xref: /freebsd/contrib/wpa/src/eap_common/eap_psk_common.c (revision 193d9e768ba63fcfb187cfd17f461f7d41345048)
1 /*
2  * EAP server/peer: EAP-PSK shared routines
3  * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #include "includes.h"
10 
11 #include "common.h"
12 #include "crypto/aes_wrap.h"
13 #include "eap_defs.h"
14 #include "eap_psk_common.h"
15 
16 #define aes_block_size 16
17 
18 
19 int eap_psk_key_setup(const u8 *psk, u8 *ak, u8 *kdk)
20 {
21 	os_memset(ak, 0, aes_block_size);
22 	if (aes_128_encrypt_block(psk, ak, ak))
23 		return -1;
24 	os_memcpy(kdk, ak, aes_block_size);
25 	ak[aes_block_size - 1] ^= 0x01;
26 	kdk[aes_block_size - 1] ^= 0x02;
27 	if (aes_128_encrypt_block(psk, ak, ak) ||
28 	    aes_128_encrypt_block(psk, kdk, kdk))
29 		return -1;
30 	return 0;
31 }
32 
33 
34 int eap_psk_derive_keys(const u8 *kdk, const u8 *rand_p, u8 *tek, u8 *msk,
35 			u8 *emsk)
36 {
37 	u8 hash[aes_block_size];
38 	u8 counter = 1;
39 	int i;
40 
41 	if (aes_128_encrypt_block(kdk, rand_p, hash))
42 		return -1;
43 
44 	hash[aes_block_size - 1] ^= counter;
45 	if (aes_128_encrypt_block(kdk, hash, tek))
46 		return -1;
47 	hash[aes_block_size - 1] ^= counter;
48 	counter++;
49 
50 	for (i = 0; i < EAP_MSK_LEN / aes_block_size; i++) {
51 		hash[aes_block_size - 1] ^= counter;
52 		if (aes_128_encrypt_block(kdk, hash, &msk[i * aes_block_size]))
53 			return -1;
54 		hash[aes_block_size - 1] ^= counter;
55 		counter++;
56 	}
57 
58 	for (i = 0; i < EAP_EMSK_LEN / aes_block_size; i++) {
59 		hash[aes_block_size - 1] ^= counter;
60 		if (aes_128_encrypt_block(kdk, hash,
61 					  &emsk[i * aes_block_size]))
62 			return -1;
63 		hash[aes_block_size - 1] ^= counter;
64 		counter++;
65 	}
66 
67 	return 0;
68 }
69