72 static void eap_pwd_state(struct eap_pwd_data *data, int state)
75 		   eap_pwd_state_txt(data->state), eap_pwd_state_txt(state));
76 	data->state = state;
82 	struct eap_pwd_data *data;
91 	data = os_zalloc(sizeof(*data));
92 	if (data == NULL)
95 	data->group_num = sm->pwd_group;
97 		   data->group_num);
98 	data->state = PWD_ID_Req;
100 	data->id_server = (u8 *) os_strdup("server");
101 	if (data->id_server)
102 		data->id_server_len = os_strlen((char *) data->id_server);
104 	data->password = os_malloc(sm->user->password_len);
105 	if (data->password == NULL) {
108 		os_free(data->id_server);
109 		os_free(data);
112 	data->password_len = sm->user->password_len;
113 	os_memcpy(data->password, sm->user->password, data->password_len);
115 	data->bnctx = BN_CTX_new();
116 	if (data->bnctx == NULL) {
118 		os_free(data->password);
119 		os_free(data->id_server);
120 		os_free(data);
124 	data->in_frag_pos = data->out_frag_pos = 0;
125 	data->inbuf = data->outbuf = NULL;
126 	data->mtu = 1020; /* default from RFC 5931, make it configurable! */
128 	return data;
134 	struct eap_pwd_data *data = priv;
136 	BN_free(data->private_value);
137 	BN_free(data->peer_scalar);
138 	BN_free(data->my_scalar);
139 	BN_free(data->k);
140 	BN_CTX_free(data->bnctx);
141 	EC_POINT_free(data->my_element);
142 	EC_POINT_free(data->peer_element);
143 	os_free(data->id_peer);
144 	os_free(data->id_server);
145 	os_free(data->password);
146 	if (data->grp) {
147 		EC_GROUP_free(data->grp->group);
148 		EC_POINT_free(data->grp->pwe);
149 		BN_free(data->grp->order);
150 		BN_free(data->grp->prime);
151 		os_free(data->grp);
153 	os_free(data);
157 static void eap_pwd_build_id_req(struct eap_sm *sm, struct eap_pwd_data *data,
164 	if (data->out_frag_pos)
167 	data->outbuf = wpabuf_alloc(sizeof(struct eap_pwd_id) +
168 				    data->id_server_len);
169 	if (data->outbuf == NULL) {
170 		eap_pwd_state(data, FAILURE);
175 	data->token = os_random();
176 	wpabuf_put_be16(data->outbuf, data->group_num);
177 	wpabuf_put_u8(data->outbuf, EAP_PWD_DEFAULT_RAND_FUNC);
178 	wpabuf_put_u8(data->outbuf, EAP_PWD_DEFAULT_PRF);
179 	wpabuf_put_data(data->outbuf, &data->token, sizeof(data->token));
180 	wpabuf_put_u8(data->outbuf, EAP_PWD_PREP_NONE);
181 	wpabuf_put_data(data->outbuf, data->id_server, data->id_server_len);
186 				     struct eap_pwd_data *data, u8 id)
197 	if (data->out_frag_pos)
200 	if (((data->private_value = BN_new()) == NULL) ||
201 	    ((data->my_element = EC_POINT_new(data->grp->group)) == NULL) ||
202 	    ((data->my_scalar = BN_new()) == NULL) ||
209 	BN_rand_range(data->private_value, data->grp->order);
210 	BN_rand_range(mask, data->grp->order);
211 	BN_add(data->my_scalar, data->private_value, mask);
212 	BN_mod(data->my_scalar, data->my_scalar, data->grp->order,
213 	       data->bnctx);
215 	if (!EC_POINT_mul(data->grp->group, data->my_element, NULL,
216 			  data->grp->pwe, mask, data->bnctx)) {
219 		eap_pwd_state(data, FAILURE);
223 	if (!EC_POINT_invert(data->grp->group, data->my_element, data->bnctx))
237 	if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group,
238 						 data->my_element, x, y,
239 						 data->bnctx)) {
245 	if (((scalar = os_malloc(BN_num_bytes(data->grp->order))) == NULL) ||
246 	    ((element = os_malloc(BN_num_bytes(data->grp->prime) * 2)) ==
248 		wpa_printf(MSG_INFO, "EAP-PWD (server): data allocation fail");
257 	os_memset(scalar, 0, BN_num_bytes(data->grp->order));
258 	os_memset(element, 0, BN_num_bytes(data->grp->prime) * 2);
259 	offset = BN_num_bytes(data->grp->order) -
260 		BN_num_bytes(data->my_scalar);
261 	BN_bn2bin(data->my_scalar, scalar + offset);
263 	offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(x);
265 	offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(y);
266 	BN_bn2bin(y, element + BN_num_bytes(data->grp->prime) + offset);
268 	data->outbuf = wpabuf_alloc(2 * BN_num_bytes(data->grp->prime) +
269 				    BN_num_bytes(data->grp->order));
270 	if (data->outbuf == NULL)
274 	wpabuf_put_data(data->outbuf, element,
275 			2 * BN_num_bytes(data->grp->prime));
276 	wpabuf_put_data(data->outbuf, scalar, BN_num_bytes(data->grp->order));
283 	if (data->outbuf == NULL)
284 		eap_pwd_state(data, FAILURE);
289 				      struct eap_pwd_data *data, u8 id)
302 	if (data->out_frag_pos)
306 	if (((cruft = os_malloc(BN_num_bytes(data->grp->prime))) == NULL) ||
327 	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
328 	offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(data->k);
329 	BN_bn2bin(data->k, cruft + offset);
330 	eap_pwd_h_update(hash, cruft, BN_num_bytes(data->grp->prime));
333 	if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group,
334 						 data->my_element, x, y,
335 						 data->bnctx)) {
341 	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
342 	offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(x);
344 	eap_pwd_h_update(hash, cruft, BN_num_bytes(data->grp->prime));
345 	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
346 	offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(y);
348 	eap_pwd_h_update(hash, cruft, BN_num_bytes(data->grp->prime));
351 	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
352 	offset = BN_num_bytes(data->grp->order) -
353 		BN_num_bytes(data->my_scalar);
354 	BN_bn2bin(data->my_scalar, cruft + offset);
355 	eap_pwd_h_update(hash, cruft, BN_num_bytes(data->grp->order));
358 	if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group,
359 						 data->peer_element, x, y,
360 						 data->bnctx)) {
366 	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
367 	offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(x);
369 	eap_pwd_h_update(hash, cruft, BN_num_bytes(data->grp->prime));
370 	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
371 	offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(y);
373 	eap_pwd_h_update(hash, cruft, BN_num_bytes(data->grp->prime));
376 	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
377 	offset = BN_num_bytes(data->grp->order) -
378 		BN_num_bytes(data->peer_scalar);
379 	BN_bn2bin(data->peer_scalar, cruft + offset);
380 	eap_pwd_h_update(hash, cruft, BN_num_bytes(data->grp->order));
383 	grp = htons(data->group_num);
384 	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
396 	os_memcpy(data->my_confirm, conf, SHA256_MAC_LEN);
398 	data->outbuf = wpabuf_alloc(SHA256_MAC_LEN);
399 	if (data->outbuf == NULL)
402 	wpabuf_put_data(data->outbuf, conf, SHA256_MAC_LEN);
408 	if (data->outbuf == NULL)
409 		eap_pwd_state(data, FAILURE);
416 	struct eap_pwd_data *data = priv;
426 	if (data->in_frag_pos) {
431 			eap_pwd_state(data, FAILURE);
434 		switch (data->state) {
445 			eap_pwd_state(data, FAILURE);   /* just to be sure */
453 	 * build the data portion of a request
455 	switch (data->state) {
457 		eap_pwd_build_id_req(sm, data, id);
461 		eap_pwd_build_commit_req(sm, data, id);
465 		eap_pwd_build_confirm_req(sm, data, id);
470 			   data->state);
471 		eap_pwd_state(data, FAILURE);
476 	if (data->state == FAILURE)
480 	 * determine whether that data needs to be fragmented
482 	len = wpabuf_len(data->outbuf) - data->out_frag_pos;
483 	if ((len + EAP_PWD_HDR_SIZE) > data->mtu) {
484 		len = data->mtu - EAP_PWD_HDR_SIZE;
490 		if (data->out_frag_pos == 0) {
492 			totlen = wpabuf_len(data->outbuf) +
503 	 * alloc an eap request and populate it with the data
510 		eap_pwd_state(data, FAILURE);
518 	buf = wpabuf_head_u8(data->outbuf);
519 	wpabuf_put_data(req, buf + data->out_frag_pos, len);
520 	data->out_frag_pos += len;
522 	 * either not fragged or last fragment, either way free up the data
524 	if (data->out_frag_pos >= wpabuf_len(data->outbuf)) {
525 		wpabuf_free(data->outbuf);
526 		data->out_frag_pos = 0;
536 	struct eap_pwd_data *data = priv;
549 	if (data->state == PWD_ID_Req &&
553 	if (data->state == PWD_Commit_Req &&
557 	if (data->state == PWD_Confirm_Req &&
562 		   *pos, data->state);
569 				    struct eap_pwd_data *data,
580 	if ((data->group_num != be_to_host16(id->group_num)) ||
582 	    (os_memcmp(id->token, (u8 *)&data->token, sizeof(data->token))) ||
585 		eap_pwd_state(data, FAILURE);
588 	data->id_peer = os_malloc(payload_len - sizeof(struct eap_pwd_id));
589 	if (data->id_peer == NULL) {
593 	data->id_peer_len = payload_len - sizeof(struct eap_pwd_id);
594 	os_memcpy(data->id_peer, id->identity, data->id_peer_len);
596 			  data->id_peer, data->id_peer_len);
598 	if ((data->grp = os_malloc(sizeof(EAP_PWD_group))) == NULL) {
603 	if (compute_password_element(data->grp, data->group_num,
604 				     data->password, data->password_len,
605 				     data->id_server, data->id_server_len,
606 				     data->id_peer, data->id_peer_len,
607 				     (u8 *) &data->token)) {
613 		   BN_num_bits(data->grp->prime));
615 	eap_pwd_state(data, PWD_Commit_Req);
620 eap_pwd_process_commit_resp(struct eap_sm *sm, struct eap_pwd_data *data,
630 	if (((data->peer_scalar = BN_new()) == NULL) ||
631 	    ((data->k = BN_new()) == NULL) ||
635 	    ((point = EC_POINT_new(data->grp->group)) == NULL) ||
636 	    ((K = EC_POINT_new(data->grp->group)) == NULL) ||
637 	    ((data->peer_element = EC_POINT_new(data->grp->group)) == NULL)) {
638 		wpa_printf(MSG_INFO, "EAP-PWD (server): peer data allocation "
643 	if (!EC_GROUP_get_cofactor(data->grp->group, cofactor, NULL)) {
651 	BN_bin2bn(ptr, BN_num_bytes(data->grp->prime), x);
652 	ptr += BN_num_bytes(data->grp->prime);
653 	BN_bin2bn(ptr, BN_num_bytes(data->grp->prime), y);
654 	ptr += BN_num_bytes(data->grp->prime);
655 	BN_bin2bn(ptr, BN_num_bytes(data->grp->order), data->peer_scalar);
656 	if (!EC_POINT_set_affine_coordinates_GFp(data->grp->group,
657 						 data->peer_element, x, y,
658 						 data->bnctx)) {
666 		if (!EC_POINT_mul(data->grp->group, point, NULL,
667 				  data->peer_element, cofactor, NULL)) {
672 		if (EC_POINT_is_at_infinity(data->grp->group, point)) {
680 	if ((!EC_POINT_mul(data->grp->group, K, NULL, data->grp->pwe,
681 			   data->peer_scalar, data->bnctx)) ||
682 	    (!EC_POINT_add(data->grp->group, K, K, data->peer_element,
683 			   data->bnctx)) ||
684 	    (!EC_POINT_mul(data->grp->group, K, NULL, K, data->private_value,
685 			   data->bnctx))) {
693 		if (!EC_POINT_mul(data->grp->group, K, NULL, K, cofactor,
707 	if (EC_POINT_is_at_infinity(data->grp->group, K)) {
712 	if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group, K, data->k,
713 						 NULL, data->bnctx)) {
728 		eap_pwd_state(data, PWD_Confirm_Req);
730 		eap_pwd_state(data, FAILURE);
735 eap_pwd_process_confirm_resp(struct eap_sm *sm, struct eap_pwd_data *data,
746 	grp = htons(data->group_num);
755 	if (((cruft = os_malloc(BN_num_bytes(data->grp->prime))) == NULL) ||
770 	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
771 	offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(data->k);
772 	BN_bn2bin(data->k, cruft + offset);
773 	eap_pwd_h_update(hash, cruft, BN_num_bytes(data->grp->prime));
776 	if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group,
777 						 data->peer_element, x, y,
778 						 data->bnctx)) {
783 	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
784 	offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(x);
786 	eap_pwd_h_update(hash, cruft, BN_num_bytes(data->grp->prime));
787 	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
788 	offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(y);
790 	eap_pwd_h_update(hash, cruft, BN_num_bytes(data->grp->prime));
793 	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
794 	offset = BN_num_bytes(data->grp->order) -
795 		BN_num_bytes(data->peer_scalar);
796 	BN_bn2bin(data->peer_scalar, cruft + offset);
797 	eap_pwd_h_update(hash, cruft, BN_num_bytes(data->grp->order));
800 	if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group,
801 						 data->my_element, x, y,
802 						 data->bnctx)) {
808 	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
809 	offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(x);
811 	eap_pwd_h_update(hash, cruft, BN_num_bytes(data->grp->prime));
812 	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
813 	offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(y);
815 	eap_pwd_h_update(hash, cruft, BN_num_bytes(data->grp->prime));
818 	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
819 	offset = BN_num_bytes(data->grp->order) -
820 		BN_num_bytes(data->my_scalar);
821 	BN_bn2bin(data->my_scalar, cruft + offset);
822 	eap_pwd_h_update(hash, cruft, BN_num_bytes(data->grp->order));
825 	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
839 	if (compute_keys(data->grp, data->bnctx, data->k,
840 			 data->peer_scalar, data->my_scalar, conf,
841 			 data->my_confirm, &cs, data->msk, data->emsk) < 0)
842 		eap_pwd_state(data, FAILURE);
844 		eap_pwd_state(data, SUCCESS);
856 	struct eap_pwd_data *data = priv;
875 	 * if we're fragmenting then this should be an ACK with no data,
878 	if (data->out_frag_pos) {
896 		data->inbuf = wpabuf_alloc(tot_len);
897 		if (data->inbuf == NULL) {
909 		if ((data->in_frag_pos + len) > wpabuf_size(data->inbuf)) {
912 				   (int) data->in_frag_pos, (int) len,
913 				   (int) wpabuf_size(data->inbuf));
914 			eap_pwd_state(data, FAILURE);
917 		wpabuf_put_data(data->inbuf, pos, len);
918 		data->in_frag_pos += len;
927 	if (data->in_frag_pos) {
928 		wpabuf_put_data(data->inbuf, pos, len);
929 		data->in_frag_pos += len;
930 		pos = wpabuf_head_u8(data->inbuf);
931 		len = data->in_frag_pos;
937 		eap_pwd_process_id_resp(sm, data, pos, len);
940 		eap_pwd_process_commit_resp(sm, data, pos, len);
943 		eap_pwd_process_confirm_resp(sm, data, pos, len);
950 	if (data->in_frag_pos) {
951 		wpabuf_free(data->inbuf);
952 		data->in_frag_pos = 0;
959 	struct eap_pwd_data *data = priv;
962 	if (data->state != SUCCESS)
969 	os_memcpy(key, data->msk, EAP_MSK_LEN);
978 	struct eap_pwd_data *data = priv;
981 	if (data->state != SUCCESS)
988 	os_memcpy(key, data->emsk, EAP_EMSK_LEN);
997 	struct eap_pwd_data *data = priv;
998 	return data->state == SUCCESS;
1004 	struct eap_pwd_data *data = priv;
1005 	return (data->state == SUCCESS) || (data->state == FAILURE);

Indexes created Wed Jun 26 11:41:58 MDT 2024