mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-25 08:48:31 -05:00
EAP-PEAP server: Add support for fast-connect crypto binding
IPMK and CMK are derived from TK when using TLS session resumption with PEAPv0 crypto binding. The EAP-PEAP peer implementation already supported this, but the server side did not. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
09ad98c58a
commit
6ca5838b01
@ -335,6 +335,18 @@ static int eap_peap_derive_cmk(struct eap_sm *sm, struct eap_peap_data *data)
|
||||
return -1;
|
||||
wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: TK", tk, 60);
|
||||
|
||||
if (tls_connection_resumed(sm->ssl_ctx, data->ssl.conn)) {
|
||||
/* Fast-connect: IPMK|CMK = TK */
|
||||
os_memcpy(data->ipmk, tk, 40);
|
||||
wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: IPMK from TK",
|
||||
data->ipmk, 40);
|
||||
os_memcpy(data->cmk, tk + 40, 20);
|
||||
wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: CMK from TK",
|
||||
data->cmk, 20);
|
||||
os_free(tk);
|
||||
return 0;
|
||||
}
|
||||
|
||||
eap_peap_get_isk(data, isk, sizeof(isk));
|
||||
wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: ISK", isk, sizeof(isk));
|
||||
|
||||
@ -357,7 +369,6 @@ static int eap_peap_derive_cmk(struct eap_sm *sm, struct eap_peap_data *data)
|
||||
|
||||
os_free(tk);
|
||||
|
||||
/* TODO: fast-connect: IPMK|CMK = TK */
|
||||
os_memcpy(data->ipmk, imck, 40);
|
||||
wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: IPMK (S-IPMKj)", data->ipmk, 40);
|
||||
os_memcpy(data->cmk, imck + 40, 20);
|
||||
@ -1267,8 +1278,9 @@ static void eap_peap_process(struct eap_sm *sm, void *priv,
|
||||
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"EAP-PEAP: Resuming previous session - skip Phase2");
|
||||
eap_peap_state(data, SUCCESS_REQ);
|
||||
tls_connection_set_success_data_resumed(data->ssl.conn);
|
||||
eap_peap_req_success(sm, data);
|
||||
if (data->state == SUCCESS_REQ)
|
||||
tls_connection_set_success_data_resumed(data->ssl.conn);
|
||||
}
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user