Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2025-01-17 18:34:03 -05:00
Code Issues Projects Releases Wiki Activity

EAP-FAST: Check T-PRF result in MSK/EMSK derivation

Browse Source 
Pass the error return from sha1_t_prf() to callers.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2015-12-12 11:20:05 +02:00
parent b1d8c5ce6a
commit 5b904b3e42
4 changed files with 25 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/eap_common/eap_fast_common.c
View File

@ -111,22 +111,24 @@ u8 * eap_fast_derive_key(void *ssl_ctx, struct tls_connection *conn,
} }
void eap_fast_derive_eap_msk(const u8 *simck, u8 *msk) int eap_fast_derive_eap_msk(const u8 *simck, u8 *msk)
{ {
/* /*
* RFC 4851, Section 5.4: EAP Master Session Key Generation * RFC 4851, Section 5.4: EAP Master Session Key Generation
* MSK = T-PRF(S-IMCK[j], "Session Key Generating Function", 64) * MSK = T-PRF(S-IMCK[j], "Session Key Generating Function", 64)
*/ */
sha1_t_prf(simck, EAP_FAST_SIMCK_LEN, if (sha1_t_prf(simck, EAP_FAST_SIMCK_LEN,
"Session Key Generating Function", (u8 *) "", 0, "Session Key Generating Function", (u8 *) "", 0,
msk, EAP_FAST_KEY_LEN); msk, EAP_FAST_KEY_LEN) < 0)
return -1;
wpa_hexdump_key(MSG_DEBUG, "EAP-FAST: Derived key (MSK)", wpa_hexdump_key(MSG_DEBUG, "EAP-FAST: Derived key (MSK)",
msk, EAP_FAST_KEY_LEN); msk, EAP_FAST_KEY_LEN);
return 0;
} }
void eap_fast_derive_eap_emsk(const u8 *simck, u8 *emsk) int eap_fast_derive_eap_emsk(const u8 *simck, u8 *emsk)
{ {
/* /*
* RFC 4851, Section 5.4: EAP Master Session Key Genreration * RFC 4851, Section 5.4: EAP Master Session Key Genreration
@ -134,11 +136,13 @@ void eap_fast_derive_eap_emsk(const u8 *simck, u8 *emsk)
* "Extended Session Key Generating Function", 64) * "Extended Session Key Generating Function", 64)
*/ */
sha1_t_prf(simck, EAP_FAST_SIMCK_LEN, if (sha1_t_prf(simck, EAP_FAST_SIMCK_LEN,
"Extended Session Key Generating Function", (u8 *) "", 0, "Extended Session Key Generating Function", (u8 *) "", 0,
emsk, EAP_EMSK_LEN); emsk, EAP_EMSK_LEN) < 0)
return -1;
wpa_hexdump_key(MSG_DEBUG, "EAP-FAST: Derived key (EMSK)", wpa_hexdump_key(MSG_DEBUG, "EAP-FAST: Derived key (EMSK)",
emsk, EAP_EMSK_LEN); emsk, EAP_EMSK_LEN);
return 0;
} }

4
src/eap_common/eap_fast_common.h
View File

@ -99,8 +99,8 @@ void eap_fast_derive_master_secret(const u8 *pac_key, const u8 *server_random,
const u8 *client_random, u8 *master_secret); const u8 *client_random, u8 *master_secret);
u8 * eap_fast_derive_key(void *ssl_ctx, struct tls_connection *conn, u8 * eap_fast_derive_key(void *ssl_ctx, struct tls_connection *conn,
const char *label, size_t len); const char *label, size_t len);
void eap_fast_derive_eap_msk(const u8 *simck, u8 *msk); int eap_fast_derive_eap_msk(const u8 *simck, u8 *msk);
void eap_fast_derive_eap_emsk(const u8 *simck, u8 *emsk); int eap_fast_derive_eap_emsk(const u8 *simck, u8 *emsk);
int eap_fast_parse_tlv(struct eap_fast_tlv_parse *tlv, int eap_fast_parse_tlv(struct eap_fast_tlv_parse *tlv,
int tlv_type, u8 *pos, size_t len); int tlv_type, u8 *pos, size_t len);

5
src/eap_peer/eap_fast.c
View File

@ -260,8 +260,9 @@ static void eap_fast_deinit(struct eap_sm *sm, void *priv)
static int eap_fast_derive_msk(struct eap_fast_data *data) static int eap_fast_derive_msk(struct eap_fast_data *data)
{ {
eap_fast_derive_eap_msk(data->simck, data->key_data); if (eap_fast_derive_eap_msk(data->simck, data->key_data) < 0 ||
eap_fast_derive_eap_emsk(data->simck, data->emsk); eap_fast_derive_eap_emsk(data->simck, data->emsk) < 0)
return -1;
data->success = 1; data->success = 1;
return 0; return 0;
} }

10
src/eap_server/eap_server_fast.c
View File

@ -1564,7 +1564,10 @@ static u8 * eap_fast_getKey(struct eap_sm *sm, void *priv, size_t *len)
if (eapKeyData == NULL) if (eapKeyData == NULL)
return NULL; return NULL;
eap_fast_derive_eap_msk(data->simck, eapKeyData); if (eap_fast_derive_eap_msk(data->simck, eapKeyData) < 0) {
os_free(eapKeyData);
return NULL;
}
*len = EAP_FAST_KEY_LEN; *len = EAP_FAST_KEY_LEN;
return eapKeyData; return eapKeyData;
@ -1583,7 +1586,10 @@ static u8 * eap_fast_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
if (eapKeyData == NULL) if (eapKeyData == NULL)
return NULL; return NULL;
eap_fast_derive_eap_emsk(data->simck, eapKeyData); if (eap_fast_derive_eap_emsk(data->simck, eapKeyData) < 0) {
os_free(eapKeyData);
return NULL;
}
*len = EAP_EMSK_LEN; *len = EAP_EMSK_LEN;
return eapKeyData; return eapKeyData;