src/eap_common/eap_psk_common.c

   1 /*
   2  * EAP server/peer: EAP-PSK shared routines
   3  * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
   4  *
   5  * This software may be distributed under the terms of the BSD license.
   6  * See README for more details.
   7  */
   8
   9 #include "includes.h"
  10
  11 #include "common.h"
  12 #include "crypto/aes_wrap.h"
  13 #include "eap_defs.h"
  14 #include "eap_psk_common.h"
  15
  16 #define aes_block_size 16
  17
  18
  19 int eap_psk_key_setup(const u8 *psk, u8 *ak, u8 *kdk)
  20 {
  21         os_memset(ak, 0, aes_block_size);
  22         if (aes_128_encrypt_block(psk, ak, ak))
  23                 return -1;
  24         os_memcpy(kdk, ak, aes_block_size);
  25         ak[aes_block_size - 1] ^= 0x01;
  26         kdk[aes_block_size - 1] ^= 0x02;
  27         if (aes_128_encrypt_block(psk, ak, ak) ||
  28             aes_128_encrypt_block(psk, kdk, kdk))
  29                 return -1;
  30         return 0;
  31 }
  32
  33
  34 int eap_psk_derive_keys(const u8 *kdk, const u8 *rand_p, u8 *tek, u8 *msk,
  35                         u8 *emsk)
  36 {
  37         u8 hash[aes_block_size];
  38         u8 counter = 1;
  39         int i;
  40
  41         if (aes_128_encrypt_block(kdk, rand_p, hash))
  42                 return -1;
  43
  44         hash[aes_block_size - 1] ^= counter;
  45         if (aes_128_encrypt_block(kdk, hash, tek))
  46                 return -1;
  47         hash[aes_block_size - 1] ^= counter;
  48         counter++;
  49
  50         for (i = 0; i < EAP_MSK_LEN / aes_block_size; i++) {
  51                 hash[aes_block_size - 1] ^= counter;
  52                 if (aes_128_encrypt_block(kdk, hash, &msk[i * aes_block_size]))
  53                         return -1;
  54                 hash[aes_block_size - 1] ^= counter;
  55                 counter++;
  56         }
  57
  58         for (i = 0; i < EAP_EMSK_LEN / aes_block_size; i++) {
  59                 hash[aes_block_size - 1] ^= counter;
  60                 if (aes_128_encrypt_block(kdk, hash,
  61                                           &emsk[i * aes_block_size]))
  62                         return -1;
  63                 hash[aes_block_size - 1] ^= counter;
  64                 counter++;
  65         }
  66
  67         return 0;
  68 }