MFC:
[dragonfly.git] / contrib / wpa_supplicant-0.5.8 / eap_pax_common.c
blob80110469dcc384df9101fab1697634a633036db3
1 /*
2 * EAP server/peer: EAP-PAX shared routines
3 * Copyright (c) 2005, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
10 * license.
12 * See README and COPYING for more details.
15 #include "includes.h"
17 #include "common.h"
18 #include "sha1.h"
19 #include "eap_pax_common.h"
22 /**
23 * eap_pax_kdf - PAX Key Derivation Function
24 * @mac_id: MAC ID (EAP_PAX_MAC_*) / currently, only HMAC_SHA1_128 is supported
25 * @key: Secret key (X)
26 * @key_len: Length of the secret key in bytes
27 * @identifier: Public identifier for the key (Y)
28 * @entropy: Exchanged entropy to seed the KDF (Z)
29 * @entropy_len: Length of the entropy in bytes
30 * @output_len: Output len in bytes (W)
31 * @output: Buffer for the derived key
32 * Returns: 0 on success, -1 failed
34 * RFC 4746, Section 2.6: PAX-KDF-W(X, Y, Z)
36 int eap_pax_kdf(u8 mac_id, const u8 *key, size_t key_len,
37 const char *identifier,
38 const u8 *entropy, size_t entropy_len,
39 size_t output_len, u8 *output)
41 u8 mac[SHA1_MAC_LEN];
42 u8 counter, *pos;
43 const u8 *addr[3];
44 size_t len[3];
45 size_t num_blocks, left;
47 num_blocks = (output_len + EAP_PAX_MAC_LEN - 1) / EAP_PAX_MAC_LEN;
48 if (identifier == NULL || num_blocks >= 255)
49 return -1;
51 /* TODO: add support for EAP_PAX_HMAC_SHA256_128 */
52 if (mac_id != EAP_PAX_MAC_HMAC_SHA1_128)
53 return -1;
55 addr[0] = (const u8 *) identifier;
56 len[0] = os_strlen(identifier);
57 addr[1] = entropy;
58 len[1] = entropy_len;
59 addr[2] = &counter;
60 len[2] = 1;
62 pos = output;
63 left = output_len;
64 for (counter = 1; counter <= (u8) num_blocks; counter++) {
65 size_t clen = left > EAP_PAX_MAC_LEN ? EAP_PAX_MAC_LEN : left;
66 hmac_sha1_vector(key, key_len, 3, addr, len, mac);
67 os_memcpy(pos, mac, clen);
68 pos += clen;
69 left -= clen;
72 return 0;
76 /**
77 * eap_pax_mac - EAP-PAX MAC
78 * @mac_id: MAC ID (EAP_PAX_MAC_*) / currently, only HMAC_SHA1_128 is supported
79 * @key: Secret key
80 * @key_len: Length of the secret key in bytes
81 * @data1: Optional data, first block; %NULL if not used
82 * @data1_len: Length of data1 in bytes
83 * @data2: Optional data, second block; %NULL if not used
84 * @data2_len: Length of data2 in bytes
85 * @data3: Optional data, third block; %NULL if not used
86 * @data3_len: Length of data3 in bytes
87 * @mac: Buffer for the MAC value (EAP_PAX_MAC_LEN = 16 bytes)
88 * Returns: 0 on success, -1 on failure
90 * Wrapper function to calculate EAP-PAX MAC.
92 int eap_pax_mac(u8 mac_id, const u8 *key, size_t key_len,
93 const u8 *data1, size_t data1_len,
94 const u8 *data2, size_t data2_len,
95 const u8 *data3, size_t data3_len,
96 u8 *mac)
98 u8 hash[SHA1_MAC_LEN];
99 const u8 *addr[3];
100 size_t len[3];
101 size_t count;
103 /* TODO: add support for EAP_PAX_HMAC_SHA256_128 */
104 if (mac_id != EAP_PAX_MAC_HMAC_SHA1_128)
105 return -1;
107 addr[0] = data1;
108 len[0] = data1_len;
109 addr[1] = data2;
110 len[1] = data2_len;
111 addr[2] = data3;
112 len[2] = data3_len;
114 count = (data1 ? 1 : 0) + (data2 ? 1 : 0) + (data3 ? 1 : 0);
115 hmac_sha1_vector(key, key_len, count, addr, len, hash);
116 os_memcpy(mac, hash, EAP_PAX_MAC_LEN);
118 return 0;
123 * eap_pax_initial_key_derivation - EAP-PAX initial key derivation
124 * @mac_id: MAC ID (EAP_PAX_MAC_*) / currently, only HMAC_SHA1_128 is supported
125 * @ak: Authentication Key
126 * @e: Entropy
127 * @mk: Buffer for the derived Master Key
128 * @ck: Buffer for the derived Confirmation Key
129 * @ick: Buffer for the derived Integrity Check Key
130 * Returns: 0 on success, -1 on failure
132 int eap_pax_initial_key_derivation(u8 mac_id, const u8 *ak, const u8 *e,
133 u8 *mk, u8 *ck, u8 *ick)
135 wpa_printf(MSG_DEBUG, "EAP-PAX: initial key derivation");
136 if (eap_pax_kdf(mac_id, ak, EAP_PAX_AK_LEN, "Master Key",
137 e, 2 * EAP_PAX_RAND_LEN, EAP_PAX_MK_LEN, mk) ||
138 eap_pax_kdf(mac_id, mk, EAP_PAX_MK_LEN, "Confirmation Key",
139 e, 2 * EAP_PAX_RAND_LEN, EAP_PAX_CK_LEN, ck) ||
140 eap_pax_kdf(mac_id, mk, EAP_PAX_MK_LEN, "Integrity Check Key",
141 e, 2 * EAP_PAX_RAND_LEN, EAP_PAX_ICK_LEN, ick))
142 return -1;
144 wpa_hexdump_key(MSG_MSGDUMP, "EAP-PAX: AK", ak, EAP_PAX_AK_LEN);
145 wpa_hexdump_key(MSG_MSGDUMP, "EAP-PAX: MK", mk, EAP_PAX_MK_LEN);
146 wpa_hexdump_key(MSG_MSGDUMP, "EAP-PAX: CK", ck, EAP_PAX_CK_LEN);
147 wpa_hexdump_key(MSG_MSGDUMP, "EAP-PAX: ICK", ick, EAP_PAX_ICK_LEN);
149 return 0;