Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2024-11-29 02:38:22 -05:00
Code Issues Projects Releases Wiki Activity

EAP-GPSK: Allow forced algorithm selection to be configured

Browse Source 
phase1 parameter 'cipher' can now be used to specify which algorithm
proposal is selected, e.g., with phase1="cipher=1" selecting AES-based
design and cipher=2 SHA256-based. This is mainly for testing purposes,
but can also be used to enforce stronger algorithms to be used.

Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2014-01-05 14:17:08 +02:00
parent 5f01c3c84a
commit 5a0f596b7b
1 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/eap_peer/eap_gpsk.c
View File

@ -1,6 +1,6 @@
/* /*
* EAP peer method: EAP-GPSK (RFC 5433) * EAP peer method: EAP-GPSK (RFC 5433)
* Copyright (c) 2006-2008, Jouni Malinen <j@w1.fi> * Copyright (c) 2006-2014, Jouni Malinen <j@w1.fi>
* *
* This software may be distributed under the terms of the BSD license. * This software may be distributed under the terms of the BSD license.
* See README for more details. * See README for more details.
@ -33,6 +33,7 @@ struct eap_gpsk_data {
int specifier; /* CSuite/Specifier */ int specifier; /* CSuite/Specifier */
u8 *psk; u8 *psk;
size_t psk_len; size_t psk_len;
u16 forced_cipher; /* force cipher or 0 to allow all supported */
}; };
@ -80,6 +81,7 @@ static void * eap_gpsk_init(struct eap_sm *sm)
struct eap_gpsk_data *data; struct eap_gpsk_data *data;
const u8 *identity, *password; const u8 *identity, *password;
size_t identity_len, password_len; size_t identity_len, password_len;
const char *phase1;
password = eap_get_config_password(sm, &password_len); password = eap_get_config_password(sm, &password_len);
if (password == NULL) { if (password == NULL) {
@ -103,6 +105,18 @@ static void * eap_gpsk_init(struct eap_sm *sm)
data->id_peer_len = identity_len; data->id_peer_len = identity_len;
} }
phase1 = eap_get_config_phase1(sm);
if (phase1) {
const char *pos;
pos = os_strstr(phase1, "cipher=");
if (pos) {
data->forced_cipher = atoi(pos + 7);
wpa_printf(MSG_DEBUG, "EAP-GPSK: Forced cipher %u",
data->forced_cipher);
}
}
data->psk = os_malloc(password_len); data->psk = os_malloc(password_len);
if (data->psk == NULL) { if (data->psk == NULL) {
eap_gpsk_deinit(sm, data); eap_gpsk_deinit(sm, data);
@ -195,7 +209,9 @@ static int eap_gpsk_select_csuite(struct eap_sm *sm,
i, vendor, specifier); i, vendor, specifier);
if (data->vendor == EAP_GPSK_VENDOR_IETF && if (data->vendor == EAP_GPSK_VENDOR_IETF &&
data->specifier == EAP_GPSK_CIPHER_RESERVED && data->specifier == EAP_GPSK_CIPHER_RESERVED &&
eap_gpsk_supported_ciphersuite(vendor, specifier)) { eap_gpsk_supported_ciphersuite(vendor, specifier) &&
(!data->forced_cipher || data->forced_cipher == specifier))
{
data->vendor = vendor; data->vendor = vendor;
data->specifier = specifier; data->specifier = specifier;
} }