2 * EAP peer method: EAP-EKE (RFC 6124)
3 * Copyright (c) 2013, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
12 #include "crypto/random.h"
13 #include "eap_peer/eap_i.h"
14 #include "eap_common/eap_eke_common.h"
18 IDENTITY, COMMIT, CONFIRM, SUCCESS, FAILURE
21 u8 emsk[EAP_EMSK_LEN];
26 u8 dh_priv[EAP_EKE_MAX_DH_LEN];
27 struct eap_eke_session sess;
28 u8 nonce_p[EAP_EKE_MAX_NONCE_LEN];
29 u8 nonce_s[EAP_EKE_MAX_NONCE_LEN];
31 u8 dhgroup; /* forced DH group or 0 to allow all supported */
32 u8 encr; /* forced encryption algorithm or 0 to allow all supported */
33 u8 prf; /* forced PRF or 0 to allow all supported */
34 u8 mac; /* forced MAC or 0 to allow all supported */
38 static const char * eap_eke_state_txt(int state)
57 static void eap_eke_state(struct eap_eke_data *data, int state)
59 wpa_printf(MSG_DEBUG, "EAP-EKE: %s -> %s",
60 eap_eke_state_txt(data->state), eap_eke_state_txt(state));
65 static void eap_eke_deinit(struct eap_sm *sm, void *priv);
68 static void * eap_eke_init(struct eap_sm *sm)
70 struct eap_eke_data *data;
71 const u8 *identity, *password;
72 size_t identity_len, password_len;
75 password = eap_get_config_password(sm, &password_len);
77 wpa_printf(MSG_INFO, "EAP-EKE: No password configured");
81 data = os_zalloc(sizeof(*data));
84 eap_eke_state(data, IDENTITY);
86 identity = eap_get_config_identity(sm, &identity_len);
88 data->peerid = os_malloc(identity_len);
89 if (data->peerid == NULL) {
90 eap_eke_deinit(sm, data);
93 os_memcpy(data->peerid, identity, identity_len);
94 data->peerid_len = identity_len;
97 phase1 = eap_get_config_phase1(sm);
101 pos = os_strstr(phase1, "dhgroup=");
103 data->dhgroup = atoi(pos + 8);
104 wpa_printf(MSG_DEBUG, "EAP-EKE: Forced dhgroup %u",
108 pos = os_strstr(phase1, "encr=");
110 data->encr = atoi(pos + 5);
111 wpa_printf(MSG_DEBUG, "EAP-EKE: Forced encr %u",
115 pos = os_strstr(phase1, "prf=");
117 data->prf = atoi(pos + 4);
118 wpa_printf(MSG_DEBUG, "EAP-EKE: Forced prf %u",
122 pos = os_strstr(phase1, "mac=");
124 data->mac = atoi(pos + 4);
125 wpa_printf(MSG_DEBUG, "EAP-EKE: Forced mac %u",
134 static void eap_eke_deinit(struct eap_sm *sm, void *priv)
136 struct eap_eke_data *data = priv;
137 eap_eke_session_clean(&data->sess);
138 os_free(data->serverid);
139 os_free(data->peerid);
140 wpabuf_free(data->msgs);
141 bin_clear_free(data, sizeof(*data));
145 static struct wpabuf * eap_eke_build_msg(struct eap_eke_data *data, int id,
146 size_t length, u8 eke_exch)
153 msg = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_EKE, plen,
154 EAP_CODE_RESPONSE, id);
156 wpa_printf(MSG_ERROR, "EAP-EKE: Failed to allocate memory");
160 wpabuf_put_u8(msg, eke_exch);
166 static int eap_eke_supp_dhgroup(u8 dhgroup)
168 return dhgroup == EAP_EKE_DHGROUP_EKE_2 ||
169 dhgroup == EAP_EKE_DHGROUP_EKE_5 ||
170 dhgroup == EAP_EKE_DHGROUP_EKE_14 ||
171 dhgroup == EAP_EKE_DHGROUP_EKE_15 ||
172 dhgroup == EAP_EKE_DHGROUP_EKE_16;
176 static int eap_eke_supp_encr(u8 encr)
178 return encr == EAP_EKE_ENCR_AES128_CBC;
182 static int eap_eke_supp_prf(u8 prf)
184 return prf == EAP_EKE_PRF_HMAC_SHA1 ||
185 prf == EAP_EKE_PRF_HMAC_SHA2_256;
189 static int eap_eke_supp_mac(u8 mac)
191 return mac == EAP_EKE_MAC_HMAC_SHA1 ||
192 mac == EAP_EKE_MAC_HMAC_SHA2_256;
196 static struct wpabuf * eap_eke_build_fail(struct eap_eke_data *data,
197 struct eap_method_ret *ret,
198 u8 id, u32 failure_code)
202 wpa_printf(MSG_DEBUG, "EAP-EKE: Sending EAP-EKE-Failure/Response - code=0x%x",
205 resp = eap_eke_build_msg(data, id, 4, EAP_EKE_FAILURE);
207 wpabuf_put_be32(resp, failure_code);
209 os_memset(data->dh_priv, 0, sizeof(data->dh_priv));
210 eap_eke_session_clean(&data->sess);
212 eap_eke_state(data, FAILURE);
213 ret->methodState = METHOD_DONE;
214 ret->decision = DECISION_FAIL;
215 ret->allowNotifications = FALSE;
221 static struct wpabuf * eap_eke_process_id(struct eap_eke_data *data,
222 struct eap_method_ret *ret,
223 const struct wpabuf *reqData,
228 unsigned num_prop, i;
230 const u8 *prop = NULL;
232 u8 id = eap_get_id(reqData);
234 if (data->state != IDENTITY) {
235 return eap_eke_build_fail(data, ret, id,
236 EAP_EKE_FAIL_PROTO_ERROR);
239 wpa_printf(MSG_DEBUG, "EAP-EKE: Received EAP-EKE-ID/Request");
241 if (payload_len < 2 + 4) {
242 wpa_printf(MSG_DEBUG, "EAP-EKE: Too short ID/Request Data");
243 return eap_eke_build_fail(data, ret, id,
244 EAP_EKE_FAIL_PROTO_ERROR);
248 end = payload + payload_len;
251 pos++; /* Ignore Reserved field */
253 if (pos + num_prop * 4 > end) {
254 wpa_printf(MSG_DEBUG, "EAP-EKE: Too short ID/Request Data (num_prop=%u)",
256 return eap_eke_build_fail(data, ret, id,
257 EAP_EKE_FAIL_PROTO_ERROR);
260 for (i = 0; i < num_prop; i++) {
263 wpa_printf(MSG_DEBUG, "EAP-EKE: Proposal #%u: dh=%u encr=%u prf=%u mac=%u",
264 i, pos[0], pos[1], pos[2], pos[3]);
267 if ((data->dhgroup && data->dhgroup != *tmp) ||
268 !eap_eke_supp_dhgroup(*tmp))
271 if ((data->encr && data->encr != *tmp) ||
272 !eap_eke_supp_encr(*tmp))
275 if ((data->prf && data->prf != *tmp) ||
276 !eap_eke_supp_prf(*tmp))
279 if ((data->mac && data->mac != *tmp) ||
280 !eap_eke_supp_mac(*tmp))
284 if (eap_eke_session_init(&data->sess, prop[0], prop[1], prop[2],
290 wpa_printf(MSG_DEBUG, "EAP-EKE: Selected proposal");
295 wpa_printf(MSG_DEBUG, "EAP-EKE: No acceptable proposal found");
296 return eap_eke_build_fail(data, ret, id,
297 EAP_EKE_FAIL_NO_PROPOSAL_CHOSEN);
300 pos += (num_prop - i - 1) * 4;
303 wpa_printf(MSG_DEBUG, "EAP-EKE: Too short ID/Request Data to include IDType/Identity");
304 return eap_eke_build_fail(data, ret, id,
305 EAP_EKE_FAIL_PROTO_ERROR);
309 wpa_printf(MSG_DEBUG, "EAP-EKE: Server IDType %u", idtype);
310 wpa_hexdump_ascii(MSG_DEBUG, "EAP-EKE: Server Identity",
312 os_free(data->serverid);
313 data->serverid = os_malloc(end - pos);
314 if (data->serverid == NULL) {
315 return eap_eke_build_fail(data, ret, id,
316 EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
318 os_memcpy(data->serverid, pos, end - pos);
319 data->serverid_len = end - pos;
321 wpa_printf(MSG_DEBUG, "EAP-EKE: Sending EAP-EKE-ID/Response");
323 resp = eap_eke_build_msg(data, id,
324 2 + 4 + 1 + data->peerid_len,
327 return eap_eke_build_fail(data, ret, id,
328 EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
331 wpabuf_put_u8(resp, 1); /* NumProposals */
332 wpabuf_put_u8(resp, 0); /* Reserved */
333 wpabuf_put_data(resp, prop, 4); /* Selected Proposal */
334 wpabuf_put_u8(resp, EAP_EKE_ID_NAI);
336 wpabuf_put_data(resp, data->peerid, data->peerid_len);
338 wpabuf_free(data->msgs);
339 data->msgs = wpabuf_alloc(wpabuf_len(reqData) + wpabuf_len(resp));
340 if (data->msgs == NULL) {
342 return eap_eke_build_fail(data, ret, id,
343 EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
345 wpabuf_put_buf(data->msgs, reqData);
346 wpabuf_put_buf(data->msgs, resp);
348 eap_eke_state(data, COMMIT);
354 static struct wpabuf * eap_eke_process_commit(struct eap_sm *sm,
355 struct eap_eke_data *data,
356 struct eap_method_ret *ret,
357 const struct wpabuf *reqData,
362 const u8 *pos, *end, *dhcomp;
365 u8 key[EAP_EKE_MAX_KEY_LEN];
366 u8 pub[EAP_EKE_MAX_DH_LEN];
369 u8 id = eap_get_id(reqData);
371 if (data->state != COMMIT) {
372 wpa_printf(MSG_DEBUG, "EAP-EKE: EAP-EKE-Commit/Request received in unexpected state (%d)", data->state);
373 return eap_eke_build_fail(data, ret, id,
374 EAP_EKE_FAIL_PROTO_ERROR);
377 wpa_printf(MSG_DEBUG, "EAP-EKE: Received EAP-EKE-Commit/Request");
379 password = eap_get_config_password(sm, &password_len);
380 if (password == NULL) {
381 wpa_printf(MSG_INFO, "EAP-EKE: No password configured!");
382 return eap_eke_build_fail(data, ret, id,
383 EAP_EKE_FAIL_PASSWD_NOT_FOUND);
387 end = payload + payload_len;
389 if (pos + data->sess.dhcomp_len > end) {
390 wpa_printf(MSG_DEBUG, "EAP-EKE: Too short EAP-EKE-Commit");
391 return eap_eke_build_fail(data, ret, id,
392 EAP_EKE_FAIL_PROTO_ERROR);
395 wpa_hexdump(MSG_DEBUG, "EAP-EKE: DHComponent_S",
396 pos, data->sess.dhcomp_len);
398 pos += data->sess.dhcomp_len;
399 wpa_hexdump(MSG_DEBUG, "EAP-EKE: CBValue", pos, end - pos);
402 * temp = prf(0+, password)
403 * key = prf+(temp, ID_S | ID_P)
405 if (eap_eke_derive_key(&data->sess, password, password_len,
406 data->serverid, data->serverid_len,
407 data->peerid, data->peerid_len, key) < 0) {
408 wpa_printf(MSG_INFO, "EAP-EKE: Failed to derive key");
409 return eap_eke_build_fail(data, ret, id,
410 EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
414 * y_p = g ^ x_p (mod p)
415 * x_p = random number 2 .. p-1
417 if (eap_eke_dh_init(data->sess.dhgroup, data->dh_priv, pub) < 0) {
418 wpa_printf(MSG_INFO, "EAP-EKE: Failed to initialize DH");
419 os_memset(key, 0, sizeof(key));
420 return eap_eke_build_fail(data, ret, id,
421 EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
424 if (eap_eke_shared_secret(&data->sess, key, data->dh_priv, dhcomp) < 0)
426 wpa_printf(MSG_INFO, "EAP-EKE: Failed to derive shared secret");
427 os_memset(key, 0, sizeof(key));
428 return eap_eke_build_fail(data, ret, id,
429 EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
432 if (eap_eke_derive_ke_ki(&data->sess,
433 data->serverid, data->serverid_len,
434 data->peerid, data->peerid_len) < 0) {
435 wpa_printf(MSG_INFO, "EAP-EKE: Failed to derive Ke/Ki");
436 os_memset(key, 0, sizeof(key));
437 return eap_eke_build_fail(data, ret, id,
438 EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
441 wpa_printf(MSG_DEBUG, "EAP-EKE: Sending EAP-EKE-Commit/Response");
443 resp = eap_eke_build_msg(data, id,
444 data->sess.dhcomp_len + data->sess.pnonce_len,
447 os_memset(key, 0, sizeof(key));
448 return eap_eke_build_fail(data, ret, id,
449 EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
452 /* DHComponent_P = Encr(key, y_p) */
453 rpos = wpabuf_put(resp, data->sess.dhcomp_len);
454 if (eap_eke_dhcomp(&data->sess, key, pub, rpos) < 0) {
455 wpa_printf(MSG_INFO, "EAP-EKE: Failed to build DHComponent_P");
456 os_memset(key, 0, sizeof(key));
457 return eap_eke_build_fail(data, ret, id,
458 EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
460 os_memset(key, 0, sizeof(key));
462 wpa_hexdump(MSG_DEBUG, "EAP-EKE: DHComponent_P",
463 rpos, data->sess.dhcomp_len);
465 if (random_get_bytes(data->nonce_p, data->sess.nonce_len)) {
467 return eap_eke_build_fail(data, ret, id,
468 EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
470 wpa_hexdump_key(MSG_DEBUG, "EAP-EKE: Nonce_P",
471 data->nonce_p, data->sess.nonce_len);
472 prot_len = wpabuf_tailroom(resp);
473 if (eap_eke_prot(&data->sess, data->nonce_p, data->sess.nonce_len,
474 wpabuf_put(resp, 0), &prot_len) < 0) {
476 return eap_eke_build_fail(data, ret, id,
477 EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
479 wpa_hexdump(MSG_DEBUG, "EAP-EKE: PNonce_P",
480 wpabuf_put(resp, 0), prot_len);
481 wpabuf_put(resp, prot_len);
485 if (wpabuf_resize(&data->msgs, wpabuf_len(reqData) + wpabuf_len(resp))
488 return eap_eke_build_fail(data, ret, id,
489 EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
491 wpabuf_put_buf(data->msgs, reqData);
492 wpabuf_put_buf(data->msgs, resp);
494 eap_eke_state(data, CONFIRM);
500 static struct wpabuf * eap_eke_process_confirm(struct eap_eke_data *data,
501 struct eap_method_ret *ret,
502 const struct wpabuf *reqData,
509 u8 nonces[2 * EAP_EKE_MAX_NONCE_LEN];
510 u8 auth_s[EAP_EKE_MAX_HASH_LEN];
513 u8 id = eap_get_id(reqData);
515 if (data->state != CONFIRM) {
516 wpa_printf(MSG_DEBUG, "EAP-EKE: EAP-EKE-Confirm/Request received in unexpected state (%d)",
518 return eap_eke_build_fail(data, ret, id,
519 EAP_EKE_FAIL_PROTO_ERROR);
522 wpa_printf(MSG_DEBUG, "EAP-EKE: Received EAP-EKE-Confirm/Request");
525 end = payload + payload_len;
527 if (pos + data->sess.pnonce_ps_len + data->sess.prf_len > end) {
528 wpa_printf(MSG_DEBUG, "EAP-EKE: Too short EAP-EKE-Confirm");
529 return eap_eke_build_fail(data, ret, id,
530 EAP_EKE_FAIL_PROTO_ERROR);
533 decrypt_len = sizeof(nonces);
534 if (eap_eke_decrypt_prot(&data->sess, pos, data->sess.pnonce_ps_len,
535 nonces, &decrypt_len) < 0) {
536 wpa_printf(MSG_INFO, "EAP-EKE: Failed to decrypt PNonce_PS");
537 return eap_eke_build_fail(data, ret, id,
538 EAP_EKE_FAIL_AUTHENTICATION_FAIL);
540 if (decrypt_len != (size_t) 2 * data->sess.nonce_len) {
541 wpa_printf(MSG_INFO, "EAP-EKE: PNonce_PS protected data length does not match length of Nonce_P and Nonce_S");
542 return eap_eke_build_fail(data, ret, id,
543 EAP_EKE_FAIL_AUTHENTICATION_FAIL);
545 wpa_hexdump_key(MSG_DEBUG, "EAP-EKE: Received Nonce_P | Nonce_S",
546 nonces, 2 * data->sess.nonce_len);
547 if (os_memcmp(data->nonce_p, nonces, data->sess.nonce_len) != 0) {
548 wpa_printf(MSG_INFO, "EAP-EKE: Received Nonce_P does not match transmitted Nonce_P");
549 return eap_eke_build_fail(data, ret, id,
550 EAP_EKE_FAIL_AUTHENTICATION_FAIL);
553 os_memcpy(data->nonce_s, nonces + data->sess.nonce_len,
554 data->sess.nonce_len);
555 wpa_hexdump_key(MSG_DEBUG, "EAP-EKE: Nonce_S",
556 data->nonce_s, data->sess.nonce_len);
558 if (eap_eke_derive_ka(&data->sess, data->serverid, data->serverid_len,
559 data->peerid, data->peerid_len,
560 data->nonce_p, data->nonce_s) < 0) {
561 return eap_eke_build_fail(data, ret, id,
562 EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
565 if (eap_eke_auth(&data->sess, "EAP-EKE server", data->msgs, auth_s) < 0)
567 return eap_eke_build_fail(data, ret, id,
568 EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
570 wpa_hexdump(MSG_DEBUG, "EAP-EKE: Auth_S", auth_s, data->sess.prf_len);
571 if (os_memcmp_const(auth_s, pos + data->sess.pnonce_ps_len,
572 data->sess.prf_len) != 0) {
573 wpa_printf(MSG_INFO, "EAP-EKE: Auth_S does not match");
574 return eap_eke_build_fail(data, ret, id,
575 EAP_EKE_FAIL_AUTHENTICATION_FAIL);
578 wpa_printf(MSG_DEBUG, "EAP-EKE: Sending EAP-EKE-Confirm/Response");
580 resp = eap_eke_build_msg(data, id,
581 data->sess.pnonce_len + data->sess.prf_len,
584 return eap_eke_build_fail(data, ret, id,
585 EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
588 prot_len = wpabuf_tailroom(resp);
589 if (eap_eke_prot(&data->sess, data->nonce_s, data->sess.nonce_len,
590 wpabuf_put(resp, 0), &prot_len) < 0) {
592 return eap_eke_build_fail(data, ret, id,
593 EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
595 wpabuf_put(resp, prot_len);
597 auth = wpabuf_put(resp, data->sess.prf_len);
598 if (eap_eke_auth(&data->sess, "EAP-EKE peer", data->msgs, auth) < 0) {
600 return eap_eke_build_fail(data, ret, id,
601 EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
603 wpa_hexdump(MSG_DEBUG, "EAP-EKE: Auth_P", auth, data->sess.prf_len);
605 if (eap_eke_derive_msk(&data->sess, data->serverid, data->serverid_len,
606 data->peerid, data->peerid_len,
607 data->nonce_s, data->nonce_p,
608 data->msk, data->emsk) < 0) {
609 wpa_printf(MSG_INFO, "EAP-EKE: Failed to derive MSK/EMSK");
611 return eap_eke_build_fail(data, ret, id,
612 EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
615 os_memset(data->dh_priv, 0, sizeof(data->dh_priv));
616 eap_eke_session_clean(&data->sess);
618 eap_eke_state(data, SUCCESS);
619 ret->methodState = METHOD_MAY_CONT;
620 ret->decision = DECISION_COND_SUCC;
621 ret->allowNotifications = FALSE;
627 static struct wpabuf * eap_eke_process_failure(struct eap_eke_data *data,
628 struct eap_method_ret *ret,
629 const struct wpabuf *reqData,
633 wpa_printf(MSG_DEBUG, "EAP-EKE: Received EAP-EKE-Failure/Request");
635 if (payload_len < 4) {
636 wpa_printf(MSG_DEBUG, "EAP-EKE: Too short EAP-EKE-Failure");
639 code = WPA_GET_BE32(payload);
640 wpa_printf(MSG_INFO, "EAP-EKE: Failure-Code 0x%x", code);
643 return eap_eke_build_fail(data, ret, eap_get_id(reqData),
644 EAP_EKE_FAIL_NO_ERROR);
648 static struct wpabuf * eap_eke_process(struct eap_sm *sm, void *priv,
649 struct eap_method_ret *ret,
650 const struct wpabuf *reqData)
652 struct eap_eke_data *data = priv;
658 pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_EKE, reqData, &len);
659 if (pos == NULL || len < 1) {
667 wpa_printf(MSG_DEBUG, "EAP-EKE: Received frame: exch %d", eke_exch);
668 wpa_hexdump(MSG_DEBUG, "EAP-EKE: Received Data", pos, end - pos);
671 ret->methodState = METHOD_MAY_CONT;
672 ret->decision = DECISION_FAIL;
673 ret->allowNotifications = TRUE;
677 resp = eap_eke_process_id(data, ret, reqData, pos, end - pos);
680 resp = eap_eke_process_commit(sm, data, ret, reqData,
683 case EAP_EKE_CONFIRM:
684 resp = eap_eke_process_confirm(data, ret, reqData,
687 case EAP_EKE_FAILURE:
688 resp = eap_eke_process_failure(data, ret, reqData,
692 wpa_printf(MSG_DEBUG, "EAP-EKE: Ignoring message with unknown EKE-Exch %d", eke_exch);
697 if (ret->methodState == METHOD_DONE)
698 ret->allowNotifications = FALSE;
704 static Boolean eap_eke_isKeyAvailable(struct eap_sm *sm, void *priv)
706 struct eap_eke_data *data = priv;
707 return data->state == SUCCESS;
711 static u8 * eap_eke_getKey(struct eap_sm *sm, void *priv, size_t *len)
713 struct eap_eke_data *data = priv;
716 if (data->state != SUCCESS)
719 key = os_malloc(EAP_MSK_LEN);
722 os_memcpy(key, data->msk, EAP_MSK_LEN);
729 static u8 * eap_eke_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
731 struct eap_eke_data *data = priv;
734 if (data->state != SUCCESS)
737 key = os_malloc(EAP_EMSK_LEN);
740 os_memcpy(key, data->emsk, EAP_EMSK_LEN);
747 static u8 * eap_eke_get_session_id(struct eap_sm *sm, void *priv, size_t *len)
749 struct eap_eke_data *data = priv;
753 if (data->state != SUCCESS)
756 sid_len = 1 + 2 * data->sess.nonce_len;
757 sid = os_malloc(sid_len);
760 sid[0] = EAP_TYPE_EKE;
761 os_memcpy(sid + 1, data->nonce_p, data->sess.nonce_len);
762 os_memcpy(sid + 1 + data->sess.nonce_len, data->nonce_s,
763 data->sess.nonce_len);
770 int eap_peer_eke_register(void)
772 struct eap_method *eap;
775 eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
776 EAP_VENDOR_IETF, EAP_TYPE_EKE, "EKE");
780 eap->init = eap_eke_init;
781 eap->deinit = eap_eke_deinit;
782 eap->process = eap_eke_process;
783 eap->isKeyAvailable = eap_eke_isKeyAvailable;
784 eap->getKey = eap_eke_getKey;
785 eap->get_emsk = eap_eke_get_emsk;
786 eap->getSessionId = eap_eke_get_session_id;
788 ret = eap_peer_method_register(eap);
790 eap_peer_method_free(eap);