EAP-pwd peer: Export Session-Id through getSessionId callback
EAP-pwd was already deriving the EAP Session-Id, but it was not yet exposed through the EAP method API. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
cfdb32e88f
commit
13e2574f7d
4 changed files with 27 additions and 5 deletions
|
@ -284,11 +284,10 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
|
||||||
int compute_keys(EAP_PWD_group *grp, BN_CTX *bnctx, BIGNUM *k,
|
int compute_keys(EAP_PWD_group *grp, BN_CTX *bnctx, BIGNUM *k,
|
||||||
BIGNUM *peer_scalar, BIGNUM *server_scalar,
|
BIGNUM *peer_scalar, BIGNUM *server_scalar,
|
||||||
u8 *confirm_peer, u8 *confirm_server,
|
u8 *confirm_peer, u8 *confirm_server,
|
||||||
u32 *ciphersuite, u8 *msk, u8 *emsk)
|
u32 *ciphersuite, u8 *msk, u8 *emsk, u8 *session_id)
|
||||||
{
|
{
|
||||||
struct crypto_hash *hash;
|
struct crypto_hash *hash;
|
||||||
u8 mk[SHA256_MAC_LEN], *cruft;
|
u8 mk[SHA256_MAC_LEN], *cruft;
|
||||||
u8 session_id[SHA256_MAC_LEN + 1];
|
|
||||||
u8 msk_emsk[EAP_MSK_LEN + EAP_EMSK_LEN];
|
u8 msk_emsk[EAP_MSK_LEN + EAP_EMSK_LEN];
|
||||||
int offset;
|
int offset;
|
||||||
|
|
||||||
|
|
|
@ -59,7 +59,7 @@ struct eap_pwd_id {
|
||||||
int compute_password_element(EAP_PWD_group *, u16, u8 *, int, u8 *, int, u8 *,
|
int compute_password_element(EAP_PWD_group *, u16, u8 *, int, u8 *, int, u8 *,
|
||||||
int, u8 *);
|
int, u8 *);
|
||||||
int compute_keys(EAP_PWD_group *, BN_CTX *, BIGNUM *, BIGNUM *, BIGNUM *,
|
int compute_keys(EAP_PWD_group *, BN_CTX *, BIGNUM *, BIGNUM *, BIGNUM *,
|
||||||
u8 *, u8 *, u32 *, u8 *, u8 *);
|
u8 *, u8 *, u32 *, u8 *, u8 *, u8 *);
|
||||||
struct crypto_hash * eap_pwd_h_init(void);
|
struct crypto_hash * eap_pwd_h_init(void);
|
||||||
void eap_pwd_h_update(struct crypto_hash *hash, const u8 *data, size_t len);
|
void eap_pwd_h_update(struct crypto_hash *hash, const u8 *data, size_t len);
|
||||||
void eap_pwd_h_final(struct crypto_hash *hash, u8 *digest);
|
void eap_pwd_h_final(struct crypto_hash *hash, u8 *digest);
|
||||||
|
|
|
@ -43,6 +43,7 @@ struct eap_pwd_data {
|
||||||
|
|
||||||
u8 msk[EAP_MSK_LEN];
|
u8 msk[EAP_MSK_LEN];
|
||||||
u8 emsk[EAP_EMSK_LEN];
|
u8 emsk[EAP_EMSK_LEN];
|
||||||
|
u8 session_id[1 + SHA256_MAC_LEN];
|
||||||
|
|
||||||
BN_CTX *bnctx;
|
BN_CTX *bnctx;
|
||||||
};
|
};
|
||||||
|
@ -189,6 +190,25 @@ static u8 * eap_pwd_getkey(struct eap_sm *sm, void *priv, size_t *len)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static u8 * eap_pwd_get_session_id(struct eap_sm *sm, void *priv, size_t *len)
|
||||||
|
{
|
||||||
|
struct eap_pwd_data *data = priv;
|
||||||
|
u8 *id;
|
||||||
|
|
||||||
|
if (data->state != SUCCESS)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
id = os_malloc(1 + SHA256_MAC_LEN);
|
||||||
|
if (id == NULL)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
os_memcpy(id, data->session_id, 1 + SHA256_MAC_LEN);
|
||||||
|
*len = 1 + SHA256_MAC_LEN;
|
||||||
|
|
||||||
|
return id;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
static void
|
static void
|
||||||
eap_pwd_perform_id_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
|
eap_pwd_perform_id_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
|
||||||
struct eap_method_ret *ret,
|
struct eap_method_ret *ret,
|
||||||
|
@ -647,7 +667,7 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
|
||||||
|
|
||||||
if (compute_keys(data->grp, data->bnctx, data->k,
|
if (compute_keys(data->grp, data->bnctx, data->k,
|
||||||
data->my_scalar, data->server_scalar, conf, ptr,
|
data->my_scalar, data->server_scalar, conf, ptr,
|
||||||
&cs, data->msk, data->emsk) < 0) {
|
&cs, data->msk, data->emsk, data->session_id) < 0) {
|
||||||
wpa_printf(MSG_INFO, "EAP-PWD (peer): unable to compute MSK | "
|
wpa_printf(MSG_INFO, "EAP-PWD (peer): unable to compute MSK | "
|
||||||
"EMSK");
|
"EMSK");
|
||||||
goto fin;
|
goto fin;
|
||||||
|
@ -934,6 +954,7 @@ int eap_peer_pwd_register(void)
|
||||||
eap->process = eap_pwd_process;
|
eap->process = eap_pwd_process;
|
||||||
eap->isKeyAvailable = eap_pwd_key_available;
|
eap->isKeyAvailable = eap_pwd_key_available;
|
||||||
eap->getKey = eap_pwd_getkey;
|
eap->getKey = eap_pwd_getkey;
|
||||||
|
eap->getSessionId = eap_pwd_get_session_id;
|
||||||
eap->get_emsk = eap_pwd_get_emsk;
|
eap->get_emsk = eap_pwd_get_emsk;
|
||||||
|
|
||||||
ret = eap_peer_method_register(eap);
|
ret = eap_peer_method_register(eap);
|
||||||
|
|
|
@ -45,6 +45,7 @@ struct eap_pwd_data {
|
||||||
|
|
||||||
u8 msk[EAP_MSK_LEN];
|
u8 msk[EAP_MSK_LEN];
|
||||||
u8 emsk[EAP_EMSK_LEN];
|
u8 emsk[EAP_EMSK_LEN];
|
||||||
|
u8 session_id[1 + SHA256_MAC_LEN];
|
||||||
|
|
||||||
BN_CTX *bnctx;
|
BN_CTX *bnctx;
|
||||||
};
|
};
|
||||||
|
@ -841,7 +842,8 @@ eap_pwd_process_confirm_resp(struct eap_sm *sm, struct eap_pwd_data *data,
|
||||||
wpa_printf(MSG_DEBUG, "EAP-pwd (server): confirm verified");
|
wpa_printf(MSG_DEBUG, "EAP-pwd (server): confirm verified");
|
||||||
if (compute_keys(data->grp, data->bnctx, data->k,
|
if (compute_keys(data->grp, data->bnctx, data->k,
|
||||||
data->peer_scalar, data->my_scalar, conf,
|
data->peer_scalar, data->my_scalar, conf,
|
||||||
data->my_confirm, &cs, data->msk, data->emsk) < 0)
|
data->my_confirm, &cs, data->msk, data->emsk,
|
||||||
|
data->session_id) < 0)
|
||||||
eap_pwd_state(data, FAILURE);
|
eap_pwd_state(data, FAILURE);
|
||||||
else
|
else
|
||||||
eap_pwd_state(data, SUCCESS);
|
eap_pwd_state(data, SUCCESS);
|
||||||
|
|
Loading…
Reference in a new issue