1189251Ssam/* 2189251Ssam * EAP server/peer: EAP-PSK shared routines 3189251Ssam * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi> 4189251Ssam * 5252726Srpaulo * This software may be distributed under the terms of the BSD license. 6252726Srpaulo * See README for more details. 7189251Ssam */ 8189251Ssam 9189251Ssam#include "includes.h" 10189251Ssam 11189251Ssam#include "common.h" 12214734Srpaulo#include "crypto/aes_wrap.h" 13189251Ssam#include "eap_defs.h" 14189251Ssam#include "eap_psk_common.h" 15189251Ssam 16189251Ssam#define aes_block_size 16 17189251Ssam 18189251Ssam 19189251Ssamint eap_psk_key_setup(const u8 *psk, u8 *ak, u8 *kdk) 20189251Ssam{ 21189251Ssam os_memset(ak, 0, aes_block_size); 22189251Ssam if (aes_128_encrypt_block(psk, ak, ak)) 23189251Ssam return -1; 24189251Ssam os_memcpy(kdk, ak, aes_block_size); 25189251Ssam ak[aes_block_size - 1] ^= 0x01; 26189251Ssam kdk[aes_block_size - 1] ^= 0x02; 27189251Ssam if (aes_128_encrypt_block(psk, ak, ak) || 28189251Ssam aes_128_encrypt_block(psk, kdk, kdk)) 29189251Ssam return -1; 30189251Ssam return 0; 31189251Ssam} 32189251Ssam 33189251Ssam 34189251Ssamint eap_psk_derive_keys(const u8 *kdk, const u8 *rand_p, u8 *tek, u8 *msk, 35189251Ssam u8 *emsk) 36189251Ssam{ 37189251Ssam u8 hash[aes_block_size]; 38189251Ssam u8 counter = 1; 39189251Ssam int i; 40189251Ssam 41189251Ssam if (aes_128_encrypt_block(kdk, rand_p, hash)) 42189251Ssam return -1; 43189251Ssam 44189251Ssam hash[aes_block_size - 1] ^= counter; 45189251Ssam if (aes_128_encrypt_block(kdk, hash, tek)) 46189251Ssam return -1; 47189251Ssam hash[aes_block_size - 1] ^= counter; 48189251Ssam counter++; 49189251Ssam 50189251Ssam for (i = 0; i < EAP_MSK_LEN / aes_block_size; i++) { 51189251Ssam hash[aes_block_size - 1] ^= counter; 52189251Ssam if (aes_128_encrypt_block(kdk, hash, &msk[i * aes_block_size])) 53189251Ssam return -1; 54189251Ssam hash[aes_block_size - 1] ^= counter; 55189251Ssam counter++; 56189251Ssam } 57189251Ssam 58189251Ssam for (i = 0; i < EAP_EMSK_LEN / aes_block_size; i++) { 59189251Ssam hash[aes_block_size - 1] ^= counter; 60189251Ssam if (aes_128_encrypt_block(kdk, hash, 61189251Ssam &emsk[i * aes_block_size])) 62189251Ssam return -1; 63189251Ssam hash[aes_block_size - 1] ^= counter; 64189251Ssam counter++; 65189251Ssam } 66189251Ssam 67189251Ssam return 0; 68189251Ssam} 69