EAP-FAST: Define and use EAP_FAST_CMK_LEN

16 years ago · 2bab8ae401
parent ed5a02fd94
commit 2bab8ae401
3 changed files with 19 additions and 12 deletions
--- a/src/eap_common/eap_fast_common.h
+++ b/src/eap_common/eap_fast_common.h
@ -1,6 +1,6 @@
 /*
 * EAP-FAST definitions (RFC 4851)
- * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
@ -19,6 +19,7 @@
 #define EAP_FAST_KEY_LEN 64
 #define EAP_FAST_SIMCK_LEN 40
 #define EAP_FAST_SKS_LEN 40
+#define EAP_FAST_CMK_LEN 20

 #define TLS_EXT_PAC_OPAQUE 35

--- a/src/eap_peer/eap_fast.c
+++ b/src/eap_peer/eap_fast.c
@ -596,7 +596,8 @@ static void eap_fast_write_crypto_binding(
 	rbind->subtype = EAP_TLV_CRYPTO_BINDING_SUBTYPE_RESPONSE;
 	os_memcpy(rbind->nonce, _bind->nonce, sizeof(_bind->nonce));
 	inc_byte_array(rbind->nonce, sizeof(rbind->nonce));
-	hmac_sha1(cmk, 20, (u8 *) rbind, sizeof(*rbind), rbind->compound_mac);
+	hmac_sha1(cmk, EAP_FAST_CMK_LEN, (u8 *) rbind, sizeof(*rbind),
+		  rbind->compound_mac);

 	wpa_printf(MSG_DEBUG, "EAP-FAST: Reply Crypto-Binding TLV: Version %d "
 		   "Received Version %d SubType %d",
@ -670,8 +671,9 @@ static int eap_fast_get_cmk(struct eap_sm *sm, struct eap_fast_data *data,
 	os_memcpy(data->simck, imck, EAP_FAST_SIMCK_LEN);
 	wpa_hexdump_key(MSG_MSGDUMP, "EAP-FAST: S-IMCK[j]",
 			data->simck, EAP_FAST_SIMCK_LEN);
-	os_memcpy(cmk, imck + EAP_FAST_SIMCK_LEN, 20);
-	wpa_hexdump_key(MSG_MSGDUMP, "EAP-FAST: CMK[j]", cmk, 20);
+	os_memcpy(cmk, imck + EAP_FAST_SIMCK_LEN, EAP_FAST_CMK_LEN);
+	wpa_hexdump_key(MSG_MSGDUMP, "EAP-FAST: CMK[j]",
+			cmk, EAP_FAST_CMK_LEN);

 	return 0;
 }
@ -709,7 +711,7 @@ static struct wpabuf * eap_fast_process_crypto_binding(
 	struct wpabuf *resp;
 	u8 *pos;
 	struct eap_tlv_intermediate_result_tlv *rresult;
-	u8 cmk[20], cmac[20];
+	u8 cmk[EAP_FAST_CMK_LEN], cmac[SHA1_MAC_LEN];
 	int res, req_tunnel_pac = 0;
 	size_t len;

@ -724,7 +726,8 @@ static struct wpabuf * eap_fast_process_crypto_binding(
 	os_memset(_bind->compound_mac, 0, sizeof(cmac));
 	wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: Crypto-Binding TLV for Compound "
 		    "MAC calculation", (u8 *) _bind, bind_len);
-	hmac_sha1(cmk, 20, (u8 *) _bind, bind_len, _bind->compound_mac);
+	hmac_sha1(cmk, EAP_FAST_CMK_LEN, (u8 *) _bind, bind_len,
+		  _bind->compound_mac);
 	res = os_memcmp(cmac, _bind->compound_mac, sizeof(cmac));
 	wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: Received Compound MAC",
 		    cmac, sizeof(cmac));
--- a/src/eap_server/eap_fast.c
+++ b/src/eap_server/eap_fast.c
@ -63,7 +63,7 @@ struct eap_fast_data {
 	struct eap_fast_key_block_provisioning *key_block_p;

 	u8 simck[EAP_FAST_SIMCK_LEN];
-	u8 cmk[20];
+	u8 cmk[EAP_FAST_CMK_LEN];
 	int simck_idx;

 	u8 pac_opaque_encr[16];
@ -382,8 +382,9 @@ static int eap_fast_update_icmk(struct eap_sm *sm, struct eap_fast_data *data)
 	os_memcpy(data->simck, imck, EAP_FAST_SIMCK_LEN);
 	wpa_hexdump_key(MSG_MSGDUMP, "EAP-FAST: S-IMCK[j]",
 			data->simck, EAP_FAST_SIMCK_LEN);
-	os_memcpy(data->cmk, imck + EAP_FAST_SIMCK_LEN, 20);
-	wpa_hexdump_key(MSG_MSGDUMP, "EAP-FAST: CMK[j]", data->cmk, 20);
+	os_memcpy(data->cmk, imck + EAP_FAST_SIMCK_LEN, EAP_FAST_CMK_LEN);
+	wpa_hexdump_key(MSG_MSGDUMP, "EAP-FAST: CMK[j]",
+			data->cmk, EAP_FAST_CMK_LEN);

 	return 0;
 }
@ -663,7 +664,8 @@ static struct wpabuf * eap_fast_build_crypto_binding(
 	 * Compound-MAC = HMAC-SHA1( CMK, Crypto-Binding TLV )
 	 */

-	hmac_sha1(data->cmk, 20, (u8 *) binding, sizeof(*binding),
+	hmac_sha1(data->cmk, EAP_FAST_CMK_LEN,
+		  (u8 *) binding, sizeof(*binding),
 		  binding->compound_mac);

 	wpa_printf(MSG_DEBUG, "EAP-FAST: Add Crypto-Binding TLV: Version %d "
@ -1082,7 +1084,7 @@ static int eap_fast_validate_crypto_binding(
 	struct eap_fast_data *data, struct eap_tlv_crypto_binding_tlv *b,
 	size_t bind_len)
 {
-	u8 cmac[20];
+	u8 cmac[SHA1_MAC_LEN];

 	wpa_printf(MSG_DEBUG, "EAP-FAST: Reply Crypto-Binding TLV: "
 		   "Version %d Received Version %d SubType %d",
@ -1119,7 +1121,8 @@ static int eap_fast_validate_crypto_binding(
 	wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: Crypto-Binding TLV for "
 		    "Compound MAC calculation",
 		    (u8 *) b, bind_len);
-	hmac_sha1(data->cmk, 20, (u8 *) b, bind_len, b->compound_mac);
+	hmac_sha1(data->cmk, EAP_FAST_CMK_LEN, (u8 *) b, bind_len,
+		  b->compound_mac);
 	if (os_memcmp(cmac, b->compound_mac, sizeof(cmac)) != 0) {
 		wpa_hexdump(MSG_MSGDUMP,
 			    "EAP-FAST: Calculated Compound MAC",