1 /* 2 * Simultaneous authentication of equals 3 * Copyright (c) 2012-2013, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #ifndef SAE_H 10 #define SAE_H 11 12 #define SAE_KCK_LEN 32 13 #define SAE_PMK_LEN 32 14 #define SAE_PMK_LEN_MAX 64 15 #define SAE_PMKID_LEN 16 16 #define SAE_MAX_PRIME_LEN 512 17 #define SAE_MAX_ECC_PRIME_LEN 66 18 #define SAE_MAX_HASH_LEN 64 19 #define SAE_COMMIT_MAX_LEN (2 + 3 * SAE_MAX_PRIME_LEN + 255) 20 #ifdef CONFIG_SAE_PK 21 #define SAE_CONFIRM_MAX_LEN ((2 + SAE_MAX_HASH_LEN) + 1500) 22 #else /* CONFIG_SAE_PK */ 23 #define SAE_CONFIRM_MAX_LEN (2 + SAE_MAX_HASH_LEN) 24 #endif /* CONFIG_SAE_PK */ 25 #define SAE_PK_M_LEN 16 26 27 /* Special value returned by sae_parse_commit() */ 28 #define SAE_SILENTLY_DISCARD 65535 29 30 struct sae_pk { 31 struct wpabuf *m; 32 struct crypto_ec_key *key; 33 int group; 34 struct wpabuf *pubkey; /* DER encoded subjectPublicKey */ 35 #ifdef CONFIG_TESTING_OPTIONS 36 struct crypto_ec_key *sign_key_override; 37 #endif /* CONFIG_TESTING_OPTIONS */ 38 }; 39 40 41 struct sae_temporary_data { 42 u8 kck[SAE_MAX_HASH_LEN]; 43 size_t kck_len; 44 struct crypto_bignum *own_commit_scalar; 45 struct crypto_bignum *own_commit_element_ffc; 46 struct crypto_ec_point *own_commit_element_ecc; 47 struct crypto_bignum *peer_commit_element_ffc; 48 struct crypto_ec_point *peer_commit_element_ecc; 49 struct crypto_ec_point *pwe_ecc; 50 struct crypto_bignum *pwe_ffc; 51 struct crypto_bignum *sae_rand; 52 struct crypto_ec *ec; 53 int prime_len; 54 int order_len; 55 const struct dh_group *dh; 56 const struct crypto_bignum *prime; 57 const struct crypto_bignum *order; 58 struct crypto_bignum *prime_buf; 59 struct crypto_bignum *order_buf; 60 struct wpabuf *anti_clogging_token; 61 char *pw_id; 62 int vlan_id; 63 u8 bssid[ETH_ALEN]; 64 struct wpabuf *own_rejected_groups; 65 struct wpabuf *peer_rejected_groups; 66 unsigned int own_addr_higher:1; 67 68 #ifdef CONFIG_SAE_PK 69 u8 kek[SAE_MAX_HASH_LEN]; 70 size_t kek_len; 71 const struct sae_pk *ap_pk; 72 u8 own_addr[ETH_ALEN]; 73 u8 peer_addr[ETH_ALEN]; 74 u8 fingerprint[SAE_MAX_HASH_LEN]; 75 size_t fingerprint_bytes; 76 size_t fingerprint_bits; 77 size_t lambda; 78 unsigned int sec; 79 u8 ssid[32]; 80 size_t ssid_len; 81 #ifdef CONFIG_TESTING_OPTIONS 82 bool omit_pk_elem; 83 #endif /* CONFIG_TESTING_OPTIONS */ 84 #endif /* CONFIG_SAE_PK */ 85 86 struct os_reltime disabled_until; 87 }; 88 89 struct sae_pt { 90 struct sae_pt *next; 91 int group; 92 struct crypto_ec *ec; 93 struct crypto_ec_point *ecc_pt; 94 95 const struct dh_group *dh; 96 struct crypto_bignum *ffc_pt; 97 #ifdef CONFIG_SAE_PK 98 u8 ssid[32]; 99 size_t ssid_len; 100 #endif /* CONFIG_SAE_PK */ 101 }; 102 103 enum sae_state { 104 SAE_NOTHING, SAE_COMMITTED, SAE_CONFIRMED, SAE_ACCEPTED 105 }; 106 107 struct sae_data { 108 enum sae_state state; 109 u16 send_confirm; 110 u8 pmk[SAE_PMK_LEN_MAX]; 111 size_t pmk_len; 112 int akmp; /* WPA_KEY_MGMT_* used in key derivation */ 113 u32 own_akm_suite_selector; 114 u32 peer_akm_suite_selector; 115 u8 pmkid[SAE_PMKID_LEN]; 116 struct crypto_bignum *peer_commit_scalar; 117 struct crypto_bignum *peer_commit_scalar_accepted; 118 int group; 119 unsigned int sync; /* protocol instance variable: Sync */ 120 u16 rc; /* protocol instance variable: Rc (received send-confirm) */ 121 unsigned int h2e:1; 122 unsigned int pk:1; 123 struct sae_temporary_data *tmp; 124 }; 125 126 int sae_set_group(struct sae_data *sae, int group); 127 void sae_clear_temp_data(struct sae_data *sae); 128 void sae_clear_data(struct sae_data *sae); 129 130 int sae_prepare_commit(const u8 *addr1, const u8 *addr2, 131 const u8 *password, size_t password_len, 132 struct sae_data *sae); 133 int sae_prepare_commit_pt(struct sae_data *sae, const struct sae_pt *pt, 134 const u8 *addr1, const u8 *addr2, 135 int *rejected_groups, const struct sae_pk *pk); 136 int sae_process_commit(struct sae_data *sae); 137 int sae_write_commit(struct sae_data *sae, struct wpabuf *buf, 138 const struct wpabuf *token, const char *identifier); 139 u16 sae_parse_commit(struct sae_data *sae, const u8 *data, size_t len, 140 const u8 **token, size_t *token_len, int *allowed_groups, 141 int h2e, int *ie_offset); 142 int sae_write_confirm(struct sae_data *sae, struct wpabuf *buf); 143 int sae_check_confirm(struct sae_data *sae, const u8 *data, size_t len, 144 int *ie_offset); 145 u16 sae_group_allowed(struct sae_data *sae, int *allowed_groups, u16 group); 146 const char * sae_state_txt(enum sae_state state); 147 size_t sae_ecc_prime_len_2_hash_len(size_t prime_len); 148 size_t sae_ffc_prime_len_2_hash_len(size_t prime_len); 149 struct sae_pt * sae_derive_pt(int *groups, const u8 *ssid, size_t ssid_len, 150 const u8 *password, size_t password_len, 151 const char *identifier); 152 struct crypto_ec_point * 153 sae_derive_pwe_from_pt_ecc(const struct sae_pt *pt, 154 const u8 *addr1, const u8 *addr2); 155 struct crypto_bignum * 156 sae_derive_pwe_from_pt_ffc(const struct sae_pt *pt, 157 const u8 *addr1, const u8 *addr2); 158 void sae_deinit_pt(struct sae_pt *pt); 159 160 /* sae_pk.c */ 161 #ifdef CONFIG_SAE_PK 162 bool sae_pk_valid_password(const char *pw); 163 #else /* CONFIG_SAE_PK */ 164 static inline bool sae_pk_valid_password(const char *pw) 165 { 166 return false; 167 } 168 #endif /* CONFIG_SAE_PK */ 169 char * sae_pk_base32_encode(const u8 *src, size_t len_bits); 170 u8 * sae_pk_base32_decode(const char *src, size_t len, size_t *out_len); 171 int sae_pk_set_password(struct sae_data *sae, const char *password); 172 void sae_deinit_pk(struct sae_pk *pk); 173 struct sae_pk * sae_parse_pk(const char *val); 174 int sae_write_confirm_pk(struct sae_data *sae, struct wpabuf *buf); 175 int sae_check_confirm_pk(struct sae_data *sae, const u8 *ies, size_t ies_len); 176 int sae_hash(size_t hash_len, const u8 *data, size_t len, u8 *hash); 177 u32 sae_pk_get_be19(const u8 *buf); 178 void sae_pk_buf_shift_left_19(u8 *buf, size_t len); 179 180 #endif /* SAE_H */ 181