mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-28 10:18:21 -05:00
EAP-PEAP: Fixed interop issues in key derivation with cryptobinding
It looks like Microsoft implementation does not match with their specification as far as PRF+ label usage is concerned.. IPMK|CMK is derived without null termination on the label, but the label for CSK derivation must be null terminated. This allows cryptobinding to be used with PEAPv0 in a way that interoperates with Windows XP SP3 (RC2) and as such, this functionality is now enabled as an optional addition to PEAPv0.
This commit is contained in:
parent
32f049b2af
commit
e7d8003358
@ -8,6 +8,7 @@ ChangeLog for hostapd
|
||||
(this version implements the EAP-TNC method and EAP-TTLS/EAP-FAST
|
||||
changes needed to run two methods in sequence (IF-T) and the IF-IMV
|
||||
and IF-TNCCS interfaces from TNCS)
|
||||
* added support for optional cryptobinding with PEAPv0
|
||||
|
||||
2008-02-22 - v0.6.3
|
||||
* fixed Reassociation Response callback processing when using internal
|
||||
|
@ -117,7 +117,7 @@ static void * eap_peap_init(struct eap_sm *sm)
|
||||
data->peap_version = EAP_PEAP_VERSION;
|
||||
data->force_peap_version = -1;
|
||||
data->peap_outer_success = 2;
|
||||
data->crypto_binding = NO_BINDING;
|
||||
data->crypto_binding = OPTIONAL_BINDING;
|
||||
|
||||
if (config && config->phase1 &&
|
||||
eap_peap_parse_phase1(data, config->phase1) < 0) {
|
||||
@ -1249,9 +1249,14 @@ static u8 * eap_peap_getKey(struct eap_sm *sm, void *priv, size_t *len)
|
||||
|
||||
if (data->crypto_binding_used) {
|
||||
u8 csk[128];
|
||||
/*
|
||||
* Note: It looks like Microsoft implementation requires null
|
||||
* termination for this label while the one used for deriving
|
||||
* IPMK|CMK did not use null termination.
|
||||
*/
|
||||
peap_prfplus(data->peap_version, data->ipmk, 40,
|
||||
"Session Key Generating Function",
|
||||
(u8 *) "", 0, csk, sizeof(csk));
|
||||
(u8 *) "\00", 1, csk, sizeof(csk));
|
||||
wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: CSK", csk, sizeof(csk));
|
||||
os_memcpy(key, csk, EAP_TLS_KEY_LEN);
|
||||
wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Derived key",
|
||||
|
@ -177,7 +177,7 @@ static void * eap_peap_init(struct eap_sm *sm)
|
||||
data->peap_version = data->force_version;
|
||||
}
|
||||
data->state = START;
|
||||
data->crypto_binding = NO_BINDING;
|
||||
data->crypto_binding = OPTIONAL_BINDING;
|
||||
|
||||
if (eap_server_tls_ssl_init(sm, &data->ssl, 0)) {
|
||||
wpa_printf(MSG_INFO, "EAP-PEAP: Failed to initialize SSL.");
|
||||
@ -1271,9 +1271,14 @@ static u8 * eap_peap_getKey(struct eap_sm *sm, void *priv, size_t *len)
|
||||
|
||||
if (data->crypto_binding_used) {
|
||||
u8 csk[128];
|
||||
/*
|
||||
* Note: It looks like Microsoft implementation requires null
|
||||
* termination for this label while the one used for deriving
|
||||
* IPMK|CMK did not use null termination.
|
||||
*/
|
||||
peap_prfplus(data->peap_version, data->ipmk, 40,
|
||||
"Session Key Generating Function",
|
||||
(u8 *) "", 0, csk, sizeof(csk));
|
||||
(u8 *) "\00", 1, csk, sizeof(csk));
|
||||
wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: CSK", csk, sizeof(csk));
|
||||
eapKeyData = os_malloc(EAP_TLS_KEY_LEN);
|
||||
if (eapKeyData) {
|
||||
|
@ -4,6 +4,7 @@ ChangeLog for wpa_supplicant
|
||||
* added support for EAP Sequences in EAP-FAST Phase 2
|
||||
* added support for using TNC with EAP-FAST
|
||||
* added driver_ps3 for the PS3 Linux wireless driver
|
||||
* added support for optional cryptobinding with PEAPv0
|
||||
|
||||
2008-02-22 - v0.6.3
|
||||
* removed 'nai' and 'eappsk' network configuration variables that were
|
||||
|
Loading…
Reference in New Issue
Block a user