eap_pax_common.h File Reference

EAP server/peer: EAP-PAX shared routines. More...

Go to the source code of this file.

Data Structures
struct	eap_pax_hdr

Macros
#define	EAP_PAX_FLAGS_MF   0x01
#define	EAP_PAX_FLAGS_CE   0x02
#define	EAP_PAX_FLAGS_AI   0x04
#define	EAP_PAX_MAC_HMAC_SHA1_128   0x01
#define	EAP_PAX_HMAC_SHA256_128   0x02
#define	EAP_PAX_DH_GROUP_NONE   0x00
#define	EAP_PAX_DH_GROUP_2048_MODP   0x01
#define	EAP_PAX_DH_GROUP_3072_MODP   0x02
#define	EAP_PAX_DH_GROUP_NIST_ECC_P_256   0x03
#define	EAP_PAX_PUBLIC_KEY_NONE   0x00
#define	EAP_PAX_PUBLIC_KEY_RSAES_OAEP   0x01
#define	EAP_PAX_PUBLIC_KEY_RSA_PKCS1_V1_5   0x02
#define	EAP_PAX_PUBLIC_KEY_EL_GAMAL_NIST_ECC   0x03
#define	EAP_PAX_ADE_VENDOR_SPECIFIC   0x01
#define	EAP_PAX_ADE_CLIENT_CHANNEL_BINDING   0x02
#define	EAP_PAX_ADE_SERVER_CHANNEL_BINDING   0x03
#define	EAP_PAX_RAND_LEN   32
#define	EAP_PAX_MAC_LEN   16
#define	EAP_PAX_ICV_LEN   16
#define	EAP_PAX_AK_LEN   16
#define	EAP_PAX_MK_LEN   16
#define	EAP_PAX_CK_LEN   16
#define	EAP_PAX_ICK_LEN   16
#define	EAP_PAX_MID_LEN   16

Enumerations
enum	{   EAP_PAX_OP_STD_1 = 0x01, EAP_PAX_OP_STD_2 = 0x02, EAP_PAX_OP_STD_3 = 0x03, EAP_PAX_OP_SEC_1 = 0x11,   EAP_PAX_OP_SEC_2 = 0x12, EAP_PAX_OP_SEC_3 = 0x13, EAP_PAX_OP_SEC_4 = 0x14, EAP_PAX_OP_SEC_5 = 0x15,   EAP_PAX_OP_ACK = 0x21 }

Functions
int	eap_pax_kdf (u8 mac_id, const u8 *key, size_t key_len, const char *identifier, const u8 *entropy, size_t entropy_len, size_t output_len, u8 *output)
	PAX Key Derivation Function. More...
int	eap_pax_mac (u8 mac_id, const u8 *key, size_t key_len, const u8 *data1, size_t data1_len, const u8 *data2, size_t data2_len, const u8 *data3, size_t data3_len, u8 *mac)
	EAP-PAX MAC. More...
int	eap_pax_initial_key_derivation (u8 mac_id, const u8 *ak, const u8 *e, u8 *mk, u8 *ck, u8 *ick, u8 *mid)
	EAP-PAX initial key derivation. More...

Variables
struct eap_pax_hdr	STRUCT_PACKED

Detailed Description

EAP server/peer: EAP-PAX shared routines.

Function Documentation

int eap_pax_initial_key_derivation	(	u8	mac_id,
		const u8 *	ak,
		const u8 *	e,
		u8 *	mk,
		u8 *	ck,
		u8 *	ick,
		u8 *	mid
	)

EAP-PAX initial key derivation.

Parameters

mac_id	MAC ID (EAP_PAX_MAC_*) / currently, only HMAC_SHA1_128 is supported
ak	Authentication Key
e	Entropy
mk	Buffer for the derived Master Key
ck	Buffer for the derived Confirmation Key
ick	Buffer for the derived Integrity Check Key
mid	Buffer for the derived Method ID

Returns

0 on success, -1 on failure

int eap_pax_kdf	(	u8	mac_id,
		const u8 *	key,
		size_t	key_len,
		const char *	identifier,
		const u8 *	entropy,
		size_t	entropy_len,
		size_t	output_len,
		u8 *	output
	)

PAX Key Derivation Function.

Parameters

mac_id	MAC ID (EAP_PAX_MAC_*) / currently, only HMAC_SHA1_128 is supported
key	Secret key (X)
key_len	Length of the secret key in bytes
identifier	Public identifier for the key (Y)
entropy	Exchanged entropy to seed the KDF (Z)
entropy_len	Length of the entropy in bytes
output_len	Output len in bytes (W)
output	Buffer for the derived key

Returns

0 on success, -1 failed

RFC 4746, Section 2.6: PAX-KDF-W(X, Y, Z)

int eap_pax_mac	(	u8	mac_id,
		const u8 *	key,
		size_t	key_len,
		const u8 *	data1,
		size_t	data1_len,
		const u8 *	data2,
		size_t	data2_len,
		const u8 *	data3,
		size_t	data3_len,
		u8 *	mac
	)

EAP-PAX MAC.

Parameters

mac_id	MAC ID (EAP_PAX_MAC_*) / currently, only HMAC_SHA1_128 is supported
key	Secret key
key_len	Length of the secret key in bytes
data1	Optional data, first block; NULL if not used
data1_len	Length of data1 in bytes
data2	Optional data, second block; NULL if not used
data2_len	Length of data2 in bytes
data3	Optional data, third block; NULL if not used
data3_len	Length of data3 in bytes
mac	Buffer for the MAC value (EAP_PAX_MAC_LEN = 16 bytes)

Returns

0 on success, -1 on failure

Wrapper function to calculate EAP-PAX MAC.