/src/hostap/src/common/sae.h
Line | Count | Source |
1 | | /* |
2 | | * Simultaneous authentication of equals |
3 | | * Copyright (c) 2012-2013, Jouni Malinen <j@w1.fi> |
4 | | * |
5 | | * This software may be distributed under the terms of the BSD license. |
6 | | * See README for more details. |
7 | | */ |
8 | | |
9 | | #ifndef SAE_H |
10 | | #define SAE_H |
11 | | |
12 | | #define SAE_KCK_LEN 32 |
13 | | #define SAE_PMK_LEN 32 |
14 | | #define SAE_PMK_LEN_MAX 64 |
15 | | #define SAE_PMKID_LEN 16 |
16 | | #define SAE_MAX_PRIME_LEN 512 |
17 | | #define SAE_MAX_ECC_PRIME_LEN 66 |
18 | | #define SAE_MAX_HASH_LEN 64 |
19 | | #define SAE_COMMIT_MAX_LEN (2 + 3 * SAE_MAX_PRIME_LEN + 255) |
20 | | #ifdef CONFIG_SAE_PK |
21 | | #define SAE_CONFIRM_MAX_LEN ((2 + SAE_MAX_HASH_LEN) + 1500) |
22 | | #else /* CONFIG_SAE_PK */ |
23 | | #define SAE_CONFIRM_MAX_LEN (2 + SAE_MAX_HASH_LEN) |
24 | | #endif /* CONFIG_SAE_PK */ |
25 | | #define SAE_PK_M_LEN 16 |
26 | | |
27 | | /* Special value returned by sae_parse_commit() */ |
28 | | #define SAE_SILENTLY_DISCARD 65535 |
29 | | |
30 | | struct sae_pk { |
31 | | struct wpabuf *m; |
32 | | struct crypto_ec_key *key; |
33 | | int group; |
34 | | struct wpabuf *pubkey; /* DER encoded subjectPublicKey */ |
35 | | #ifdef CONFIG_TESTING_OPTIONS |
36 | | struct crypto_ec_key *sign_key_override; |
37 | | #endif /* CONFIG_TESTING_OPTIONS */ |
38 | | }; |
39 | | |
40 | | |
41 | | struct sae_temporary_data { |
42 | | u8 kck[SAE_MAX_HASH_LEN]; |
43 | | size_t kck_len; |
44 | | struct crypto_bignum *own_commit_scalar; |
45 | | struct crypto_bignum *own_commit_element_ffc; |
46 | | struct crypto_ec_point *own_commit_element_ecc; |
47 | | struct crypto_bignum *peer_commit_element_ffc; |
48 | | struct crypto_ec_point *peer_commit_element_ecc; |
49 | | struct crypto_ec_point *pwe_ecc; |
50 | | struct crypto_bignum *pwe_ffc; |
51 | | struct crypto_bignum *sae_rand; |
52 | | struct crypto_ec *ec; |
53 | | int prime_len; |
54 | | int order_len; |
55 | | const struct dh_group *dh; |
56 | | const struct crypto_bignum *prime; |
57 | | const struct crypto_bignum *order; |
58 | | struct crypto_bignum *prime_buf; |
59 | | struct crypto_bignum *order_buf; |
60 | | struct wpabuf *anti_clogging_token; |
61 | | u8 *pw_id; |
62 | | size_t pw_id_len; |
63 | | u8 *parsed_pw_id; |
64 | | size_t parsed_pw_id_len; |
65 | | char *dec_pw_id; |
66 | | size_t dec_pw_id_len; |
67 | | unsigned int pw_id_counter; |
68 | | int vlan_id; |
69 | | u8 bssid[ETH_ALEN]; |
70 | | struct wpabuf *own_rejected_groups; |
71 | | struct wpabuf *peer_rejected_groups; |
72 | | unsigned int own_addr_higher:1; |
73 | | unsigned int try_other_password:1; |
74 | | |
75 | | #ifdef CONFIG_SAE_PK |
76 | | u8 kek[SAE_MAX_HASH_LEN]; |
77 | | size_t kek_len; |
78 | | const struct sae_pk *ap_pk; |
79 | | u8 own_addr[ETH_ALEN]; |
80 | | u8 peer_addr[ETH_ALEN]; |
81 | | u8 fingerprint[SAE_MAX_HASH_LEN]; |
82 | | size_t fingerprint_bytes; |
83 | | size_t fingerprint_bits; |
84 | | size_t lambda; |
85 | | unsigned int sec; |
86 | | u8 ssid[32]; |
87 | | size_t ssid_len; |
88 | | #ifdef CONFIG_TESTING_OPTIONS |
89 | | bool omit_pk_elem; |
90 | | #endif /* CONFIG_TESTING_OPTIONS */ |
91 | | #endif /* CONFIG_SAE_PK */ |
92 | | |
93 | | struct os_reltime disabled_until; |
94 | | |
95 | | const void *used_pw; |
96 | | }; |
97 | | |
98 | | struct sae_pt { |
99 | | struct sae_pt *next; |
100 | | int group; |
101 | | struct crypto_ec *ec; |
102 | | struct crypto_ec_point *ecc_pt; |
103 | | |
104 | | const struct dh_group *dh; |
105 | | struct crypto_bignum *ffc_pt; |
106 | | struct wpabuf *password_id; |
107 | | #ifdef CONFIG_SAE_PK |
108 | | u8 ssid[32]; |
109 | | size_t ssid_len; |
110 | | #endif /* CONFIG_SAE_PK */ |
111 | | }; |
112 | | |
113 | | enum sae_state { |
114 | | SAE_NOTHING, SAE_COMMITTED, SAE_CONFIRMED, SAE_ACCEPTED |
115 | | }; |
116 | | |
117 | | struct sae_data { |
118 | | enum sae_state state; |
119 | | u16 send_confirm; |
120 | | u8 pmk[SAE_PMK_LEN_MAX]; |
121 | | size_t pmk_len; |
122 | | int akmp; /* WPA_KEY_MGMT_* used in key derivation */ |
123 | | u32 own_akm_suite_selector; |
124 | | u32 peer_akm_suite_selector; |
125 | | u8 pmkid[SAE_PMKID_LEN]; |
126 | | struct crypto_bignum *peer_commit_scalar; |
127 | | struct crypto_bignum *peer_commit_scalar_accepted; |
128 | | int group; |
129 | | unsigned int sync; /* protocol instance variable: Sync */ |
130 | | u16 rc; /* protocol instance variable: Rc (received send-confirm) */ |
131 | | unsigned int h2e:1; |
132 | | unsigned int pk:1; |
133 | | unsigned int no_pw_id:1; |
134 | | struct sae_temporary_data *tmp; |
135 | | }; |
136 | | |
137 | | int sae_set_group(struct sae_data *sae, int group); |
138 | | void sae_clear_temp_data(struct sae_data *sae); |
139 | | void sae_clear_data(struct sae_data *sae); |
140 | | |
141 | | int sae_prepare_commit(const u8 *addr1, const u8 *addr2, |
142 | | const u8 *password, size_t password_len, |
143 | | struct sae_data *sae); |
144 | | int sae_prepare_commit_pt(struct sae_data *sae, const struct sae_pt *pt, |
145 | | const u8 *addr1, const u8 *addr2, |
146 | | int *rejected_groups, const struct sae_pk *pk); |
147 | | int sae_process_commit(struct sae_data *sae); |
148 | | int sae_write_commit(struct sae_data *sae, struct wpabuf *buf, |
149 | | const struct wpabuf *token, const u8 *identifier, |
150 | | size_t identifier_len); |
151 | | u16 sae_parse_commit(struct sae_data *sae, const u8 *data, size_t len, |
152 | | const u8 **token, size_t *token_len, int *allowed_groups, |
153 | | int h2e, int *ie_offset); |
154 | | int sae_write_confirm(struct sae_data *sae, struct wpabuf *buf); |
155 | | int sae_check_confirm(struct sae_data *sae, const u8 *data, size_t len, |
156 | | int *ie_offset); |
157 | | u16 sae_group_allowed(struct sae_data *sae, int *allowed_groups, u16 group); |
158 | | const char * sae_state_txt(enum sae_state state); |
159 | | size_t sae_ecc_prime_len_2_hash_len(size_t prime_len); |
160 | | size_t sae_ffc_prime_len_2_hash_len(size_t prime_len); |
161 | | struct sae_pt * sae_derive_pt(const int *groups, |
162 | | const u8 *ssid, size_t ssid_len, |
163 | | const u8 *password, size_t password_len, |
164 | | const u8 *identifier, size_t identifier_len); |
165 | | struct crypto_ec_point * |
166 | | sae_derive_pwe_from_pt_ecc(const struct sae_pt *pt, |
167 | | const u8 *addr1, const u8 *addr2); |
168 | | struct crypto_bignum * |
169 | | sae_derive_pwe_from_pt_ffc(const struct sae_pt *pt, |
170 | | const u8 *addr1, const u8 *addr2); |
171 | | void sae_deinit_pt(struct sae_pt *pt); |
172 | | |
173 | | /* sae_pk.c */ |
174 | | #ifdef CONFIG_SAE_PK |
175 | | bool sae_pk_valid_password(const char *pw); |
176 | | #else /* CONFIG_SAE_PK */ |
177 | | static inline bool sae_pk_valid_password(const char *pw) |
178 | 0 | { |
179 | 0 | return false; |
180 | 0 | } Unexecuted instantiation: p2p.c:sae_pk_valid_password Unexecuted instantiation: p2p_invitation.c:sae_pk_valid_password |
181 | | #endif /* CONFIG_SAE_PK */ |
182 | | char * sae_pk_base32_encode(const u8 *src, size_t len_bits); |
183 | | u8 * sae_pk_base32_decode(const char *src, size_t len, size_t *out_len); |
184 | | int sae_pk_set_password(struct sae_data *sae, const char *password); |
185 | | void sae_deinit_pk(struct sae_pk *pk); |
186 | | struct sae_pk * sae_parse_pk(const char *val); |
187 | | int sae_write_confirm_pk(struct sae_data *sae, struct wpabuf *buf); |
188 | | int sae_check_confirm_pk(struct sae_data *sae, const u8 *ies, size_t ies_len); |
189 | | int sae_hash(size_t hash_len, const u8 *data, size_t len, u8 *hash); |
190 | | u32 sae_pk_get_be19(const u8 *buf); |
191 | | void sae_pk_buf_shift_left_19(u8 *buf, size_t len); |
192 | | |
193 | | #endif /* SAE_H */ |