1*5b9c547cSRui Paulo /* 2*5b9c547cSRui Paulo * EAP server/peer: EAP-EKE shared routines 3*5b9c547cSRui Paulo * Copyright (c) 2011-2013, Jouni Malinen <j@w1.fi> 4*5b9c547cSRui Paulo * 5*5b9c547cSRui Paulo * This software may be distributed under the terms of the BSD license. 6*5b9c547cSRui Paulo * See README for more details. 7*5b9c547cSRui Paulo */ 8*5b9c547cSRui Paulo 9*5b9c547cSRui Paulo #ifndef EAP_EKE_COMMON_H 10*5b9c547cSRui Paulo #define EAP_EKE_COMMON_H 11*5b9c547cSRui Paulo 12*5b9c547cSRui Paulo /* EKE Exchange */ 13*5b9c547cSRui Paulo #define EAP_EKE_ID 1 14*5b9c547cSRui Paulo #define EAP_EKE_COMMIT 2 15*5b9c547cSRui Paulo #define EAP_EKE_CONFIRM 3 16*5b9c547cSRui Paulo #define EAP_EKE_FAILURE 4 17*5b9c547cSRui Paulo 18*5b9c547cSRui Paulo /* Diffie-Hellman Group Registry */ 19*5b9c547cSRui Paulo #define EAP_EKE_DHGROUP_EKE_2 1 20*5b9c547cSRui Paulo #define EAP_EKE_DHGROUP_EKE_5 2 21*5b9c547cSRui Paulo #define EAP_EKE_DHGROUP_EKE_14 3 /* mandatory to implement */ 22*5b9c547cSRui Paulo #define EAP_EKE_DHGROUP_EKE_15 4 23*5b9c547cSRui Paulo #define EAP_EKE_DHGROUP_EKE_16 5 24*5b9c547cSRui Paulo 25*5b9c547cSRui Paulo /* Encryption Algorithm Registry */ 26*5b9c547cSRui Paulo #define EAP_EKE_ENCR_AES128_CBC 1 /* mandatory to implement */ 27*5b9c547cSRui Paulo 28*5b9c547cSRui Paulo /* Pseudo Random Function Registry */ 29*5b9c547cSRui Paulo #define EAP_EKE_PRF_HMAC_SHA1 1 /* mandatory to implement */ 30*5b9c547cSRui Paulo #define EAP_EKE_PRF_HMAC_SHA2_256 2 31*5b9c547cSRui Paulo 32*5b9c547cSRui Paulo /* Keyed Message Digest (MAC) Registry */ 33*5b9c547cSRui Paulo #define EAP_EKE_MAC_HMAC_SHA1 1 /* mandatory to implement */ 34*5b9c547cSRui Paulo #define EAP_EKE_MAC_HMAC_SHA2_256 2 35*5b9c547cSRui Paulo 36*5b9c547cSRui Paulo /* Identity Type Registry */ 37*5b9c547cSRui Paulo #define EAP_EKE_ID_OPAQUE 1 38*5b9c547cSRui Paulo #define EAP_EKE_ID_NAI 2 39*5b9c547cSRui Paulo #define EAP_EKE_ID_IPv4 3 40*5b9c547cSRui Paulo #define EAP_EKE_ID_IPv6 4 41*5b9c547cSRui Paulo #define EAP_EKE_ID_FQDN 5 42*5b9c547cSRui Paulo #define EAP_EKE_ID_DN 6 43*5b9c547cSRui Paulo 44*5b9c547cSRui Paulo /* Failure-Code */ 45*5b9c547cSRui Paulo #define EAP_EKE_FAIL_NO_ERROR 1 46*5b9c547cSRui Paulo #define EAP_EKE_FAIL_PROTO_ERROR 2 47*5b9c547cSRui Paulo #define EAP_EKE_FAIL_PASSWD_NOT_FOUND 3 48*5b9c547cSRui Paulo #define EAP_EKE_FAIL_AUTHENTICATION_FAIL 4 49*5b9c547cSRui Paulo #define EAP_EKE_FAIL_AUTHORIZATION_FAIL 5 50*5b9c547cSRui Paulo #define EAP_EKE_FAIL_NO_PROPOSAL_CHOSEN 6 51*5b9c547cSRui Paulo #define EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR 0xffffffff 52*5b9c547cSRui Paulo 53*5b9c547cSRui Paulo #define EAP_EKE_MAX_DH_LEN 512 54*5b9c547cSRui Paulo #define EAP_EKE_MAX_HASH_LEN 32 55*5b9c547cSRui Paulo #define EAP_EKE_MAX_KEY_LEN 16 56*5b9c547cSRui Paulo #define EAP_EKE_MAX_KE_LEN 16 57*5b9c547cSRui Paulo #define EAP_EKE_MAX_KI_LEN 32 58*5b9c547cSRui Paulo #define EAP_EKE_MAX_KA_LEN 32 59*5b9c547cSRui Paulo #define EAP_EKE_MAX_NONCE_LEN 16 60*5b9c547cSRui Paulo 61*5b9c547cSRui Paulo struct eap_eke_session { 62*5b9c547cSRui Paulo /* Selected proposal */ 63*5b9c547cSRui Paulo u8 dhgroup; 64*5b9c547cSRui Paulo u8 encr; 65*5b9c547cSRui Paulo u8 prf; 66*5b9c547cSRui Paulo u8 mac; 67*5b9c547cSRui Paulo 68*5b9c547cSRui Paulo u8 shared_secret[EAP_EKE_MAX_HASH_LEN]; 69*5b9c547cSRui Paulo u8 ke[EAP_EKE_MAX_KE_LEN]; 70*5b9c547cSRui Paulo u8 ki[EAP_EKE_MAX_KI_LEN]; 71*5b9c547cSRui Paulo u8 ka[EAP_EKE_MAX_KA_LEN]; 72*5b9c547cSRui Paulo 73*5b9c547cSRui Paulo int prf_len; 74*5b9c547cSRui Paulo int nonce_len; 75*5b9c547cSRui Paulo int auth_len; 76*5b9c547cSRui Paulo int dhcomp_len; 77*5b9c547cSRui Paulo int pnonce_len; 78*5b9c547cSRui Paulo int pnonce_ps_len; 79*5b9c547cSRui Paulo }; 80*5b9c547cSRui Paulo 81*5b9c547cSRui Paulo int eap_eke_session_init(struct eap_eke_session *sess, u8 dhgroup, u8 encr, 82*5b9c547cSRui Paulo u8 prf, u8 mac); 83*5b9c547cSRui Paulo void eap_eke_session_clean(struct eap_eke_session *sess); 84*5b9c547cSRui Paulo int eap_eke_dh_init(u8 group, u8 *ret_priv, u8 *ret_pub); 85*5b9c547cSRui Paulo int eap_eke_derive_key(struct eap_eke_session *sess, 86*5b9c547cSRui Paulo const u8 *password, size_t password_len, 87*5b9c547cSRui Paulo const u8 *id_s, size_t id_s_len, const u8 *id_p, 88*5b9c547cSRui Paulo size_t id_p_len, u8 *key); 89*5b9c547cSRui Paulo int eap_eke_dhcomp(struct eap_eke_session *sess, const u8 *key, const u8 *dhpub, 90*5b9c547cSRui Paulo u8 *ret_dhcomp); 91*5b9c547cSRui Paulo int eap_eke_shared_secret(struct eap_eke_session *sess, const u8 *key, 92*5b9c547cSRui Paulo const u8 *dhpriv, const u8 *peer_dhcomp); 93*5b9c547cSRui Paulo int eap_eke_derive_ke_ki(struct eap_eke_session *sess, 94*5b9c547cSRui Paulo const u8 *id_s, size_t id_s_len, 95*5b9c547cSRui Paulo const u8 *id_p, size_t id_p_len); 96*5b9c547cSRui Paulo int eap_eke_derive_ka(struct eap_eke_session *sess, 97*5b9c547cSRui Paulo const u8 *id_s, size_t id_s_len, 98*5b9c547cSRui Paulo const u8 *id_p, size_t id_p_len, 99*5b9c547cSRui Paulo const u8 *nonce_p, const u8 *nonce_s); 100*5b9c547cSRui Paulo int eap_eke_derive_msk(struct eap_eke_session *sess, 101*5b9c547cSRui Paulo const u8 *id_s, size_t id_s_len, 102*5b9c547cSRui Paulo const u8 *id_p, size_t id_p_len, 103*5b9c547cSRui Paulo const u8 *nonce_p, const u8 *nonce_s, 104*5b9c547cSRui Paulo u8 *msk, u8 *emsk); 105*5b9c547cSRui Paulo int eap_eke_prot(struct eap_eke_session *sess, 106*5b9c547cSRui Paulo const u8 *data, size_t data_len, 107*5b9c547cSRui Paulo u8 *prot, size_t *prot_len); 108*5b9c547cSRui Paulo int eap_eke_decrypt_prot(struct eap_eke_session *sess, 109*5b9c547cSRui Paulo const u8 *prot, size_t prot_len, 110*5b9c547cSRui Paulo u8 *data, size_t *data_len); 111*5b9c547cSRui Paulo int eap_eke_auth(struct eap_eke_session *sess, const char *label, 112*5b9c547cSRui Paulo const struct wpabuf *msgs, u8 *auth); 113*5b9c547cSRui Paulo 114*5b9c547cSRui Paulo #endif /* EAP_EKE_COMMON_H */ 115