EAP-pwd peer: Export Session-Id through getSessionId callback
EAP-pwd was already deriving the EAP Session-Id, but it was not yet exposed through the EAP method API. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
cfdb32e88f
commit
13e2574f7d
|
|
@ -284,11 +284,10 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
|
|||
int compute_keys(EAP_PWD_group *grp, BN_CTX *bnctx, BIGNUM *k,
|
||||
BIGNUM *peer_scalar, BIGNUM *server_scalar,
|
||||
u8 *confirm_peer, u8 *confirm_server,
|
||||
u32 *ciphersuite, u8 *msk, u8 *emsk)
|
||||
u32 *ciphersuite, u8 *msk, u8 *emsk, u8 *session_id)
|
||||
{
|
||||
struct crypto_hash *hash;
|
||||
u8 mk[SHA256_MAC_LEN], *cruft;
|
||||
u8 session_id[SHA256_MAC_LEN + 1];
|
||||
u8 msk_emsk[EAP_MSK_LEN + EAP_EMSK_LEN];
|
||||
int offset;
|
||||
|
||||
|
|
|
|||
|
|
@ -59,7 +59,7 @@ struct eap_pwd_id {
|
|||
int compute_password_element(EAP_PWD_group *, u16, u8 *, int, u8 *, int, u8 *,
|
||||
int, u8 *);
|
||||
int compute_keys(EAP_PWD_group *, BN_CTX *, BIGNUM *, BIGNUM *, BIGNUM *,
|
||||
u8 *, u8 *, u32 *, u8 *, u8 *);
|
||||
u8 *, u8 *, u32 *, u8 *, u8 *, u8 *);
|
||||
struct crypto_hash * eap_pwd_h_init(void);
|
||||
void eap_pwd_h_update(struct crypto_hash *hash, const u8 *data, size_t len);
|
||||
void eap_pwd_h_final(struct crypto_hash *hash, u8 *digest);
|
||||
|
|
|
|||
|
|
@ -43,6 +43,7 @@ struct eap_pwd_data {
|
|||
|
||||
u8 msk[EAP_MSK_LEN];
|
||||
u8 emsk[EAP_EMSK_LEN];
|
||||
u8 session_id[1 + SHA256_MAC_LEN];
|
||||
|
||||
BN_CTX *bnctx;
|
||||
};
|
||||
|
|
@ -189,6 +190,25 @@ static u8 * eap_pwd_getkey(struct eap_sm *sm, void *priv, size_t *len)
|
|||
}
|
||||
|
||||
|
||||
static u8 * eap_pwd_get_session_id(struct eap_sm *sm, void *priv, size_t *len)
|
||||
{
|
||||
struct eap_pwd_data *data = priv;
|
||||
u8 *id;
|
||||
|
||||
if (data->state != SUCCESS)
|
||||
return NULL;
|
||||
|
||||
id = os_malloc(1 + SHA256_MAC_LEN);
|
||||
if (id == NULL)
|
||||
return NULL;
|
||||
|
||||
os_memcpy(id, data->session_id, 1 + SHA256_MAC_LEN);
|
||||
*len = 1 + SHA256_MAC_LEN;
|
||||
|
||||
return id;
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
eap_pwd_perform_id_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
|
||||
struct eap_method_ret *ret,
|
||||
|
|
@ -647,7 +667,7 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
|
|||
|
||||
if (compute_keys(data->grp, data->bnctx, data->k,
|
||||
data->my_scalar, data->server_scalar, conf, ptr,
|
||||
&cs, data->msk, data->emsk) < 0) {
|
||||
&cs, data->msk, data->emsk, data->session_id) < 0) {
|
||||
wpa_printf(MSG_INFO, "EAP-PWD (peer): unable to compute MSK | "
|
||||
"EMSK");
|
||||
goto fin;
|
||||
|
|
@ -934,6 +954,7 @@ int eap_peer_pwd_register(void)
|
|||
eap->process = eap_pwd_process;
|
||||
eap->isKeyAvailable = eap_pwd_key_available;
|
||||
eap->getKey = eap_pwd_getkey;
|
||||
eap->getSessionId = eap_pwd_get_session_id;
|
||||
eap->get_emsk = eap_pwd_get_emsk;
|
||||
|
||||
ret = eap_peer_method_register(eap);
|
||||
|
|
|
|||
|
|
@ -45,6 +45,7 @@ struct eap_pwd_data {
|
|||
|
||||
u8 msk[EAP_MSK_LEN];
|
||||
u8 emsk[EAP_EMSK_LEN];
|
||||
u8 session_id[1 + SHA256_MAC_LEN];
|
||||
|
||||
BN_CTX *bnctx;
|
||||
};
|
||||
|
|
@ -841,7 +842,8 @@ eap_pwd_process_confirm_resp(struct eap_sm *sm, struct eap_pwd_data *data,
|
|||
wpa_printf(MSG_DEBUG, "EAP-pwd (server): confirm verified");
|
||||
if (compute_keys(data->grp, data->bnctx, data->k,
|
||||
data->peer_scalar, data->my_scalar, conf,
|
||||
data->my_confirm, &cs, data->msk, data->emsk) < 0)
|
||||
data->my_confirm, &cs, data->msk, data->emsk,
|
||||
data->session_id) < 0)
|
||||
eap_pwd_state(data, FAILURE);
|
||||
else
|
||||
eap_pwd_state(data, SUCCESS);
|
||||
|
|
|
|||
Loading…
Reference in a new issue