303 int eap_eke_derive_key(struct eap_eke_session *sess,  in eap_eke_derive_key()  argument
314 	os_memset(zeros, 0, sess->prf_len);  in eap_eke_derive_key()
315 	if (eap_eke_prf(sess->prf, zeros, sess->prf_len,  in eap_eke_derive_key()
319 			temp, sess->prf_len);  in eap_eke_derive_key()
329 	if (eap_eke_prfplus(sess->prf, temp, sess->prf_len,  in eap_eke_derive_key()
342 int eap_eke_dhcomp(struct eap_eke_session *sess, const u8 *key, const u8 *dhpub,  in eap_eke_dhcomp()  argument
349 	dh_len = eap_eke_dh_len(sess->dhgroup);  in eap_eke_dhcomp()
359 	if (sess->encr != EAP_EKE_ENCR_AES128_CBC)  in eap_eke_dhcomp()
377 int eap_eke_shared_secret(struct eap_eke_session *sess, const u8 *key,  in eap_eke_shared_secret()  argument
386 	dh = eap_eke_dh_group(sess->dhgroup);  in eap_eke_shared_secret()
387 	if (sess->encr != EAP_EKE_ENCR_AES128_CBC || !dh)  in eap_eke_shared_secret()
411 	os_memset(zeros, 0, sess->auth_len);  in eap_eke_shared_secret()
412 	if (eap_eke_prf(sess->prf, zeros, sess->auth_len, modexp, dh->prime_len,  in eap_eke_shared_secret()
413 			NULL, 0, sess->shared_secret) < 0)  in eap_eke_shared_secret()
416 			sess->shared_secret, sess->auth_len);  in eap_eke_shared_secret()
422 int eap_eke_derive_ke_ki(struct eap_eke_session *sess,  in eap_eke_derive_ke_ki()  argument
440 	if (sess->encr == EAP_EKE_ENCR_AES128_CBC)  in eap_eke_derive_ke_ki()
445 	if (sess->mac == EAP_EKE_PRF_HMAC_SHA1)  in eap_eke_derive_ke_ki()
447 	else if (sess->mac == EAP_EKE_PRF_HMAC_SHA2_256)  in eap_eke_derive_ke_ki()
460 	if (eap_eke_prfplus(sess->prf, sess->shared_secret, sess->prf_len,  in eap_eke_derive_ke_ki()
466 	os_memcpy(sess->ke, buf, ke_len);  in eap_eke_derive_ke_ki()
467 	wpa_hexdump_key(MSG_DEBUG, "EAP-EKE: Ke", sess->ke, ke_len);  in eap_eke_derive_ke_ki()
468 	os_memcpy(sess->ki, buf + ke_len, ki_len);  in eap_eke_derive_ke_ki()
469 	wpa_hexdump_key(MSG_DEBUG, "EAP-EKE: Ki", sess->ki, ki_len);  in eap_eke_derive_ke_ki()
476 int eap_eke_derive_ka(struct eap_eke_session *sess,  in eap_eke_derive_ka()  argument
494 	data_len = label_len + id_s_len + id_p_len + 2 * sess->nonce_len;  in eap_eke_derive_ka()
505 	os_memcpy(pos, nonce_p, sess->nonce_len);  in eap_eke_derive_ka()
506 	pos += sess->nonce_len;  in eap_eke_derive_ka()
507 	os_memcpy(pos, nonce_s, sess->nonce_len);  in eap_eke_derive_ka()
508 	if (eap_eke_prfplus(sess->prf, sess->shared_secret, sess->prf_len,  in eap_eke_derive_ka()
509 			    data, data_len, sess->ka, sess->prf_len) < 0) {  in eap_eke_derive_ka()
515 	wpa_hexdump_key(MSG_DEBUG, "EAP-EKE: Ka", sess->ka, sess->prf_len);  in eap_eke_derive_ka()
521 int eap_eke_derive_msk(struct eap_eke_session *sess,  in eap_eke_derive_msk()  argument
539 	data_len = label_len + id_s_len + id_p_len + 2 * sess->nonce_len;  in eap_eke_derive_msk()
550 	os_memcpy(pos, nonce_p, sess->nonce_len);  in eap_eke_derive_msk()
551 	pos += sess->nonce_len;  in eap_eke_derive_msk()
552 	os_memcpy(pos, nonce_s, sess->nonce_len);  in eap_eke_derive_msk()
553 	if (eap_eke_prfplus(sess->prf, sess->shared_secret, sess->prf_len,  in eap_eke_derive_msk()
583 int eap_eke_prot(struct eap_eke_session *sess,  in eap_eke_prot()  argument
590 	if (sess->encr == EAP_EKE_ENCR_AES128_CBC)  in eap_eke_prot()
595 	if (sess->mac == EAP_EKE_PRF_HMAC_SHA1)  in eap_eke_prot()
597 	else if (sess->mac == EAP_EKE_PRF_HMAC_SHA2_256)  in eap_eke_prot()
627 	if (aes_128_cbc_encrypt(sess->ke, iv, e, data_len + pad) < 0 ||  in eap_eke_prot()
628 	    eap_eke_mac(sess->mac, sess->ki, e, data_len + pad, pos) < 0)  in eap_eke_prot()
637 int eap_eke_decrypt_prot(struct eap_eke_session *sess,  in eap_eke_decrypt_prot()  argument
644 	if (sess->encr == EAP_EKE_ENCR_AES128_CBC)  in eap_eke_decrypt_prot()
649 	if (sess->mac == EAP_EKE_PRF_HMAC_SHA1)  in eap_eke_decrypt_prot()
651 	else if (sess->mac == EAP_EKE_PRF_HMAC_SHA2_256)  in eap_eke_decrypt_prot()
660 	if (eap_eke_mac(sess->mac, sess->ki, prot + block_size,  in eap_eke_decrypt_prot()
675 	if (aes_128_cbc_decrypt(sess->ke, prot, data, *data_len) < 0) {  in eap_eke_decrypt_prot()
686 int eap_eke_auth(struct eap_eke_session *sess, const char *label,  in eap_eke_auth()  argument
691 			sess->ka, sess->auth_len);  in eap_eke_auth()
693 	return eap_eke_prf(sess->prf, sess->ka, sess->auth_len,  in eap_eke_auth()
699 int eap_eke_session_init(struct eap_eke_session *sess, u8 dhgroup, u8 encr,  in eap_eke_session_init()  argument
702 	sess->dhgroup = dhgroup;  in eap_eke_session_init()
703 	sess->encr = encr;  in eap_eke_session_init()
704 	sess->prf = prf;  in eap_eke_session_init()
705 	sess->mac = mac;  in eap_eke_session_init()
707 	sess->prf_len = eap_eke_prf_len(prf);  in eap_eke_session_init()
708 	sess->nonce_len = eap_eke_nonce_len(prf);  in eap_eke_session_init()
709 	sess->auth_len = eap_eke_auth_len(prf);  in eap_eke_session_init()
710 	sess->dhcomp_len = eap_eke_dhcomp_len(sess->dhgroup, sess->encr);  in eap_eke_session_init()
711 	sess->pnonce_len = eap_eke_pnonce_len(sess->mac);  in eap_eke_session_init()
712 	sess->pnonce_ps_len = eap_eke_pnonce_ps_len(sess->mac);  in eap_eke_session_init()
713 	if (sess->prf_len < 0 || sess->nonce_len < 0 || sess->auth_len < 0 ||  in eap_eke_session_init()
714 	    sess->dhcomp_len < 0 || sess->pnonce_len < 0 ||  in eap_eke_session_init()
715 	    sess->pnonce_ps_len < 0)  in eap_eke_session_init()
722 void eap_eke_session_clean(struct eap_eke_session *sess)  in eap_eke_session_clean()  argument
724 	os_memset(sess->shared_secret, 0, EAP_EKE_MAX_HASH_LEN);  in eap_eke_session_clean()
725 	os_memset(sess->ke, 0, EAP_EKE_MAX_KE_LEN);  in eap_eke_session_clean()
726 	os_memset(sess->ki, 0, EAP_EKE_MAX_KI_LEN);  in eap_eke_session_clean()
727 	os_memset(sess->ka, 0, EAP_EKE_MAX_KA_LEN);  in eap_eke_session_clean()