1*3ff40c12SJohn Marino /* 2*3ff40c12SJohn Marino * EAP server/peer: EAP-EKE shared routines 3*3ff40c12SJohn Marino * Copyright (c) 2011-2013, Jouni Malinen <j@w1.fi> 4*3ff40c12SJohn Marino * 5*3ff40c12SJohn Marino * This software may be distributed under the terms of the BSD license. 6*3ff40c12SJohn Marino * See README for more details. 7*3ff40c12SJohn Marino */ 8*3ff40c12SJohn Marino 9*3ff40c12SJohn Marino #ifndef EAP_EKE_COMMON_H 10*3ff40c12SJohn Marino #define EAP_EKE_COMMON_H 11*3ff40c12SJohn Marino 12*3ff40c12SJohn Marino /* EKE Exchange */ 13*3ff40c12SJohn Marino #define EAP_EKE_ID 1 14*3ff40c12SJohn Marino #define EAP_EKE_COMMIT 2 15*3ff40c12SJohn Marino #define EAP_EKE_CONFIRM 3 16*3ff40c12SJohn Marino #define EAP_EKE_FAILURE 4 17*3ff40c12SJohn Marino 18*3ff40c12SJohn Marino /* Diffie-Hellman Group Registry */ 19*3ff40c12SJohn Marino #define EAP_EKE_DHGROUP_EKE_2 1 20*3ff40c12SJohn Marino #define EAP_EKE_DHGROUP_EKE_5 2 21*3ff40c12SJohn Marino #define EAP_EKE_DHGROUP_EKE_14 3 /* mandatory to implement */ 22*3ff40c12SJohn Marino #define EAP_EKE_DHGROUP_EKE_15 4 23*3ff40c12SJohn Marino #define EAP_EKE_DHGROUP_EKE_16 5 24*3ff40c12SJohn Marino 25*3ff40c12SJohn Marino /* Encryption Algorithm Registry */ 26*3ff40c12SJohn Marino #define EAP_EKE_ENCR_AES128_CBC 1 /* mandatory to implement */ 27*3ff40c12SJohn Marino 28*3ff40c12SJohn Marino /* Pseudo Random Function Registry */ 29*3ff40c12SJohn Marino #define EAP_EKE_PRF_HMAC_SHA1 1 /* mandatory to implement */ 30*3ff40c12SJohn Marino #define EAP_EKE_PRF_HMAC_SHA2_256 2 31*3ff40c12SJohn Marino 32*3ff40c12SJohn Marino /* Keyed Message Digest (MAC) Registry */ 33*3ff40c12SJohn Marino #define EAP_EKE_MAC_HMAC_SHA1 1 /* mandatory to implement */ 34*3ff40c12SJohn Marino #define EAP_EKE_MAC_HMAC_SHA2_256 2 35*3ff40c12SJohn Marino 36*3ff40c12SJohn Marino /* Identity Type Registry */ 37*3ff40c12SJohn Marino #define EAP_EKE_ID_OPAQUE 1 38*3ff40c12SJohn Marino #define EAP_EKE_ID_NAI 2 39*3ff40c12SJohn Marino #define EAP_EKE_ID_IPv4 3 40*3ff40c12SJohn Marino #define EAP_EKE_ID_IPv6 4 41*3ff40c12SJohn Marino #define EAP_EKE_ID_FQDN 5 42*3ff40c12SJohn Marino #define EAP_EKE_ID_DN 6 43*3ff40c12SJohn Marino 44*3ff40c12SJohn Marino /* Failure-Code */ 45*3ff40c12SJohn Marino #define EAP_EKE_FAIL_NO_ERROR 1 46*3ff40c12SJohn Marino #define EAP_EKE_FAIL_PROTO_ERROR 2 47*3ff40c12SJohn Marino #define EAP_EKE_FAIL_PASSWD_NOT_FOUND 3 48*3ff40c12SJohn Marino #define EAP_EKE_FAIL_AUTHENTICATION_FAIL 4 49*3ff40c12SJohn Marino #define EAP_EKE_FAIL_AUTHORIZATION_FAIL 5 50*3ff40c12SJohn Marino #define EAP_EKE_FAIL_NO_PROPOSAL_CHOSEN 6 51*3ff40c12SJohn Marino #define EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR 0xffffffff 52*3ff40c12SJohn Marino 53*3ff40c12SJohn Marino #define EAP_EKE_MAX_DH_LEN 512 54*3ff40c12SJohn Marino #define EAP_EKE_MAX_HASH_LEN 32 55*3ff40c12SJohn Marino #define EAP_EKE_MAX_KEY_LEN 16 56*3ff40c12SJohn Marino #define EAP_EKE_MAX_KE_LEN 16 57*3ff40c12SJohn Marino #define EAP_EKE_MAX_KI_LEN 32 58*3ff40c12SJohn Marino #define EAP_EKE_MAX_KA_LEN 32 59*3ff40c12SJohn Marino #define EAP_EKE_MAX_NONCE_LEN 16 60*3ff40c12SJohn Marino 61*3ff40c12SJohn Marino struct eap_eke_session { 62*3ff40c12SJohn Marino /* Selected proposal */ 63*3ff40c12SJohn Marino u8 dhgroup; 64*3ff40c12SJohn Marino u8 encr; 65*3ff40c12SJohn Marino u8 prf; 66*3ff40c12SJohn Marino u8 mac; 67*3ff40c12SJohn Marino 68*3ff40c12SJohn Marino u8 shared_secret[EAP_EKE_MAX_HASH_LEN]; 69*3ff40c12SJohn Marino u8 ke[EAP_EKE_MAX_KE_LEN]; 70*3ff40c12SJohn Marino u8 ki[EAP_EKE_MAX_KI_LEN]; 71*3ff40c12SJohn Marino u8 ka[EAP_EKE_MAX_KA_LEN]; 72*3ff40c12SJohn Marino 73*3ff40c12SJohn Marino int prf_len; 74*3ff40c12SJohn Marino int nonce_len; 75*3ff40c12SJohn Marino int auth_len; 76*3ff40c12SJohn Marino int dhcomp_len; 77*3ff40c12SJohn Marino int pnonce_len; 78*3ff40c12SJohn Marino int pnonce_ps_len; 79*3ff40c12SJohn Marino }; 80*3ff40c12SJohn Marino 81*3ff40c12SJohn Marino int eap_eke_session_init(struct eap_eke_session *sess, u8 dhgroup, u8 encr, 82*3ff40c12SJohn Marino u8 prf, u8 mac); 83*3ff40c12SJohn Marino void eap_eke_session_clean(struct eap_eke_session *sess); 84*3ff40c12SJohn Marino int eap_eke_dh_init(u8 group, u8 *ret_priv, u8 *ret_pub); 85*3ff40c12SJohn Marino int eap_eke_derive_key(struct eap_eke_session *sess, 86*3ff40c12SJohn Marino const u8 *password, size_t password_len, 87*3ff40c12SJohn Marino const u8 *id_s, size_t id_s_len, const u8 *id_p, 88*3ff40c12SJohn Marino size_t id_p_len, u8 *key); 89*3ff40c12SJohn Marino int eap_eke_dhcomp(struct eap_eke_session *sess, const u8 *key, const u8 *dhpub, 90*3ff40c12SJohn Marino u8 *ret_dhcomp); 91*3ff40c12SJohn Marino int eap_eke_shared_secret(struct eap_eke_session *sess, const u8 *key, 92*3ff40c12SJohn Marino const u8 *dhpriv, const u8 *peer_dhcomp); 93*3ff40c12SJohn Marino int eap_eke_derive_ke_ki(struct eap_eke_session *sess, 94*3ff40c12SJohn Marino const u8 *id_s, size_t id_s_len, 95*3ff40c12SJohn Marino const u8 *id_p, size_t id_p_len); 96*3ff40c12SJohn Marino int eap_eke_derive_ka(struct eap_eke_session *sess, 97*3ff40c12SJohn Marino const u8 *id_s, size_t id_s_len, 98*3ff40c12SJohn Marino const u8 *id_p, size_t id_p_len, 99*3ff40c12SJohn Marino const u8 *nonce_p, const u8 *nonce_s); 100*3ff40c12SJohn Marino int eap_eke_derive_msk(struct eap_eke_session *sess, 101*3ff40c12SJohn Marino const u8 *id_s, size_t id_s_len, 102*3ff40c12SJohn Marino const u8 *id_p, size_t id_p_len, 103*3ff40c12SJohn Marino const u8 *nonce_p, const u8 *nonce_s, 104*3ff40c12SJohn Marino u8 *msk, u8 *emsk); 105*3ff40c12SJohn Marino int eap_eke_prot(struct eap_eke_session *sess, 106*3ff40c12SJohn Marino const u8 *data, size_t data_len, 107*3ff40c12SJohn Marino u8 *prot, size_t *prot_len); 108*3ff40c12SJohn Marino int eap_eke_decrypt_prot(struct eap_eke_session *sess, 109*3ff40c12SJohn Marino const u8 *prot, size_t prot_len, 110*3ff40c12SJohn Marino u8 *data, size_t *data_len); 111*3ff40c12SJohn Marino int eap_eke_auth(struct eap_eke_session *sess, const char *label, 112*3ff40c12SJohn Marino const struct wpabuf *msgs, u8 *auth); 113*3ff40c12SJohn Marino 114*3ff40c12SJohn Marino #endif /* EAP_EKE_COMMON_H */ 115