]>
Commit | Line | Data |
---|---|---|
7e7610d7 JM |
1 | /* |
2 | * EAP server/peer: EAP-EKE shared routines | |
3 | * Copyright (c) 2011-2013, Jouni Malinen <j@w1.fi> | |
4 | * | |
5 | * This software may be distributed under the terms of the BSD license. | |
6 | * See README for more details. | |
7 | */ | |
8 | ||
9 | #ifndef EAP_EKE_COMMON_H | |
10 | #define EAP_EKE_COMMON_H | |
11 | ||
12 | /* EKE Exchange */ | |
13 | #define EAP_EKE_ID 1 | |
14 | #define EAP_EKE_COMMIT 2 | |
15 | #define EAP_EKE_CONFIRM 3 | |
16 | #define EAP_EKE_FAILURE 4 | |
17 | ||
18 | /* Diffie-Hellman Group Registry */ | |
19 | #define EAP_EKE_DHGROUP_EKE_2 1 | |
20 | #define EAP_EKE_DHGROUP_EKE_5 2 | |
21 | #define EAP_EKE_DHGROUP_EKE_14 3 /* mandatory to implement */ | |
22 | #define EAP_EKE_DHGROUP_EKE_15 4 | |
23 | #define EAP_EKE_DHGROUP_EKE_16 5 | |
24 | ||
25 | /* Encryption Algorithm Registry */ | |
26 | #define EAP_EKE_ENCR_AES128_CBC 1 /* mandatory to implement */ | |
27 | ||
28 | /* Pseudo Random Function Registry */ | |
29 | #define EAP_EKE_PRF_HMAC_SHA1 1 /* mandatory to implement */ | |
30 | #define EAP_EKE_PRF_HMAC_SHA2_256 2 | |
31 | ||
32 | /* Keyed Message Digest (MAC) Registry */ | |
33 | #define EAP_EKE_MAC_HMAC_SHA1 1 /* mandatory to implement */ | |
34 | #define EAP_EKE_MAC_HMAC_SHA2_256 2 | |
35 | ||
36 | /* Identity Type Registry */ | |
37 | #define EAP_EKE_ID_OPAQUE 1 | |
38 | #define EAP_EKE_ID_NAI 2 | |
39 | #define EAP_EKE_ID_IPv4 3 | |
40 | #define EAP_EKE_ID_IPv6 4 | |
41 | #define EAP_EKE_ID_FQDN 5 | |
42 | #define EAP_EKE_ID_DN 6 | |
43 | ||
44 | /* Failure-Code */ | |
45 | #define EAP_EKE_FAIL_NO_ERROR 1 | |
46 | #define EAP_EKE_FAIL_PROTO_ERROR 2 | |
47 | #define EAP_EKE_FAIL_PASSWD_NOT_FOUND 3 | |
48 | #define EAP_EKE_FAIL_AUTHENTICATION_FAIL 4 | |
49 | #define EAP_EKE_FAIL_AUTHORIZATION_FAIL 5 | |
50 | #define EAP_EKE_FAIL_NO_PROPOSAL_CHOSEN 6 | |
51 | #define EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR 0xffffffff | |
52 | ||
53 | #define EAP_EKE_MAX_DH_LEN 512 | |
54 | #define EAP_EKE_MAX_HASH_LEN 32 | |
55 | #define EAP_EKE_MAX_KEY_LEN 16 | |
56 | #define EAP_EKE_MAX_KE_LEN 16 | |
57 | #define EAP_EKE_MAX_KI_LEN 32 | |
58 | #define EAP_EKE_MAX_KA_LEN 32 | |
59 | #define EAP_EKE_MAX_NONCE_LEN 16 | |
60 | ||
61 | struct eap_eke_session { | |
62 | /* Selected proposal */ | |
63 | u8 dhgroup; | |
64 | u8 encr; | |
65 | u8 prf; | |
66 | u8 mac; | |
67 | ||
68 | u8 shared_secret[EAP_EKE_MAX_HASH_LEN]; | |
69 | u8 ke[EAP_EKE_MAX_KE_LEN]; | |
70 | u8 ki[EAP_EKE_MAX_KI_LEN]; | |
71 | u8 ka[EAP_EKE_MAX_KA_LEN]; | |
72 | ||
73 | int prf_len; | |
74 | int nonce_len; | |
75 | int auth_len; | |
76 | int dhcomp_len; | |
77 | int pnonce_len; | |
78 | int pnonce_ps_len; | |
79 | }; | |
80 | ||
81 | int eap_eke_session_init(struct eap_eke_session *sess, u8 dhgroup, u8 encr, | |
82 | u8 prf, u8 mac); | |
83 | void eap_eke_session_clean(struct eap_eke_session *sess); | |
84 | int eap_eke_dh_init(u8 group, u8 *ret_priv, u8 *ret_pub); | |
85 | int eap_eke_derive_key(struct eap_eke_session *sess, | |
86 | const u8 *password, size_t password_len, | |
87 | const u8 *id_s, size_t id_s_len, const u8 *id_p, | |
88 | size_t id_p_len, u8 *key); | |
89 | int eap_eke_dhcomp(struct eap_eke_session *sess, const u8 *key, const u8 *dhpub, | |
90 | u8 *ret_dhcomp); | |
91 | int eap_eke_shared_secret(struct eap_eke_session *sess, const u8 *key, | |
92 | const u8 *dhpriv, const u8 *peer_dhcomp); | |
93 | int eap_eke_derive_ke_ki(struct eap_eke_session *sess, | |
94 | const u8 *id_s, size_t id_s_len, | |
95 | const u8 *id_p, size_t id_p_len); | |
96 | int eap_eke_derive_ka(struct eap_eke_session *sess, | |
97 | const u8 *id_s, size_t id_s_len, | |
98 | const u8 *id_p, size_t id_p_len, | |
99 | const u8 *nonce_p, const u8 *nonce_s); | |
100 | int eap_eke_derive_msk(struct eap_eke_session *sess, | |
101 | const u8 *id_s, size_t id_s_len, | |
102 | const u8 *id_p, size_t id_p_len, | |
103 | const u8 *nonce_p, const u8 *nonce_s, | |
104 | u8 *msk, u8 *emsk); | |
105 | int eap_eke_prot(struct eap_eke_session *sess, | |
106 | const u8 *data, size_t data_len, | |
107 | u8 *prot, size_t *prot_len); | |
108 | int eap_eke_decrypt_prot(struct eap_eke_session *sess, | |
109 | const u8 *prot, size_t prot_len, | |
110 | u8 *data, size_t *data_len); | |
111 | int eap_eke_auth(struct eap_eke_session *sess, const char *label, | |
112 | const struct wpabuf *msgs, u8 *auth); | |
113 | ||
114 | #endif /* EAP_EKE_COMMON_H */ |