71 static void eap_pwd_state(struct eap_pwd_data *data, int state)
74 		   eap_pwd_state_txt(data->state), eap_pwd_state_txt(state));
75 	data->state = state;
81 	struct eap_pwd_data *data;
97 	if ((data = os_zalloc(sizeof(*data))) == NULL) {
98 		wpa_printf(MSG_INFO, "EAP-PWD: memory allocation data fail");
102 	if ((data->bnctx = BN_CTX_new()) == NULL) {
104 		os_free(data);
108 	if ((data->id_peer = os_malloc(identity_len)) == NULL) {
110 		BN_CTX_free(data->bnctx);
111 		os_free(data);
115 	os_memcpy(data->id_peer, identity, identity_len);
116 	data->id_peer_len = identity_len;
118 	if ((data->password = os_malloc(password_len)) == NULL) {
120 		BN_CTX_free(data->bnctx);
121 		os_free(data->id_peer);
122 		os_free(data);
125 	os_memcpy(data->password, password, password_len);
126 	data->password_len = password_len;
128 	data->out_frag_pos = data->in_frag_pos = 0;
129 	data->inbuf = data->outbuf = NULL;
130 	data->mtu = 1020; /* default from RFC 5931, make it configurable! */
132 	data->state = PWD_ID_Req;
134 	return data;
140 	struct eap_pwd_data *data = priv;
142 	BN_free(data->private_value);
143 	BN_free(data->server_scalar);
144 	BN_free(data->my_scalar);
145 	BN_free(data->k);
146 	BN_CTX_free(data->bnctx);
147 	EC_POINT_free(data->my_element);
148 	EC_POINT_free(data->server_element);
149 	os_free(data->id_peer);
150 	os_free(data->id_server);
151 	os_free(data->password);
152 	if (data->grp) {
153 		EC_GROUP_free(data->grp->group);
154 		EC_POINT_free(data->grp->pwe);
155 		BN_free(data->grp->order);
156 		BN_free(data->grp->prime);
157 		os_free(data->grp);
159 	os_free(data);
165 	struct eap_pwd_data *data = priv;
168 	if (data->state != SUCCESS)
175 	os_memcpy(key, data->msk, EAP_MSK_LEN);
183 eap_pwd_perform_id_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
190 	if (data->state != PWD_ID_Req) {
192 		eap_pwd_state(data, FAILURE);
198 		eap_pwd_state(data, FAILURE);
203 	data->group_num = be_to_host16(id->group_num);
207 		eap_pwd_state(data, FAILURE);
212 		   data->group_num);
214 	data->id_server = os_malloc(payload_len - sizeof(struct eap_pwd_id));
215 	if (data->id_server == NULL) {
217 		eap_pwd_state(data, FAILURE);
220 	data->id_server_len = payload_len - sizeof(struct eap_pwd_id);
221 	os_memcpy(data->id_server, id->identity, data->id_server_len);
223 			  data->id_server, data->id_server_len);
225 	if ((data->grp = (EAP_PWD_group *) os_malloc(sizeof(EAP_PWD_group))) ==
229 		eap_pwd_state(data, FAILURE);
234 	if (compute_password_element(data->grp, data->group_num,
235 				     data->password, data->password_len,
236 				     data->id_server, data->id_server_len,
237 				     data->id_peer, data->id_peer_len,
240 		eap_pwd_state(data, FAILURE);
245 		   BN_num_bits(data->grp->prime));
247 	data->outbuf = wpabuf_alloc(sizeof(struct eap_pwd_id) +
248 				    data->id_peer_len);
249 	if (data->outbuf == NULL) {
250 		eap_pwd_state(data, FAILURE);
253 	wpabuf_put_be16(data->outbuf, data->group_num);
254 	wpabuf_put_u8(data->outbuf, EAP_PWD_DEFAULT_RAND_FUNC);
255 	wpabuf_put_u8(data->outbuf, EAP_PWD_DEFAULT_PRF);
256 	wpabuf_put_data(data->outbuf, id->token, sizeof(id->token));
257 	wpabuf_put_u8(data->outbuf, EAP_PWD_PREP_NONE);
258 	wpabuf_put_data(data->outbuf, data->id_peer, data->id_peer_len);
260 	eap_pwd_state(data, PWD_Commit_Req);
265 eap_pwd_perform_commit_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
275 	if (((data->private_value = BN_new()) == NULL) ||
276 	    ((data->my_element = EC_POINT_new(data->grp->group)) == NULL) ||
278 	    ((data->my_scalar = BN_new()) == NULL) ||
284 	if (!EC_GROUP_get_cofactor(data->grp->group, cofactor, NULL)) {
290 	BN_rand_range(data->private_value, data->grp->order);
291 	BN_rand_range(mask, data->grp->order);
292 	BN_add(data->my_scalar, data->private_value, mask);
293 	BN_mod(data->my_scalar, data->my_scalar, data->grp->order,
294 	       data->bnctx);
296 	if (!EC_POINT_mul(data->grp->group, data->my_element, NULL,
297 			  data->grp->pwe, mask, data->bnctx)) {
300 		eap_pwd_state(data, FAILURE);
304 	if (!EC_POINT_invert(data->grp->group, data->my_element, data->bnctx))
318 	if (((data->server_scalar = BN_new()) == NULL) ||
319 	    ((data->k = BN_new()) == NULL) ||
320 	    ((K = EC_POINT_new(data->grp->group)) == NULL) ||
321 	    ((point = EC_POINT_new(data->grp->group)) == NULL) ||
322 	    ((data->server_element = EC_POINT_new(data->grp->group)) == NULL))
324 		wpa_printf(MSG_INFO, "EAP-PWD (peer): peer data allocation "
331 	BN_bin2bn(ptr, BN_num_bytes(data->grp->prime), x);
332 	ptr += BN_num_bytes(data->grp->prime);
333 	BN_bin2bn(ptr, BN_num_bytes(data->grp->prime), y);
334 	ptr += BN_num_bytes(data->grp->prime);
335 	BN_bin2bn(ptr, BN_num_bytes(data->grp->order), data->server_scalar);
336 	if (!EC_POINT_set_affine_coordinates_GFp(data->grp->group,
337 						 data->server_element, x, y,
338 						 data->bnctx)) {
346 		if (!EC_POINT_mul(data->grp->group, point, NULL,
347 				  data->server_element, cofactor, NULL)) {
352 		if (EC_POINT_is_at_infinity(data->grp->group, point)) {
360 	if ((!EC_POINT_mul(data->grp->group, K, NULL, data->grp->pwe,
361 			   data->server_scalar, data->bnctx)) ||
362 	    (!EC_POINT_add(data->grp->group, K, K, data->server_element,
363 			   data->bnctx)) ||
364 	    (!EC_POINT_mul(data->grp->group, K, NULL, K, data->private_value,
365 			   data->bnctx))) {
373 		if (!EC_POINT_mul(data->grp->group, K, NULL, K, cofactor,
387 	if (EC_POINT_is_at_infinity(data->grp->group, K)) {
393 	if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group, K, data->k,
394 						 NULL, data->bnctx)) {
401 	if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group,
402 						 data->my_element, x, y,
403 						 data->bnctx)) {
408 	if (((scalar = os_malloc(BN_num_bytes(data->grp->order))) == NULL) ||
409 	    ((element = os_malloc(BN_num_bytes(data->grp->prime) * 2)) ==
411 		wpa_printf(MSG_INFO, "EAP-PWD (peer): data allocation fail");
420 	os_memset(scalar, 0, BN_num_bytes(data->grp->order));
421 	os_memset(element, 0, BN_num_bytes(data->grp->prime) * 2);
422 	offset = BN_num_bytes(data->grp->order) -
423 		BN_num_bytes(data->my_scalar);
424 	BN_bn2bin(data->my_scalar, scalar + offset);
426 	offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(x);
428 	offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(y);
429 	BN_bn2bin(y, element + BN_num_bytes(data->grp->prime) + offset);
431 	data->outbuf = wpabuf_alloc(BN_num_bytes(data->grp->order) +
432 				    2 * BN_num_bytes(data->grp->prime));
433 	if (data->outbuf == NULL)
437 	wpabuf_put_data(data->outbuf, element,
438 			2 * BN_num_bytes(data->grp->prime));
439 	wpabuf_put_data(data->outbuf, scalar, BN_num_bytes(data->grp->order));
449 	if (data->outbuf == NULL)
450 		eap_pwd_state(data, FAILURE);
452 		eap_pwd_state(data, PWD_Confirm_Req);
457 eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
473 	grp = htons(data->group_num);
482 	if (((cruft = os_malloc(BN_num_bytes(data->grp->prime))) == NULL) ||
501 	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
502 	offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(data->k);
503 	BN_bn2bin(data->k, cruft + offset);
504 	eap_pwd_h_update(hash, cruft, BN_num_bytes(data->grp->prime));
507 	if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group,
508 						 data->server_element, x, y,
509 						 data->bnctx)) {
514 	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
515 	offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(x);
517 	eap_pwd_h_update(hash, cruft, BN_num_bytes(data->grp->prime));
518 	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
519 	offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(y);
521 	eap_pwd_h_update(hash, cruft, BN_num_bytes(data->grp->prime));
524 	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
525 	offset = BN_num_bytes(data->grp->order) -
526 		BN_num_bytes(data->server_scalar);
527 	BN_bn2bin(data->server_scalar, cruft + offset);
528 	eap_pwd_h_update(hash, cruft, BN_num_bytes(data->grp->order));
531 	if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group,
532 						 data->my_element, x, y,
533 						 data->bnctx)) {
539 	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
540 	offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(x);
542 	eap_pwd_h_update(hash, cruft, BN_num_bytes(data->grp->prime));
543 	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
544 	offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(y);
546 	eap_pwd_h_update(hash, cruft, BN_num_bytes(data->grp->prime));
549 	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
550 	offset = BN_num_bytes(data->grp->order) -
551 		BN_num_bytes(data->my_scalar);
552 	BN_bn2bin(data->my_scalar, cruft + offset);
553 	eap_pwd_h_update(hash, cruft, BN_num_bytes(data->grp->order));
579 	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
580 	offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(data->k);
581 	BN_bn2bin(data->k, cruft + offset);
582 	eap_pwd_h_update(hash, cruft, BN_num_bytes(data->grp->prime));
585 	if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group,
586 						 data->my_element, x, y,
587 						 data->bnctx)) {
592 	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
593 	offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(x);
595 	eap_pwd_h_update(hash, cruft, BN_num_bytes(data->grp->prime));
596 	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
597 	offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(y);
599 	eap_pwd_h_update(hash, cruft, BN_num_bytes(data->grp->prime));
602 	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
603 	offset = BN_num_bytes(data->grp->order) -
604 		BN_num_bytes(data->my_scalar);
605 	BN_bn2bin(data->my_scalar, cruft + offset);
606 	eap_pwd_h_update(hash, cruft, BN_num_bytes(data->grp->order));
609 	if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group,
610 						 data->server_element, x, y,
611 						 data->bnctx)) {
616 	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
617 	offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(x);
619 	eap_pwd_h_update(hash, cruft, BN_num_bytes(data->grp->prime));
620 	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
621 	offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(y);
623 	eap_pwd_h_update(hash, cruft, BN_num_bytes(data->grp->prime));
626 	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
627 	offset = BN_num_bytes(data->grp->order) -
628 		BN_num_bytes(data->server_scalar);
629 	BN_bn2bin(data->server_scalar, cruft + offset);
630 	eap_pwd_h_update(hash, cruft, BN_num_bytes(data->grp->order));
638 	if (compute_keys(data->grp, data->bnctx, data->k,
639 			 data->my_scalar, data->server_scalar, conf, ptr,
640 			 &cs, data->msk, data->emsk) < 0) {
646 	data->outbuf = wpabuf_alloc(SHA256_MAC_LEN);
647 	if (data->outbuf == NULL)
650 	wpabuf_put_data(data->outbuf, conf, SHA256_MAC_LEN);
657 	if (data->outbuf == NULL) {
659 		eap_pwd_state(data, FAILURE);
662 		eap_pwd_state(data, SUCCESS);
671 	struct eap_pwd_data *data = priv;
699 	if (data->out_frag_pos) {
711 		len = wpabuf_len(data->outbuf) - data->out_frag_pos;
712 		if ((len + EAP_PWD_HDR_SIZE) > data->mtu) {
713 			len = data->mtu - EAP_PWD_HDR_SIZE;
725 		buf = wpabuf_head_u8(data->outbuf);
726 		wpabuf_put_data(resp, buf + data->out_frag_pos, len);
727 		data->out_frag_pos += len;
731 		if (data->out_frag_pos >= wpabuf_len(data->outbuf)) {
732 			wpabuf_free(data->outbuf);
733 			data->outbuf = NULL;
734 			data->out_frag_pos = 0;
737 			   data->out_frag_pos == 0 ? "last" : "next",
751 		data->inbuf = wpabuf_alloc(tot_len);
752 		if (data->inbuf == NULL) {
764 		data->in_frag_pos += len;
765 		if (data->in_frag_pos > wpabuf_size(data->inbuf)) {
768 				   (int) data->in_frag_pos,
769 				   (int) wpabuf_len(data->inbuf));
770 			wpabuf_free(data->inbuf);
771 			data->in_frag_pos = 0;
774 		wpabuf_put_data(data->inbuf, pos, len);
788 	if (data->in_frag_pos) {
789 		wpabuf_put_data(data->inbuf, pos, len);
792 		data->in_frag_pos += len;
793 		pos = wpabuf_head_u8(data->inbuf);
794 		len = data->in_frag_pos;
801 		eap_pwd_perform_id_exchange(sm, data, ret, reqData,
805 		eap_pwd_perform_commit_exchange(sm, data, ret, reqData,
809 		eap_pwd_perform_confirm_exchange(sm, data, ret, reqData,
820 	if (data->in_frag_pos) {
821 		wpabuf_free(data->inbuf);
822 		data->in_frag_pos = 0;
825 	if (data->outbuf == NULL)
831 	len = wpabuf_len(data->outbuf);
832 	if ((len + EAP_PWD_HDR_SIZE) > data->mtu) {
833 		resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_PWD, data->mtu,
844 		len = data->mtu - EAP_PWD_HDR_SIZE - sizeof(u16);
858 		data->out_frag_pos += len;
860 	buf = wpabuf_head_u8(data->outbuf);
865 	if (data->out_frag_pos == 0) {
866 		wpabuf_free(data->outbuf);
867 		data->outbuf = NULL;
868 		data->out_frag_pos = 0;
877 	struct eap_pwd_data *data = priv;
878 	return data->state == SUCCESS;
884 	struct eap_pwd_data *data = priv;
887 	if (data->state != SUCCESS)
893 	os_memcpy(key, data->emsk, EAP_EMSK_LEN);

Indexes created Tue Jun 11 21:59:41 MDT 2024