EAP-PEAP: Swap MS-CHAP-v2 MPPE keys for EAP-PEAP ISK derivation

Microsoft uses reverse order for MS-MPPE keys in EAP-PEAP when compared to
EAP-FAST derivation of ISK. Swap the keys here to get the correct ISK for
EAP-PEAPv0 cryptobinding. This resolves the cryptobinding interop issue
with WinXP SP3 RC2. However, it looks like MSK derivation does not
interoperate when using cryptobinding, so this code remains disabled for
the time being.
This commit is contained in:
Jouni Malinen 2008-03-18 16:27:55 +02:00
parent e1a69a0b10
commit 32f049b2af
2 changed files with 30 additions and 0 deletions

View File

@ -208,6 +208,21 @@ static int eap_peap_get_isk(struct eap_sm *sm, struct eap_peap_data *data,
return -1;
}
if (key_len == 32 &&
data->phase2_method->vendor == EAP_VENDOR_IETF &&
data->phase2_method->method == EAP_TYPE_MSCHAPV2) {
/*
* Microsoft uses reverse order for MS-MPPE keys in
* EAP-PEAP when compared to EAP-FAST derivation of
* ISK. Swap the keys here to get the correct ISK for
* EAP-PEAPv0 cryptobinding.
*/
u8 tmp[16];
os_memcpy(tmp, key, 16);
os_memcpy(key, key + 16, 16);
os_memcpy(key + 16, tmp, 16);
}
if (key_len > isk_len)
key_len = isk_len;
os_memcpy(isk, key, key_len);

View File

@ -862,6 +862,21 @@ static void eap_peap_process_phase2_response(struct eap_sm *sm,
eap_peap_phase2_init(sm, data, EAP_TYPE_NONE);
return;
}
if (data->phase2_key_len == 32 &&
data->phase2_method->vendor == EAP_VENDOR_IETF &&
data->phase2_method->method == EAP_TYPE_MSCHAPV2) {
/*
* Microsoft uses reverse order for MS-MPPE keys in
* EAP-PEAP when compared to EAP-FAST derivation of
* ISK. Swap the keys here to get the correct ISK for
* EAP-PEAPv0 cryptobinding.
*/
u8 tmp[16];
os_memcpy(tmp, data->phase2_key, 16);
os_memcpy(data->phase2_key, data->phase2_key + 16, 16);
os_memcpy(data->phase2_key + 16, tmp, 16);
}
}
switch (data->state) {