331 int eap_eke_derive_key(struct eap_eke_session *sess,
342 	os_memset(zeros, 0, sess->prf_len);
343 	if (eap_eke_prf(sess->prf, zeros, sess->prf_len,
347 			temp, sess->prf_len);
357 	if (eap_eke_prfplus(sess->prf, temp, sess->prf_len,
370 int eap_eke_dhcomp(struct eap_eke_session *sess, const u8 *key, const u8 *dhpub,
377 	dh_len = eap_eke_dh_len(sess->dhgroup);
387 	if (sess->encr != EAP_EKE_ENCR_AES128_CBC)
405 int eap_eke_shared_secret(struct eap_eke_session *sess, const u8 *key,
414 	if (sess->encr != EAP_EKE_ENCR_AES128_CBC)
417 	dh = eap_eke_dh_group(sess->dhgroup);
441 	os_memset(zeros, 0, sess->auth_len);
442 	if (eap_eke_prf(sess->prf, zeros, sess->auth_len, modexp, dh->prime_len,
443 			NULL, 0, sess->shared_secret) < 0)
446 			sess->shared_secret, sess->auth_len);
452 int eap_eke_derive_ke_ki(struct eap_eke_session *sess,
470 	if (sess->encr == EAP_EKE_ENCR_AES128_CBC)
475 	if (sess->mac == EAP_EKE_PRF_HMAC_SHA1)
477 	else if (sess->mac == EAP_EKE_PRF_HMAC_SHA2_256)
490 	if (eap_eke_prfplus(sess->prf, sess->shared_secret, sess->prf_len,
496 	os_memcpy(sess->ke, buf, ke_len);
497 	wpa_hexdump_key(MSG_DEBUG, "EAP-EKE: Ke", sess->ke, ke_len);
498 	os_memcpy(sess->ki, buf + ke_len, ki_len);
499 	wpa_hexdump_key(MSG_DEBUG, "EAP-EKE: Ki", sess->ki, ki_len);
506 int eap_eke_derive_ka(struct eap_eke_session *sess,
524 	data_len = label_len + id_s_len + id_p_len + 2 * sess->nonce_len;
535 	os_memcpy(pos, nonce_p, sess->nonce_len);
536 	pos += sess->nonce_len;
537 	os_memcpy(pos, nonce_s, sess->nonce_len);
538 	if (eap_eke_prfplus(sess->prf, sess->shared_secret, sess->prf_len,
539 			    data, data_len, sess->ka, sess->prf_len) < 0) {
545 	wpa_hexdump_key(MSG_DEBUG, "EAP-EKE: Ka", sess->ka, sess->prf_len);
551 int eap_eke_derive_msk(struct eap_eke_session *sess,
569 	data_len = label_len + id_s_len + id_p_len + 2 * sess->nonce_len;
580 	os_memcpy(pos, nonce_p, sess->nonce_len);
581 	pos += sess->nonce_len;
582 	os_memcpy(pos, nonce_s, sess->nonce_len);
583 	if (eap_eke_prfplus(sess->prf, sess->shared_secret, sess->prf_len,
613 int eap_eke_prot(struct eap_eke_session *sess,
620 	if (sess->encr == EAP_EKE_ENCR_AES128_CBC)
625 	if (sess->mac == EAP_EKE_PRF_HMAC_SHA1)
627 	else if (sess->mac == EAP_EKE_PRF_HMAC_SHA2_256)
656 	if (aes_128_cbc_encrypt(sess->ke, iv, e, data_len + pad) < 0)
659 	if (eap_eke_mac(sess->mac, sess->ki, e, data_len + pad, pos) < 0)
668 int eap_eke_decrypt_prot(struct eap_eke_session *sess,
675 	if (sess->encr == EAP_EKE_ENCR_AES128_CBC)
680 	if (sess->mac == EAP_EKE_PRF_HMAC_SHA1)
682 	else if (sess->mac == EAP_EKE_PRF_HMAC_SHA2_256)
692 	if (eap_eke_mac(sess->mac, sess->ki, prot + block_size,
707 	if (aes_128_cbc_decrypt(sess->ke, prot, data, *data_len) < 0) {
718 int eap_eke_auth(struct eap_eke_session *sess, const char *label,
723 			sess->ka, sess->auth_len);
725 	return eap_eke_prf(sess->prf, sess->ka, sess->auth_len,
731 int eap_eke_session_init(struct eap_eke_session *sess, u8 dhgroup, u8 encr,
734 	sess->dhgroup = dhgroup;
735 	sess->encr = encr;
736 	sess->prf = prf;
737 	sess->mac = mac;
739 	sess->prf_len = eap_eke_prf_len(prf);
740 	if (sess->prf_len < 0)
742 	sess->nonce_len = eap_eke_nonce_len(prf);
743 	if (sess->nonce_len < 0)
745 	sess->auth_len = eap_eke_auth_len(prf);
746 	if (sess->auth_len < 0)
748 	sess->dhcomp_len = eap_eke_dhcomp_len(sess->dhgroup, sess->encr);
749 	if (sess->dhcomp_len < 0)
751 	sess->pnonce_len = eap_eke_pnonce_len(sess->mac);
752 	if (sess->pnonce_len < 0)
754 	sess->pnonce_ps_len = eap_eke_pnonce_ps_len(sess->mac);
755 	if (sess->pnonce_ps_len < 0)
762 void eap_eke_session_clean(struct eap_eke_session *sess)
764 	os_memset(sess->shared_secret, 0, EAP_EKE_MAX_HASH_LEN);
765 	os_memset(sess->ke, 0, EAP_EKE_MAX_KE_LEN);
766 	os_memset(sess->ki, 0, EAP_EKE_MAX_KI_LEN);
767 	os_memset(sess->ka, 0, EAP_EKE_MAX_KA_LEN);

Indexes created Fri Mar 13 02:32:08 CET 2015