1/* 2 * EAP server/peer: EAP-EKE shared routines 3 * Copyright (c) 2011-2013, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9#ifndef EAP_EKE_COMMON_H 10#define EAP_EKE_COMMON_H 11 12/* EKE Exchange */ 13#define EAP_EKE_ID 1 14#define EAP_EKE_COMMIT 2 15#define EAP_EKE_CONFIRM 3 16#define EAP_EKE_FAILURE 4 17 18/* Diffie-Hellman Group Registry */ 19#define EAP_EKE_DHGROUP_EKE_2 1 20#define EAP_EKE_DHGROUP_EKE_5 2 21#define EAP_EKE_DHGROUP_EKE_14 3 /* mandatory to implement */ 22#define EAP_EKE_DHGROUP_EKE_15 4 23#define EAP_EKE_DHGROUP_EKE_16 5 24 25/* Encryption Algorithm Registry */ 26#define EAP_EKE_ENCR_AES128_CBC 1 /* mandatory to implement */ 27 28/* Pseudo Random Function Registry */ 29#define EAP_EKE_PRF_HMAC_SHA1 1 /* mandatory to implement */ 30#define EAP_EKE_PRF_HMAC_SHA2_256 2 31 32/* Keyed Message Digest (MAC) Registry */ 33#define EAP_EKE_MAC_HMAC_SHA1 1 /* mandatory to implement */ 34#define EAP_EKE_MAC_HMAC_SHA2_256 2 35 36/* Identity Type Registry */ 37#define EAP_EKE_ID_OPAQUE 1 38#define EAP_EKE_ID_NAI 2 39#define EAP_EKE_ID_IPv4 3 40#define EAP_EKE_ID_IPv6 4 41#define EAP_EKE_ID_FQDN 5 42#define EAP_EKE_ID_DN 6 43 44/* Failure-Code */ 45#define EAP_EKE_FAIL_NO_ERROR 1 46#define EAP_EKE_FAIL_PROTO_ERROR 2 47#define EAP_EKE_FAIL_PASSWD_NOT_FOUND 3 48#define EAP_EKE_FAIL_AUTHENTICATION_FAIL 4 49#define EAP_EKE_FAIL_AUTHORIZATION_FAIL 5 50#define EAP_EKE_FAIL_NO_PROPOSAL_CHOSEN 6 51#define EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR 0xffffffff 52 53#define EAP_EKE_MAX_DH_LEN 512 54#define EAP_EKE_MAX_HASH_LEN 32 55#define EAP_EKE_MAX_KEY_LEN 16 56#define EAP_EKE_MAX_KE_LEN 16 57#define EAP_EKE_MAX_KI_LEN 32 58#define EAP_EKE_MAX_KA_LEN 32 59#define EAP_EKE_MAX_NONCE_LEN 16 60 61struct eap_eke_session { 62 /* Selected proposal */ 63 u8 dhgroup; 64 u8 encr; 65 u8 prf; 66 u8 mac; 67 68 u8 shared_secret[EAP_EKE_MAX_HASH_LEN]; 69 u8 ke[EAP_EKE_MAX_KE_LEN]; 70 u8 ki[EAP_EKE_MAX_KI_LEN]; 71 u8 ka[EAP_EKE_MAX_KA_LEN]; 72 73 int prf_len; 74 int nonce_len; 75 int auth_len; 76 int dhcomp_len; 77 int pnonce_len; 78 int pnonce_ps_len; 79}; 80 81int eap_eke_session_init(struct eap_eke_session *sess, u8 dhgroup, u8 encr, 82 u8 prf, u8 mac); 83void eap_eke_session_clean(struct eap_eke_session *sess); 84int eap_eke_dh_init(u8 group, u8 *ret_priv, u8 *ret_pub); 85int eap_eke_derive_key(struct eap_eke_session *sess, 86 const u8 *password, size_t password_len, 87 const u8 *id_s, size_t id_s_len, const u8 *id_p, 88 size_t id_p_len, u8 *key); 89int eap_eke_dhcomp(struct eap_eke_session *sess, const u8 *key, const u8 *dhpub, 90 u8 *ret_dhcomp); 91int eap_eke_shared_secret(struct eap_eke_session *sess, const u8 *key, 92 const u8 *dhpriv, const u8 *peer_dhcomp); 93int eap_eke_derive_ke_ki(struct eap_eke_session *sess, 94 const u8 *id_s, size_t id_s_len, 95 const u8 *id_p, size_t id_p_len); 96int eap_eke_derive_ka(struct eap_eke_session *sess, 97 const u8 *id_s, size_t id_s_len, 98 const u8 *id_p, size_t id_p_len, 99 const u8 *nonce_p, const u8 *nonce_s); 100int eap_eke_derive_msk(struct eap_eke_session *sess, 101 const u8 *id_s, size_t id_s_len, 102 const u8 *id_p, size_t id_p_len, 103 const u8 *nonce_p, const u8 *nonce_s, 104 u8 *msk, u8 *emsk); 105int eap_eke_prot(struct eap_eke_session *sess, 106 const u8 *data, size_t data_len, 107 u8 *prot, size_t *prot_len); 108int eap_eke_decrypt_prot(struct eap_eke_session *sess, 109 const u8 *prot, size_t prot_len, 110 u8 *data, size_t *data_len); 111int eap_eke_auth(struct eap_eke_session *sess, const char *label, 112 const struct wpabuf *msgs, u8 *auth); 113 114#endif /* EAP_EKE_COMMON_H */ 115