1189251Ssam/*
2189251Ssam * EAP server/peer: EAP-PSK shared routines
3189251Ssam * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
4189251Ssam *
5252726Srpaulo * This software may be distributed under the terms of the BSD license.
6252726Srpaulo * See README for more details.
7189251Ssam */
8189251Ssam
9189251Ssam#include "includes.h"
10189251Ssam
11189251Ssam#include "common.h"
12214734Srpaulo#include "crypto/aes_wrap.h"
13189251Ssam#include "eap_defs.h"
14189251Ssam#include "eap_psk_common.h"
15189251Ssam
16189251Ssam#define aes_block_size 16
17189251Ssam
18189251Ssam
19189251Ssamint eap_psk_key_setup(const u8 *psk, u8 *ak, u8 *kdk)
20189251Ssam{
21189251Ssam	os_memset(ak, 0, aes_block_size);
22189251Ssam	if (aes_128_encrypt_block(psk, ak, ak))
23189251Ssam		return -1;
24189251Ssam	os_memcpy(kdk, ak, aes_block_size);
25189251Ssam	ak[aes_block_size - 1] ^= 0x01;
26189251Ssam	kdk[aes_block_size - 1] ^= 0x02;
27189251Ssam	if (aes_128_encrypt_block(psk, ak, ak) ||
28189251Ssam	    aes_128_encrypt_block(psk, kdk, kdk))
29189251Ssam		return -1;
30189251Ssam	return 0;
31189251Ssam}
32189251Ssam
33189251Ssam
34189251Ssamint eap_psk_derive_keys(const u8 *kdk, const u8 *rand_p, u8 *tek, u8 *msk,
35189251Ssam			u8 *emsk)
36189251Ssam{
37189251Ssam	u8 hash[aes_block_size];
38189251Ssam	u8 counter = 1;
39189251Ssam	int i;
40189251Ssam
41189251Ssam	if (aes_128_encrypt_block(kdk, rand_p, hash))
42189251Ssam		return -1;
43189251Ssam
44189251Ssam	hash[aes_block_size - 1] ^= counter;
45189251Ssam	if (aes_128_encrypt_block(kdk, hash, tek))
46189251Ssam		return -1;
47189251Ssam	hash[aes_block_size - 1] ^= counter;
48189251Ssam	counter++;
49189251Ssam
50189251Ssam	for (i = 0; i < EAP_MSK_LEN / aes_block_size; i++) {
51189251Ssam		hash[aes_block_size - 1] ^= counter;
52189251Ssam		if (aes_128_encrypt_block(kdk, hash, &msk[i * aes_block_size]))
53189251Ssam			return -1;
54189251Ssam		hash[aes_block_size - 1] ^= counter;
55189251Ssam		counter++;
56189251Ssam	}
57189251Ssam
58189251Ssam	for (i = 0; i < EAP_EMSK_LEN / aes_block_size; i++) {
59189251Ssam		hash[aes_block_size - 1] ^= counter;
60189251Ssam		if (aes_128_encrypt_block(kdk, hash,
61189251Ssam					  &emsk[i * aes_block_size]))
62189251Ssam			return -1;
63189251Ssam		hash[aes_block_size - 1] ^= counter;
64189251Ssam		counter++;
65189251Ssam	}
66189251Ssam
67189251Ssam	return 0;
68189251Ssam}
69