eap_pax_common.c

Go to the documentation of this file.

/*
 * EAP server/peer: EAP-PAX shared routines
 * Copyright (c) 2005, Jouni Malinen <j@w1.fi>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 *
 * Alternatively, this software may be distributed under the terms of BSD
 * license.
 *
 * See README and COPYING for more details.
 */

#include "includes.h"

#include "common.h"
#include "crypto/sha1.h"
#include "eap_pax_common.h"


int eap_pax_kdf(u8 mac_id, const u8 *key, size_t key_len,
                const char *identifier,
                const u8 *entropy, size_t entropy_len,
                size_t output_len, u8 *output)
{
        u8 mac[SHA1_MAC_LEN];
        u8 counter, *pos;
        const u8 *addr[3];
        size_t len[3];
        size_t num_blocks, left;

        num_blocks = (output_len + EAP_PAX_MAC_LEN - 1) / EAP_PAX_MAC_LEN;
        if (identifier == NULL || num_blocks >= 255)
                return -1;

        /* TODO: add support for EAP_PAX_HMAC_SHA256_128 */
        if (mac_id != EAP_PAX_MAC_HMAC_SHA1_128)
                return -1;

        addr[0] = (const u8 *) identifier;
        len[0] = os_strlen(identifier);
        addr[1] = entropy;
        len[1] = entropy_len;
        addr[2] = &counter;
        len[2] = 1;

        pos = output;
        left = output_len;
        for (counter = 1; counter <= (u8) num_blocks; counter++) {
                size_t clen = left > EAP_PAX_MAC_LEN ? EAP_PAX_MAC_LEN : left;
                hmac_sha1_vector(key, key_len, 3, addr, len, mac);
                os_memcpy(pos, mac, clen);
                pos += clen;
                left -= clen;
        }

        return 0;
}


int eap_pax_mac(u8 mac_id, const u8 *key, size_t key_len,
                const u8 *data1, size_t data1_len,
                const u8 *data2, size_t data2_len,
                const u8 *data3, size_t data3_len,
                u8 *mac)
{
        u8 hash[SHA1_MAC_LEN];
        const u8 *addr[3];
        size_t len[3];
        size_t count;

        /* TODO: add support for EAP_PAX_HMAC_SHA256_128 */
        if (mac_id != EAP_PAX_MAC_HMAC_SHA1_128)
                return -1;

        addr[0] = data1;
        len[0] = data1_len;
        addr[1] = data2;
        len[1] = data2_len;
        addr[2] = data3;
        len[2] = data3_len;

        count = (data1 ? 1 : 0) + (data2 ? 1 : 0) + (data3 ? 1 : 0);
        hmac_sha1_vector(key, key_len, count, addr, len, hash);
        os_memcpy(mac, hash, EAP_PAX_MAC_LEN);

        return 0;
}


int eap_pax_initial_key_derivation(u8 mac_id, const u8 *ak, const u8 *e,
                                   u8 *mk, u8 *ck, u8 *ick)
{
        wpa_printf(MSG_DEBUG, "EAP-PAX: initial key derivation");
        if (eap_pax_kdf(mac_id, ak, EAP_PAX_AK_LEN, "Master Key",
                        e, 2 * EAP_PAX_RAND_LEN, EAP_PAX_MK_LEN, mk) ||
            eap_pax_kdf(mac_id, mk, EAP_PAX_MK_LEN, "Confirmation Key",
                        e, 2 * EAP_PAX_RAND_LEN, EAP_PAX_CK_LEN, ck) ||
            eap_pax_kdf(mac_id, mk, EAP_PAX_MK_LEN, "Integrity Check Key",
                        e, 2 * EAP_PAX_RAND_LEN, EAP_PAX_ICK_LEN, ick))
                return -1;

        wpa_hexdump_key(MSG_MSGDUMP, "EAP-PAX: AK", ak, EAP_PAX_AK_LEN);
        wpa_hexdump_key(MSG_MSGDUMP, "EAP-PAX: MK", mk, EAP_PAX_MK_LEN);
        wpa_hexdump_key(MSG_MSGDUMP, "EAP-PAX: CK", ck, EAP_PAX_CK_LEN);
        wpa_hexdump_key(MSG_MSGDUMP, "EAP-PAX: ICK", ick, EAP_PAX_ICK_LEN);

        return 0;
}