1*39beb93cSSam Leffler /* 2*39beb93cSSam Leffler * EAP-PEAP common routines 3*39beb93cSSam Leffler * Copyright (c) 2008, Jouni Malinen <j@w1.fi> 4*39beb93cSSam Leffler * 5*39beb93cSSam Leffler * This program is free software; you can redistribute it and/or modify 6*39beb93cSSam Leffler * it under the terms of the GNU General Public License version 2 as 7*39beb93cSSam Leffler * published by the Free Software Foundation. 8*39beb93cSSam Leffler * 9*39beb93cSSam Leffler * Alternatively, this software may be distributed under the terms of BSD 10*39beb93cSSam Leffler * license. 11*39beb93cSSam Leffler * 12*39beb93cSSam Leffler * See README and COPYING for more details. 13*39beb93cSSam Leffler */ 14*39beb93cSSam Leffler 15*39beb93cSSam Leffler #include "includes.h" 16*39beb93cSSam Leffler 17*39beb93cSSam Leffler #include "common.h" 18*39beb93cSSam Leffler #include "sha1.h" 19*39beb93cSSam Leffler #include "eap_peap_common.h" 20*39beb93cSSam Leffler 21*39beb93cSSam Leffler void peap_prfplus(int version, const u8 *key, size_t key_len, 22*39beb93cSSam Leffler const char *label, const u8 *seed, size_t seed_len, 23*39beb93cSSam Leffler u8 *buf, size_t buf_len) 24*39beb93cSSam Leffler { 25*39beb93cSSam Leffler unsigned char counter = 0; 26*39beb93cSSam Leffler size_t pos, plen; 27*39beb93cSSam Leffler u8 hash[SHA1_MAC_LEN]; 28*39beb93cSSam Leffler size_t label_len = os_strlen(label); 29*39beb93cSSam Leffler u8 extra[2]; 30*39beb93cSSam Leffler const unsigned char *addr[5]; 31*39beb93cSSam Leffler size_t len[5]; 32*39beb93cSSam Leffler 33*39beb93cSSam Leffler addr[0] = hash; 34*39beb93cSSam Leffler len[0] = 0; 35*39beb93cSSam Leffler addr[1] = (unsigned char *) label; 36*39beb93cSSam Leffler len[1] = label_len; 37*39beb93cSSam Leffler addr[2] = seed; 38*39beb93cSSam Leffler len[2] = seed_len; 39*39beb93cSSam Leffler 40*39beb93cSSam Leffler if (version == 0) { 41*39beb93cSSam Leffler /* 42*39beb93cSSam Leffler * PRF+(K, S, LEN) = T1 | T2 | ... | Tn 43*39beb93cSSam Leffler * T1 = HMAC-SHA1(K, S | 0x01 | 0x00 | 0x00) 44*39beb93cSSam Leffler * T2 = HMAC-SHA1(K, T1 | S | 0x02 | 0x00 | 0x00) 45*39beb93cSSam Leffler * ... 46*39beb93cSSam Leffler * Tn = HMAC-SHA1(K, Tn-1 | S | n | 0x00 | 0x00) 47*39beb93cSSam Leffler */ 48*39beb93cSSam Leffler 49*39beb93cSSam Leffler extra[0] = 0; 50*39beb93cSSam Leffler extra[1] = 0; 51*39beb93cSSam Leffler 52*39beb93cSSam Leffler addr[3] = &counter; 53*39beb93cSSam Leffler len[3] = 1; 54*39beb93cSSam Leffler addr[4] = extra; 55*39beb93cSSam Leffler len[4] = 2; 56*39beb93cSSam Leffler } else { 57*39beb93cSSam Leffler /* 58*39beb93cSSam Leffler * PRF (K,S,LEN) = T1 | T2 | T3 | T4 | ... where: 59*39beb93cSSam Leffler * T1 = HMAC-SHA1(K, S | LEN | 0x01) 60*39beb93cSSam Leffler * T2 = HMAC-SHA1 (K, T1 | S | LEN | 0x02) 61*39beb93cSSam Leffler * T3 = HMAC-SHA1 (K, T2 | S | LEN | 0x03) 62*39beb93cSSam Leffler * T4 = HMAC-SHA1 (K, T3 | S | LEN | 0x04) 63*39beb93cSSam Leffler * ... 64*39beb93cSSam Leffler */ 65*39beb93cSSam Leffler 66*39beb93cSSam Leffler extra[0] = buf_len & 0xff; 67*39beb93cSSam Leffler 68*39beb93cSSam Leffler addr[3] = extra; 69*39beb93cSSam Leffler len[3] = 1; 70*39beb93cSSam Leffler addr[4] = &counter; 71*39beb93cSSam Leffler len[4] = 1; 72*39beb93cSSam Leffler } 73*39beb93cSSam Leffler 74*39beb93cSSam Leffler pos = 0; 75*39beb93cSSam Leffler while (pos < buf_len) { 76*39beb93cSSam Leffler counter++; 77*39beb93cSSam Leffler plen = buf_len - pos; 78*39beb93cSSam Leffler hmac_sha1_vector(key, key_len, 5, addr, len, hash); 79*39beb93cSSam Leffler if (plen >= SHA1_MAC_LEN) { 80*39beb93cSSam Leffler os_memcpy(&buf[pos], hash, SHA1_MAC_LEN); 81*39beb93cSSam Leffler pos += SHA1_MAC_LEN; 82*39beb93cSSam Leffler } else { 83*39beb93cSSam Leffler os_memcpy(&buf[pos], hash, plen); 84*39beb93cSSam Leffler break; 85*39beb93cSSam Leffler } 86*39beb93cSSam Leffler len[0] = SHA1_MAC_LEN; 87*39beb93cSSam Leffler } 88*39beb93cSSam Leffler } 89