1*3c260e60Schristos /* 2*3c260e60Schristos * EAP server/peer: EAP-EKE shared routines 3*3c260e60Schristos * Copyright (c) 2011-2013, Jouni Malinen <j@w1.fi> 4*3c260e60Schristos * 5*3c260e60Schristos * This software may be distributed under the terms of the BSD license. 6*3c260e60Schristos * See README for more details. 7*3c260e60Schristos */ 8*3c260e60Schristos 9*3c260e60Schristos #ifndef EAP_EKE_COMMON_H 10*3c260e60Schristos #define EAP_EKE_COMMON_H 11*3c260e60Schristos 12*3c260e60Schristos /* EKE Exchange */ 13*3c260e60Schristos #define EAP_EKE_ID 1 14*3c260e60Schristos #define EAP_EKE_COMMIT 2 15*3c260e60Schristos #define EAP_EKE_CONFIRM 3 16*3c260e60Schristos #define EAP_EKE_FAILURE 4 17*3c260e60Schristos 18*3c260e60Schristos /* Diffie-Hellman Group Registry */ 19*3c260e60Schristos #define EAP_EKE_DHGROUP_EKE_2 1 20*3c260e60Schristos #define EAP_EKE_DHGROUP_EKE_5 2 21*3c260e60Schristos #define EAP_EKE_DHGROUP_EKE_14 3 /* mandatory to implement */ 22*3c260e60Schristos #define EAP_EKE_DHGROUP_EKE_15 4 23*3c260e60Schristos #define EAP_EKE_DHGROUP_EKE_16 5 24*3c260e60Schristos 25*3c260e60Schristos /* Encryption Algorithm Registry */ 26*3c260e60Schristos #define EAP_EKE_ENCR_AES128_CBC 1 /* mandatory to implement */ 27*3c260e60Schristos 28*3c260e60Schristos /* Pseudo Random Function Registry */ 29*3c260e60Schristos #define EAP_EKE_PRF_HMAC_SHA1 1 /* mandatory to implement */ 30*3c260e60Schristos #define EAP_EKE_PRF_HMAC_SHA2_256 2 31*3c260e60Schristos 32*3c260e60Schristos /* Keyed Message Digest (MAC) Registry */ 33*3c260e60Schristos #define EAP_EKE_MAC_HMAC_SHA1 1 /* mandatory to implement */ 34*3c260e60Schristos #define EAP_EKE_MAC_HMAC_SHA2_256 2 35*3c260e60Schristos 36*3c260e60Schristos /* Identity Type Registry */ 37*3c260e60Schristos #define EAP_EKE_ID_OPAQUE 1 38*3c260e60Schristos #define EAP_EKE_ID_NAI 2 39*3c260e60Schristos #define EAP_EKE_ID_IPv4 3 40*3c260e60Schristos #define EAP_EKE_ID_IPv6 4 41*3c260e60Schristos #define EAP_EKE_ID_FQDN 5 42*3c260e60Schristos #define EAP_EKE_ID_DN 6 43*3c260e60Schristos 44*3c260e60Schristos /* Failure-Code */ 45*3c260e60Schristos #define EAP_EKE_FAIL_NO_ERROR 1 46*3c260e60Schristos #define EAP_EKE_FAIL_PROTO_ERROR 2 47*3c260e60Schristos #define EAP_EKE_FAIL_PASSWD_NOT_FOUND 3 48*3c260e60Schristos #define EAP_EKE_FAIL_AUTHENTICATION_FAIL 4 49*3c260e60Schristos #define EAP_EKE_FAIL_AUTHORIZATION_FAIL 5 50*3c260e60Schristos #define EAP_EKE_FAIL_NO_PROPOSAL_CHOSEN 6 51*3c260e60Schristos #define EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR 0xffffffff 52*3c260e60Schristos 53*3c260e60Schristos #define EAP_EKE_MAX_DH_LEN 512 54*3c260e60Schristos #define EAP_EKE_MAX_HASH_LEN 32 55*3c260e60Schristos #define EAP_EKE_MAX_KEY_LEN 16 56*3c260e60Schristos #define EAP_EKE_MAX_KE_LEN 16 57*3c260e60Schristos #define EAP_EKE_MAX_KI_LEN 32 58*3c260e60Schristos #define EAP_EKE_MAX_KA_LEN 32 59*3c260e60Schristos #define EAP_EKE_MAX_NONCE_LEN 16 60*3c260e60Schristos 61*3c260e60Schristos struct eap_eke_session { 62*3c260e60Schristos /* Selected proposal */ 63*3c260e60Schristos u8 dhgroup; 64*3c260e60Schristos u8 encr; 65*3c260e60Schristos u8 prf; 66*3c260e60Schristos u8 mac; 67*3c260e60Schristos 68*3c260e60Schristos u8 shared_secret[EAP_EKE_MAX_HASH_LEN]; 69*3c260e60Schristos u8 ke[EAP_EKE_MAX_KE_LEN]; 70*3c260e60Schristos u8 ki[EAP_EKE_MAX_KI_LEN]; 71*3c260e60Schristos u8 ka[EAP_EKE_MAX_KA_LEN]; 72*3c260e60Schristos 73*3c260e60Schristos int prf_len; 74*3c260e60Schristos int nonce_len; 75*3c260e60Schristos int auth_len; 76*3c260e60Schristos int dhcomp_len; 77*3c260e60Schristos int pnonce_len; 78*3c260e60Schristos int pnonce_ps_len; 79*3c260e60Schristos }; 80*3c260e60Schristos 81*3c260e60Schristos int eap_eke_session_init(struct eap_eke_session *sess, u8 dhgroup, u8 encr, 82*3c260e60Schristos u8 prf, u8 mac); 83*3c260e60Schristos void eap_eke_session_clean(struct eap_eke_session *sess); 84*3c260e60Schristos int eap_eke_dh_init(u8 group, u8 *ret_priv, u8 *ret_pub); 85*3c260e60Schristos int eap_eke_derive_key(struct eap_eke_session *sess, 86*3c260e60Schristos const u8 *password, size_t password_len, 87*3c260e60Schristos const u8 *id_s, size_t id_s_len, const u8 *id_p, 88*3c260e60Schristos size_t id_p_len, u8 *key); 89*3c260e60Schristos int eap_eke_dhcomp(struct eap_eke_session *sess, const u8 *key, const u8 *dhpub, 90*3c260e60Schristos u8 *ret_dhcomp); 91*3c260e60Schristos int eap_eke_shared_secret(struct eap_eke_session *sess, const u8 *key, 92*3c260e60Schristos const u8 *dhpriv, const u8 *peer_dhcomp); 93*3c260e60Schristos int eap_eke_derive_ke_ki(struct eap_eke_session *sess, 94*3c260e60Schristos const u8 *id_s, size_t id_s_len, 95*3c260e60Schristos const u8 *id_p, size_t id_p_len); 96*3c260e60Schristos int eap_eke_derive_ka(struct eap_eke_session *sess, 97*3c260e60Schristos const u8 *id_s, size_t id_s_len, 98*3c260e60Schristos const u8 *id_p, size_t id_p_len, 99*3c260e60Schristos const u8 *nonce_p, const u8 *nonce_s); 100*3c260e60Schristos int eap_eke_derive_msk(struct eap_eke_session *sess, 101*3c260e60Schristos const u8 *id_s, size_t id_s_len, 102*3c260e60Schristos const u8 *id_p, size_t id_p_len, 103*3c260e60Schristos const u8 *nonce_p, const u8 *nonce_s, 104*3c260e60Schristos u8 *msk, u8 *emsk); 105*3c260e60Schristos int eap_eke_prot(struct eap_eke_session *sess, 106*3c260e60Schristos const u8 *data, size_t data_len, 107*3c260e60Schristos u8 *prot, size_t *prot_len); 108*3c260e60Schristos int eap_eke_decrypt_prot(struct eap_eke_session *sess, 109*3c260e60Schristos const u8 *prot, size_t prot_len, 110*3c260e60Schristos u8 *data, size_t *data_len); 111*3c260e60Schristos int eap_eke_auth(struct eap_eke_session *sess, const char *label, 112*3c260e60Schristos const struct wpabuf *msgs, u8 *auth); 113*3c260e60Schristos 114*3c260e60Schristos #endif /* EAP_EKE_COMMON_H */ 115