2 * Simultaneous authentication of equals
3 * Copyright (c) 2012-2013, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
12 #define SAE_KCK_LEN 32
13 #define SAE_PMK_LEN 32
14 #define SAE_PMKID_LEN 16
15 #define SAE_MAX_PRIME_LEN 512
16 #define SAE_MAX_ECC_PRIME_LEN 66
17 #define SAE_MAX_HASH_LEN 64
18 #define SAE_COMMIT_MAX_LEN (2 + 3 * SAE_MAX_PRIME_LEN + 255)
19 #define SAE_CONFIRM_MAX_LEN (2 + SAE_MAX_HASH_LEN)
21 /* Special value returned by sae_parse_commit() */
22 #define SAE_SILENTLY_DISCARD 65535
24 struct sae_temporary_data
{
25 u8 kck
[SAE_MAX_HASH_LEN
];
27 struct crypto_bignum
*own_commit_scalar
;
28 struct crypto_bignum
*own_commit_element_ffc
;
29 struct crypto_ec_point
*own_commit_element_ecc
;
30 struct crypto_bignum
*peer_commit_element_ffc
;
31 struct crypto_ec_point
*peer_commit_element_ecc
;
32 struct crypto_ec_point
*pwe_ecc
;
33 struct crypto_bignum
*pwe_ffc
;
34 struct crypto_bignum
*sae_rand
;
38 const struct dh_group
*dh
;
39 const struct crypto_bignum
*prime
;
40 const struct crypto_bignum
*order
;
41 struct crypto_bignum
*prime_buf
;
42 struct crypto_bignum
*order_buf
;
43 struct wpabuf
*anti_clogging_token
;
47 struct wpabuf
*own_rejected_groups
;
48 struct wpabuf
*peer_rejected_groups
;
50 unsigned int own_addr_higher
:1;
57 struct crypto_ec_point
*ecc_pt
;
59 const struct dh_group
*dh
;
60 struct crypto_bignum
*ffc_pt
;
64 SAE_NOTHING
, SAE_COMMITTED
, SAE_CONFIRMED
, SAE_ACCEPTED
71 u8 pmkid
[SAE_PMKID_LEN
];
72 struct crypto_bignum
*peer_commit_scalar
;
73 struct crypto_bignum
*peer_commit_scalar_accepted
;
75 unsigned int sync
; /* protocol instance variable: Sync */
76 u16 rc
; /* protocol instance variable: Rc (received send-confirm) */
77 struct sae_temporary_data
*tmp
;
80 int sae_set_group(struct sae_data
*sae
, int group
);
81 void sae_clear_temp_data(struct sae_data
*sae
);
82 void sae_clear_data(struct sae_data
*sae
);
84 int sae_prepare_commit(const u8
*addr1
, const u8
*addr2
,
85 const u8
*password
, size_t password_len
,
86 const char *identifier
, struct sae_data
*sae
);
87 int sae_prepare_commit_pt(struct sae_data
*sae
, const struct sae_pt
*pt
,
88 const u8
*addr1
, const u8
*addr2
,
89 int *rejected_groups
);
90 int sae_process_commit(struct sae_data
*sae
);
91 void sae_write_commit(struct sae_data
*sae
, struct wpabuf
*buf
,
92 const struct wpabuf
*token
, const char *identifier
);
93 u16
sae_parse_commit(struct sae_data
*sae
, const u8
*data
, size_t len
,
94 const u8
**token
, size_t *token_len
, int *allowed_groups
,
96 void sae_write_confirm(struct sae_data
*sae
, struct wpabuf
*buf
);
97 int sae_check_confirm(struct sae_data
*sae
, const u8
*data
, size_t len
);
98 u16
sae_group_allowed(struct sae_data
*sae
, int *allowed_groups
, u16 group
);
99 const char * sae_state_txt(enum sae_state state
);
100 struct sae_pt
* sae_derive_pt(int *groups
, const u8
*ssid
, size_t ssid_len
,
101 const u8
*password
, size_t password_len
,
102 const char *identifier
);
103 struct crypto_ec_point
*
104 sae_derive_pwe_from_pt_ecc(const struct sae_pt
*pt
,
105 const u8
*addr1
, const u8
*addr2
);
106 struct crypto_bignum
*
107 sae_derive_pwe_from_pt_ffc(const struct sae_pt
*pt
,
108 const u8
*addr1
, const u8
*addr2
);
109 void sae_deinit_pt(struct sae_pt
*pt
);