1  /*
2   * EAP server/peer: EAP-pwd shared definitions
3   * Copyright (c) 2009, Dan Harkins <dharkins@lounge.org>
4   *
5   * This software may be distributed under the terms of the BSD license.
6   * See README for more details.
7   */
8  
9  #ifndef EAP_PWD_COMMON_H
10  #define EAP_PWD_COMMON_H
11  
12  /*
13   * definition of a finite cyclic group
14   * TODO: support one based on a prime field
15   */
16  typedef struct group_definition_ {
17  	u16 group_num;
18  	struct crypto_ec *group;
19  	struct crypto_ec_point *pwe;
20  } EAP_PWD_group;
21  
22  /*
23   * EAP-pwd header, included on all payloads
24   * L(1 bit) | M(1 bit) | exch(6 bits) | total_length(if L is set)
25   */
26  #define EAP_PWD_HDR_SIZE                1
27  
28  #define EAP_PWD_OPCODE_ID_EXCH          1
29  #define EAP_PWD_OPCODE_COMMIT_EXCH      2
30  #define EAP_PWD_OPCODE_CONFIRM_EXCH     3
31  #define EAP_PWD_GET_LENGTH_BIT(x)       ((x) & 0x80)
32  #define EAP_PWD_SET_LENGTH_BIT(x)       ((x) |= 0x80)
33  #define EAP_PWD_GET_MORE_BIT(x)         ((x) & 0x40)
34  #define EAP_PWD_SET_MORE_BIT(x)         ((x) |= 0x40)
35  #define EAP_PWD_GET_EXCHANGE(x)         ((x) & 0x3f)
36  #define EAP_PWD_SET_EXCHANGE(x,y)       ((x) |= (y))
37  
38  /* EAP-pwd-ID payload */
39  struct eap_pwd_id {
40  	be16 group_num;
41  	u8 random_function;
42  #define EAP_PWD_DEFAULT_RAND_FUNC       1
43  	u8 prf;
44  #define EAP_PWD_DEFAULT_PRF             1
45  	u8 token[4];
46  	u8 prep;
47  #define EAP_PWD_PREP_NONE               0
48  #define EAP_PWD_PREP_MS                 1
49  #define EAP_PWD_PREP_SSHA1              3
50  #define EAP_PWD_PREP_SSHA256            4
51  #define EAP_PWD_PREP_SSHA512            5
52  	u8 identity[0];     /* length inferred from payload */
53  } STRUCT_PACKED;
54  
55  /* common routines */
56  EAP_PWD_group * get_eap_pwd_group(u16 num);
57  int compute_password_element(EAP_PWD_group *grp, u16 num,
58  			     const u8 *password, size_t password_len,
59  			     const u8 *id_server, size_t id_server_len,
60  			     const u8 *id_peer, size_t id_peer_len,
61  			     const u8 *token);
62  int compute_keys(EAP_PWD_group *grp, const struct crypto_bignum *k,
63  		 const struct crypto_bignum *peer_scalar,
64  		 const struct crypto_bignum  *server_scalar,
65  		 const u8 *confirm_peer, const u8 *confirm_server,
66  		 const u32 *ciphersuite, u8 *msk, u8 *emsk, u8 *session_id);
67  struct crypto_hash * eap_pwd_h_init(void);
68  void eap_pwd_h_update(struct crypto_hash *hash, const u8 *data, size_t len);
69  void eap_pwd_h_final(struct crypto_hash *hash, u8 *digest);
70  struct crypto_ec_point * eap_pwd_get_element(EAP_PWD_group *group,
71  					     const u8 *buf);
72  struct crypto_bignum * eap_pwd_get_scalar(EAP_PWD_group *group, const u8 *buf);
73  int eap_pwd_get_rand_mask(EAP_PWD_group *group, struct crypto_bignum *_rand,
74  			  struct crypto_bignum *_mask,
75  			  struct crypto_bignum *scalar);
76  
77  #endif  /* EAP_PWD_COMMON_H */
78