eap_pax_common.c
Go to the documentation of this file.
00001 /*
00002  * EAP server/peer: EAP-PAX shared routines
00003  * Copyright (c) 2005, Jouni Malinen <j@w1.fi>
00004  *
00005  * This program is free software; you can redistribute it and/or modify
00006  * it under the terms of the GNU General Public License version 2 as
00007  * published by the Free Software Foundation.
00008  *
00009  * Alternatively, this software may be distributed under the terms of BSD
00010  * license.
00011  *
00012  * See README and COPYING for more details.
00013  */
00014 
00015 #include "includes.h"
00016 
00017 #include "common.h"
00018 #include "crypto/sha1.h"
00019 #include "eap_pax_common.h"
00020 
00021 
00036 int eap_pax_kdf(u8 mac_id, const u8 *key, size_t key_len,
00037                 const char *identifier,
00038                 const u8 *entropy, size_t entropy_len,
00039                 size_t output_len, u8 *output)
00040 {
00041         u8 mac[SHA1_MAC_LEN];
00042         u8 counter, *pos;
00043         const u8 *addr[3];
00044         size_t len[3];
00045         size_t num_blocks, left;
00046 
00047         num_blocks = (output_len + EAP_PAX_MAC_LEN - 1) / EAP_PAX_MAC_LEN;
00048         if (identifier == NULL || num_blocks >= 255)
00049                 return -1;
00050 
00051         /* TODO: add support for EAP_PAX_HMAC_SHA256_128 */
00052         if (mac_id != EAP_PAX_MAC_HMAC_SHA1_128)
00053                 return -1;
00054 
00055         addr[0] = (const u8 *) identifier;
00056         len[0] = os_strlen(identifier);
00057         addr[1] = entropy;
00058         len[1] = entropy_len;
00059         addr[2] = &counter;
00060         len[2] = 1;
00061 
00062         pos = output;
00063         left = output_len;
00064         for (counter = 1; counter <= (u8) num_blocks; counter++) {
00065                 size_t clen = left > EAP_PAX_MAC_LEN ? EAP_PAX_MAC_LEN : left;
00066                 hmac_sha1_vector(key, key_len, 3, addr, len, mac);
00067                 os_memcpy(pos, mac, clen);
00068                 pos += clen;
00069                 left -= clen;
00070         }
00071 
00072         return 0;
00073 }
00074 
00075 
00092 int eap_pax_mac(u8 mac_id, const u8 *key, size_t key_len,
00093                 const u8 *data1, size_t data1_len,
00094                 const u8 *data2, size_t data2_len,
00095                 const u8 *data3, size_t data3_len,
00096                 u8 *mac)
00097 {
00098         u8 hash[SHA1_MAC_LEN];
00099         const u8 *addr[3];
00100         size_t len[3];
00101         size_t count;
00102 
00103         /* TODO: add support for EAP_PAX_HMAC_SHA256_128 */
00104         if (mac_id != EAP_PAX_MAC_HMAC_SHA1_128)
00105                 return -1;
00106 
00107         addr[0] = data1;
00108         len[0] = data1_len;
00109         addr[1] = data2;
00110         len[1] = data2_len;
00111         addr[2] = data3;
00112         len[2] = data3_len;
00113 
00114         count = (data1 ? 1 : 0) + (data2 ? 1 : 0) + (data3 ? 1 : 0);
00115         hmac_sha1_vector(key, key_len, count, addr, len, hash);
00116         os_memcpy(mac, hash, EAP_PAX_MAC_LEN);
00117 
00118         return 0;
00119 }
00120 
00121 
00132 int eap_pax_initial_key_derivation(u8 mac_id, const u8 *ak, const u8 *e,
00133                                    u8 *mk, u8 *ck, u8 *ick)
00134 {
00135         wpa_printf(MSG_DEBUG, "EAP-PAX: initial key derivation");
00136         if (eap_pax_kdf(mac_id, ak, EAP_PAX_AK_LEN, "Master Key",
00137                         e, 2 * EAP_PAX_RAND_LEN, EAP_PAX_MK_LEN, mk) ||
00138             eap_pax_kdf(mac_id, mk, EAP_PAX_MK_LEN, "Confirmation Key",
00139                         e, 2 * EAP_PAX_RAND_LEN, EAP_PAX_CK_LEN, ck) ||
00140             eap_pax_kdf(mac_id, mk, EAP_PAX_MK_LEN, "Integrity Check Key",
00141                         e, 2 * EAP_PAX_RAND_LEN, EAP_PAX_ICK_LEN, ick))
00142                 return -1;
00143 
00144         wpa_hexdump_key(MSG_MSGDUMP, "EAP-PAX: AK", ak, EAP_PAX_AK_LEN);
00145         wpa_hexdump_key(MSG_MSGDUMP, "EAP-PAX: MK", mk, EAP_PAX_MK_LEN);
00146         wpa_hexdump_key(MSG_MSGDUMP, "EAP-PAX: CK", ck, EAP_PAX_CK_LEN);
00147         wpa_hexdump_key(MSG_MSGDUMP, "EAP-PAX: ICK", ick, EAP_PAX_ICK_LEN);
00148 
00149         return 0;
00150 }


wpa_supplicant
Author(s): Package maintained by Blaise Gassend
autogenerated on Thu Jan 2 2014 11:26:37