303 int eap_eke_derive_key(struct eap_eke_session *sess,
314 	os_memset(zeros, 0, sess->prf_len);
315 	if (eap_eke_prf(sess->prf, zeros, sess->prf_len,
319 			temp, sess->prf_len);
329 	if (eap_eke_prfplus(sess->prf, temp, sess->prf_len,
342 int eap_eke_dhcomp(struct eap_eke_session *sess, const u8 *key, const u8 *dhpub,
349 	dh_len = eap_eke_dh_len(sess->dhgroup);
359 	if (sess->encr != EAP_EKE_ENCR_AES128_CBC)
377 int eap_eke_shared_secret(struct eap_eke_session *sess, const u8 *key,
386 	dh = eap_eke_dh_group(sess->dhgroup);
387 	if (sess->encr != EAP_EKE_ENCR_AES128_CBC || !dh)
411 	os_memset(zeros, 0, sess->auth_len);
412 	if (eap_eke_prf(sess->prf, zeros, sess->auth_len, modexp, dh->prime_len,
413 			NULL, 0, sess->shared_secret) < 0)
416 			sess->shared_secret, sess->auth_len);
422 int eap_eke_derive_ke_ki(struct eap_eke_session *sess,
440 	if (sess->encr == EAP_EKE_ENCR_AES128_CBC)
445 	if (sess->mac == EAP_EKE_PRF_HMAC_SHA1)
447 	else if (sess->mac == EAP_EKE_PRF_HMAC_SHA2_256)
460 	if (eap_eke_prfplus(sess->prf, sess->shared_secret, sess->prf_len,
466 	os_memcpy(sess->ke, buf, ke_len);
467 	wpa_hexdump_key(MSG_DEBUG, "EAP-EKE: Ke", sess->ke, ke_len);
468 	os_memcpy(sess->ki, buf + ke_len, ki_len);
469 	wpa_hexdump_key(MSG_DEBUG, "EAP-EKE: Ki", sess->ki, ki_len);
476 int eap_eke_derive_ka(struct eap_eke_session *sess,
494 	data_len = label_len + id_s_len + id_p_len + 2 * sess->nonce_len;
505 	os_memcpy(pos, nonce_p, sess->nonce_len);
506 	pos += sess->nonce_len;
507 	os_memcpy(pos, nonce_s, sess->nonce_len);
508 	if (eap_eke_prfplus(sess->prf, sess->shared_secret, sess->prf_len,
509 			    data, data_len, sess->ka, sess->prf_len) < 0) {
515 	wpa_hexdump_key(MSG_DEBUG, "EAP-EKE: Ka", sess->ka, sess->prf_len);
521 int eap_eke_derive_msk(struct eap_eke_session *sess,
539 	data_len = label_len + id_s_len + id_p_len + 2 * sess->nonce_len;
550 	os_memcpy(pos, nonce_p, sess->nonce_len);
551 	pos += sess->nonce_len;
552 	os_memcpy(pos, nonce_s, sess->nonce_len);
553 	if (eap_eke_prfplus(sess->prf, sess->shared_secret, sess->prf_len,
583 int eap_eke_prot(struct eap_eke_session *sess,
590 	if (sess->encr == EAP_EKE_ENCR_AES128_CBC)
595 	if (sess->mac == EAP_EKE_PRF_HMAC_SHA1)
597 	else if (sess->mac == EAP_EKE_PRF_HMAC_SHA2_256)
627 	if (aes_128_cbc_encrypt(sess->ke, iv, e, data_len + pad) < 0 ||
628 	    eap_eke_mac(sess->mac, sess->ki, e, data_len + pad, pos) < 0)
637 int eap_eke_decrypt_prot(struct eap_eke_session *sess,
644 	if (sess->encr == EAP_EKE_ENCR_AES128_CBC)
649 	if (sess->mac == EAP_EKE_PRF_HMAC_SHA1)
651 	else if (sess->mac == EAP_EKE_PRF_HMAC_SHA2_256)
660 	if (eap_eke_mac(sess->mac, sess->ki, prot + block_size,
675 	if (aes_128_cbc_decrypt(sess->ke, prot, data, *data_len) < 0) {
686 int eap_eke_auth(struct eap_eke_session *sess, const char *label,
691 			sess->ka, sess->auth_len);
693 	return eap_eke_prf(sess->prf, sess->ka, sess->auth_len,
699 int eap_eke_session_init(struct eap_eke_session *sess, u8 dhgroup, u8 encr,
702 	sess->dhgroup = dhgroup;
703 	sess->encr = encr;
704 	sess->prf = prf;
705 	sess->mac = mac;
707 	sess->prf_len = eap_eke_prf_len(prf);
708 	sess->nonce_len = eap_eke_nonce_len(prf);
709 	sess->auth_len = eap_eke_auth_len(prf);
710 	sess->dhcomp_len = eap_eke_dhcomp_len(sess->dhgroup, sess->encr);
711 	sess->pnonce_len = eap_eke_pnonce_len(sess->mac);
712 	sess->pnonce_ps_len = eap_eke_pnonce_ps_len(sess->mac);
713 	if (sess->prf_len < 0 || sess->nonce_len < 0 || sess->auth_len < 0 ||
714 	    sess->dhcomp_len < 0 || sess->pnonce_len < 0 ||
715 	    sess->pnonce_ps_len < 0)
722 void eap_eke_session_clean(struct eap_eke_session *sess)
724 	os_memset(sess->shared_secret, 0, EAP_EKE_MAX_HASH_LEN);
725 	os_memset(sess->ke, 0, EAP_EKE_MAX_KE_LEN);
726 	os_memset(sess->ki, 0, EAP_EKE_MAX_KI_LEN);
727 	os_memset(sess->ka, 0, EAP_EKE_MAX_KA_LEN);

Indexes created Fri Jul 05 22:58:02 MDT 2024