret = T-PRF(PAC-Key, "PAC to master secret label hash",
	83	* server_random + client_random, 48)
	84	*/
	85	os_memcpy(seed, server_random, TLS_RANDOM_LEN);
	86	os_memcpy(seed + TLS_RANDOM_LEN, client_random, TLS_RANDOM_LEN);
	87	sha1_t_prf(pac_key, EAP_FAST_PAC_KEY_LEN,
	88	"PAC to master secret label hash",
	89	seed, sizeof(seed), master_secret, TLS_MASTER_SECRET_LEN);
	90
	91	wpa_hexdump_key(MSG_DEBUG, "EAP-FAST: master_secret",
	92	master_secret, TLS_MASTER_SECRET_LEN);
	93	}
	94
	95
	96	u8 * eap_fast_derive_key(void ssl_ctx, struct tls_connection conn,
	97	const char *label, size_t len)
	98	{
	99	struct tls_keys keys;
	100	u8 rnd = NULL, out;
	101	int block_size;
	102
	103	block_size = tls_connection_get_keyblock_size(ssl_ctx, conn);
	104	if (block_size < 0)
	105	return NULL;
106
107	out = os_malloc(block_size + len);
108	if (out == NULL)
109	return NULL;
110
111	if (tls_connection_prf(ssl_ctx, conn, label, 1, out, block_size + len)
112	== 0) {
113	os_memmove(out, out + block_size, len);
114	return out;
115	}
116
117	if (tls_connection_get_keys(ssl_ctx, conn, &keys))
118	goto fail;
119
120	rnd = os_malloc(keys.client_random_len + keys.server_random_len);
121	if (rnd == NULL)
122	goto fail;
123
124	os_memcpy(rnd, keys.server_random, keys.server_random_len);
125	os_memcpy(rnd + keys.server_random_len, keys.client_random,
126	keys.client_random_len);
127
128	wpa_hexdump_key(MSG_MSGDUMP, "EAP-FAST: master_secret for key "
129	"expansion", keys.master_key, keys.master_key_len);
cd52acec JM	130	if (tls_prf_sha1_md5(keys.master_key, keys.master_key_len,
	131	label, rnd, keys.client_random_len +
	132	keys.server_random_len, out, block_size + len))
7f4c1d43 JM	133	goto fail;
	134	os_free(rnd);
	135	os_memmove(out, out + block_size, len);
	136	return out;
	137
	138	fail:
	139	os_free(rnd);
	140	os_free(out);
	141	return NULL;
	142	}
	143
	144
	145	void eap_fast_derive_eap_msk(const u8 simck, u8 msk)
	146	{
	147	/*
	148	* RFC 4851, Section 5.4: EAP Master Session Key Generation
	149	* MSK = T-PRF(S-IMCK[j], "Session Key Generating Function", 64)
	150	*/
	151
	152	sha1_t_prf(simck, EAP_FAST_SIMCK_LEN,
	153	"Session Key Generating Function", (u8 *) "", 0,
	154	msk, EAP_FAST_KEY_LEN);
	155	wpa_hexdump_key(MSG_DEBUG, "EAP-FAST: Derived key (MSK)",
	156	msk, EAP_FAST_KEY_LEN);
	157	}
	158
	159
	160	void eap_fast_derive_eap_emsk(const u8 simck, u8 emsk)
	161	{
	162	/*
	163	* RFC 4851, Section 5.4: EAP Master Session Key Genreration
	164	* EMSK = T-PRF(S-IMCK[j],
	165	* "Extended Session Key Generating Function", 64)
	166	*/
	167
	168	sha1_t_prf(simck, EAP_FAST_SIMCK_LEN,
	169	"Extended Session Key Generating Function", (u8 *) "", 0,
	170	emsk, EAP_EMSK_LEN);
	171	wpa_hexdump_key(MSG_DEBUG, "EAP-FAST: Derived key (EMSK)",
	172	emsk, EAP_EMSK_LEN);
	173	}
	174
	175
	176	int eap_fast_parse_tlv(struct eap_fast_tlv_parse *tlv,
2dbc9596	177	int tlv_type, u8 *pos, size_t len)
7f4c1d43 JM	178	{
	179	switch (tlv_type) {
	180	case EAP_TLV_EAP_PAYLOAD_TLV:
	181	wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: EAP-Payload TLV",
	182	pos, len);
	183	if (tlv->eap_payload_tlv) {
	184	wpa_printf(MSG_DEBUG, "EAP-FAST: More than one "
	185	"EAP-Payload TLV in the message");
	186	tlv->iresult = EAP_TLV_RESULT_FAILURE;
	187	return -2;
	188	}
	189	tlv->eap_payload_tlv = pos;
	190	tlv->eap_payload_tlv_len = len;
	191	break;
	192	case EAP_TLV_RESULT_TLV:
	193	wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: Result TLV", pos, len);
	194	if (tlv->result) {
	195	wpa_printf(MSG_DEBUG, "EAP-FAST: More than one "
	196	"Result TLV in the message");
	197	tlv->result = EAP_TLV_RESULT_FAILURE;
	198	return -2;
	199	}
	200	if (len < 2) {
	201	wpa_printf(MSG_DEBUG, "EAP-FAST: Too short "
	202	"Result TLV");
	203	tlv->result = EAP_TLV_RESULT_FAILURE;
	204	break;
	205	}
	206	tlv->result = WPA_GET_BE16(pos);
	207	if (tlv->result != EAP_TLV_RESULT_SUCCESS &&
	208	tlv->result != EAP_TLV_RESULT_FAILURE) {
	209	wpa_printf(MSG_DEBUG, "EAP-FAST: Unknown Result %d",
	210	tlv->result);
	211	tlv->result = EAP_TLV_RESULT_FAILURE;
	212	}
	213	wpa_printf(MSG_DEBUG, "EAP-FAST: Result: %s",
	214	tlv->result == EAP_TLV_RESULT_SUCCESS ?
	215	"Success" : "Failure");
	216	break;
	217	case EAP_TLV_INTERMEDIATE_RESULT_TLV:
	218	wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: Intermediate Result TLV",
	219	pos, len);
	220	if (len < 2) {
	221	wpa_printf(MSG_DEBUG, "EAP-FAST: Too short "
	222	"Intermediate-Result TLV");
	223	tlv->iresult = EAP_TLV_RESULT_FAILURE;
	224	break;
	225	}
	226	if (tlv->iresult) {
	227	wpa_printf(MSG_DEBUG, "EAP-FAST: More than one "
	228	"Intermediate-Result TLV in the message");
	229	tlv->iresult = EAP_TLV_RESULT_FAILURE;
	230	return -2;
	231	}
	232	tlv->iresult = WPA_GET_BE16(pos);
	233	if (tlv->iresult != EAP_TLV_RESULT_SUCCESS &&
	234	tlv->iresult != EAP_TLV_RESULT_FAILURE) {
	235	wpa_printf(MSG_DEBUG, "EAP-FAST: Unknown Intermediate "
	236	"Result %d", tlv->iresult);
	237	tlv->iresult = EAP_TLV_RESULT_FAILURE;
	238	}
	239	wpa_printf(MSG_DEBUG, "EAP-FAST: Intermediate Result: %s",
	240	tlv->iresult == EAP_TLV_RESULT_SUCCESS ?
	241	"Success" : "Failure");
242	break;
243	case EAP_TLV_CRYPTO_BINDING_TLV:
244	wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: Crypto-Binding TLV",
245	pos, len);
246	if (tlv->crypto_binding) {
247	wpa_printf(MSG_DEBUG, "EAP-FAST: More than one "
248	"Crypto-Binding TLV in the message");
249	tlv->iresult = EAP_TLV_RESULT_FAILURE;
250	return -2;
251	}
252	tlv->crypto_binding_len = sizeof(struct eap_tlv_hdr) + len;
253	if (tlv->crypto_binding_len < sizeof(*tlv->crypto_binding)) {
254	wpa_printf(MSG_DEBUG, "EAP-FAST: Too short "
255	"Crypto-Binding TLV");
256	tlv->iresult = EAP_TLV_RESULT_FAILURE;
257	return -2;
258	}
ed5a02fd	259	tlv->crypto_binding = (struct eap_tlv_crypto_binding_tlv *)
7f4c1d43 JM	260	(pos - sizeof(struct eap_tlv_hdr));
	261	break;
	262	case EAP_TLV_REQUEST_ACTION_TLV:
	263	wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: Request-Action TLV",
	264	pos, len);
	265	if (tlv->request_action) {
	266	wpa_printf(MSG_DEBUG, "EAP-FAST: More than one "
	267	"Request-Action TLV in the message");
	268	tlv->iresult = EAP_TLV_RESULT_FAILURE;
	269	return -2;
	270	}
	271	if (len < 2) {
	272	wpa_printf(MSG_DEBUG, "EAP-FAST: Too short "
	273	"Request-Action TLV");
	274	tlv->iresult = EAP_TLV_RESULT_FAILURE;
	275	break;
	276	}
	277	tlv->request_action = WPA_GET_BE16(pos);
	278	wpa_printf(MSG_DEBUG, "EAP-FAST: Request-Action: %d",
	279	tlv->request_action);
	280	break;
	281	case EAP_TLV_PAC_TLV:
	282	wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: PAC TLV", pos, len);
	283	if (tlv->pac) {
	284	wpa_printf(MSG_DEBUG, "EAP-FAST: More than one "
	285	"PAC TLV in the message");
	286	tlv->iresult = EAP_TLV_RESULT_FAILURE;
	287	return -2;
	288	}
	289	tlv->pac = pos;
	290	tlv->pac_len = len;
	291	break;
	292	default:
	293	/* Unknown TLV */
	294	return -1;
	295	}
	296
	297	return 0;
	298	}