static int eap_gpsk_derive_keys_aes(const u8 *psk, size_t psk_len,
const u8 *seed, size_t seed_len,
u8 *msk, u8 *emsk, u8 *sk, size_t *sk_len,
u8 *pk, size_t *pk_len)
{
#define EAP_GPSK_SK_LEN_AES 16
#define EAP_GPSK_PK_LEN_AES 16
u8 kdf_out[EAP_MSK_LEN + EAP_EMSK_LEN + EAP_GPSK_SK_LEN_AES +
EAP_GPSK_PK_LEN_AES];
/*
* inputString = RAND_Peer || ID_Peer || RAND_Server || ID_Server
* (= seed)
* KS = 16, PL = psk_len, CSuite_Sel = 0x00000000 0x0001
* MK = GKDF-16 (PSK[0..15], PL || PSK || CSuite_Sel || inputString)
* MSK = GKDF-160 (MK, inputString)[0..63]
* EMSK = GKDF-160 (MK, inputString)[64..127]
* SK = GKDF-160 (MK, inputString)[128..143]
* PK = GKDF-160 (MK, inputString)[144..159]
* zero = 0x00 || 0x00 || ... || 0x00 (16 times)
* Method-ID = GKDF-16 (zero, "Method ID" || EAP_Method_Type ||
* CSuite_Sel || inputString)
*/
*sk_len = EAP_GPSK_SK_LEN_AES;
*pk_len = EAP_GPSK_PK_LEN_AES;
return eap_gpsk_derive_keys_helper(EAP_GPSK_CIPHER_AES,
kdf_out, sizeof(kdf_out),
psk, psk_len, seed, seed_len,
msk, emsk, sk, *sk_len,
pk, *pk_len);
}
static int eap_gpsk_derive_keys_sha256(const u8 *psk, size_t psk_len,
const u8 *seed, size_t seed_len,
u8 *msk, u8 *emsk,
u8 *sk, size_t *sk_len)
{
#define EAP_GPSK_SK_LEN_SHA256 SHA256_MAC_LEN
#define EAP_GPSK_PK_LEN_SHA256 SHA256_MAC_LEN
u8 kdf_out[EAP_MSK_LEN + EAP_EMSK_LEN + EAP_GPSK_SK_LEN_SHA256 +
EAP_GPSK_PK_LEN_SHA256];
/*
* inputString = RAND_Peer || ID_Peer || RAND_Server || ID_Server
* (= seed)
* KS = 32, PL = psk_len, CSuite_Sel = 0x00000000 0x0002
* MK = GKDF-32 (PSK[0..31], PL || PSK || CSuite_Sel || inputString)
* MSK = GKDF-160 (MK, inputString)[0..63]
* EMSK = GKDF-160 (MK, inputString)[64..127]
* SK = GKDF-160 (MK, inputString)[128..159]
* zero = 0x00 || 0x00 || ... || 0x00 (32 times)
* Method-ID = GKDF-16 (zero, "Method ID" || EAP_Method_Type ||
* CSuite_Sel || inputString)
*/
*sk_len = EAP_GPSK_SK_LEN_SHA256;
return eap_gpsk_derive_keys_helper(EAP_GPSK_CIPHER_SHA256,
kdf_out, sizeof(kdf_out),
psk, psk_len, seed, seed_len,
msk, emsk, sk, *sk_len,
NULL, 0);
}
