EAP-SAKE: Use configured server identity

Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2013-07-06 18:38:39 +03:00
parent a607b42eeb
commit 489202ddce

View file

@ -27,8 +27,6 @@ struct eap_sake_data {
u8 session_id; u8 session_id;
u8 *peerid; u8 *peerid;
size_t peerid_len; size_t peerid_len;
u8 *serverid;
size_t serverid_len;
}; };
@ -77,11 +75,6 @@ static void * eap_sake_init(struct eap_sm *sm)
wpa_printf(MSG_DEBUG, "EAP-SAKE: Initialized Session ID %d", wpa_printf(MSG_DEBUG, "EAP-SAKE: Initialized Session ID %d",
data->session_id); data->session_id);
/* TODO: add support for configuring SERVERID */
data->serverid = (u8 *) os_strdup("hostapd");
if (data->serverid)
data->serverid_len = os_strlen((char *) data->serverid);
return data; return data;
} }
@ -89,7 +82,6 @@ static void * eap_sake_init(struct eap_sm *sm)
static void eap_sake_reset(struct eap_sm *sm, void *priv) static void eap_sake_reset(struct eap_sm *sm, void *priv)
{ {
struct eap_sake_data *data = priv; struct eap_sake_data *data = priv;
os_free(data->serverid);
os_free(data->peerid); os_free(data->peerid);
os_free(data); os_free(data);
} }
@ -131,8 +123,7 @@ static struct wpabuf * eap_sake_build_identity(struct eap_sm *sm,
wpa_printf(MSG_DEBUG, "EAP-SAKE: Request/Identity"); wpa_printf(MSG_DEBUG, "EAP-SAKE: Request/Identity");
plen = 4; plen = 4;
if (data->serverid) plen += 2 + sm->server_id_len;
plen += 2 + data->serverid_len;
msg = eap_sake_build_msg(data, id, plen, EAP_SAKE_SUBTYPE_IDENTITY); msg = eap_sake_build_msg(data, id, plen, EAP_SAKE_SUBTYPE_IDENTITY);
if (msg == NULL) { if (msg == NULL) {
data->state = FAILURE; data->state = FAILURE;
@ -142,11 +133,9 @@ static struct wpabuf * eap_sake_build_identity(struct eap_sm *sm,
wpa_printf(MSG_DEBUG, "EAP-SAKE: * AT_PERM_ID_REQ"); wpa_printf(MSG_DEBUG, "EAP-SAKE: * AT_PERM_ID_REQ");
eap_sake_add_attr(msg, EAP_SAKE_AT_PERM_ID_REQ, NULL, 2); eap_sake_add_attr(msg, EAP_SAKE_AT_PERM_ID_REQ, NULL, 2);
if (data->serverid) { wpa_printf(MSG_DEBUG, "EAP-SAKE: * AT_SERVERID");
wpa_printf(MSG_DEBUG, "EAP-SAKE: * AT_SERVERID"); eap_sake_add_attr(msg, EAP_SAKE_AT_SERVERID,
eap_sake_add_attr(msg, EAP_SAKE_AT_SERVERID, sm->server_id, sm->server_id_len);
data->serverid, data->serverid_len);
}
return msg; return msg;
} }
@ -169,9 +158,7 @@ static struct wpabuf * eap_sake_build_challenge(struct eap_sm *sm,
wpa_hexdump(MSG_MSGDUMP, "EAP-SAKE: RAND_S (server rand)", wpa_hexdump(MSG_MSGDUMP, "EAP-SAKE: RAND_S (server rand)",
data->rand_s, EAP_SAKE_RAND_LEN); data->rand_s, EAP_SAKE_RAND_LEN);
plen = 2 + EAP_SAKE_RAND_LEN; plen = 2 + EAP_SAKE_RAND_LEN + 2 + sm->server_id_len;
if (data->serverid)
plen += 2 + data->serverid_len;
msg = eap_sake_build_msg(data, id, plen, EAP_SAKE_SUBTYPE_CHALLENGE); msg = eap_sake_build_msg(data, id, plen, EAP_SAKE_SUBTYPE_CHALLENGE);
if (msg == NULL) { if (msg == NULL) {
data->state = FAILURE; data->state = FAILURE;
@ -182,11 +169,9 @@ static struct wpabuf * eap_sake_build_challenge(struct eap_sm *sm,
eap_sake_add_attr(msg, EAP_SAKE_AT_RAND_S, eap_sake_add_attr(msg, EAP_SAKE_AT_RAND_S,
data->rand_s, EAP_SAKE_RAND_LEN); data->rand_s, EAP_SAKE_RAND_LEN);
if (data->serverid) { wpa_printf(MSG_DEBUG, "EAP-SAKE: * AT_SERVERID");
wpa_printf(MSG_DEBUG, "EAP-SAKE: * AT_SERVERID"); eap_sake_add_attr(msg, EAP_SAKE_AT_SERVERID,
eap_sake_add_attr(msg, EAP_SAKE_AT_SERVERID, sm->server_id, sm->server_id_len);
data->serverid, data->serverid_len);
}
return msg; return msg;
} }
@ -213,7 +198,7 @@ static struct wpabuf * eap_sake_build_confirm(struct eap_sm *sm,
wpabuf_put_u8(msg, 2 + EAP_SAKE_MIC_LEN); wpabuf_put_u8(msg, 2 + EAP_SAKE_MIC_LEN);
mic = wpabuf_put(msg, EAP_SAKE_MIC_LEN); mic = wpabuf_put(msg, EAP_SAKE_MIC_LEN);
if (eap_sake_compute_mic(data->tek.auth, data->rand_s, data->rand_p, if (eap_sake_compute_mic(data->tek.auth, data->rand_s, data->rand_p,
data->serverid, data->serverid_len, sm->server_id, sm->server_id_len,
data->peerid, data->peerid_len, 0, data->peerid, data->peerid_len, 0,
wpabuf_head(msg), wpabuf_len(msg), mic, mic)) wpabuf_head(msg), wpabuf_len(msg), mic, mic))
{ {
@ -362,7 +347,7 @@ static void eap_sake_process_challenge(struct eap_sm *sm,
(u8 *) &data->tek, data->msk, data->emsk); (u8 *) &data->tek, data->msk, data->emsk);
eap_sake_compute_mic(data->tek.auth, data->rand_s, data->rand_p, eap_sake_compute_mic(data->tek.auth, data->rand_s, data->rand_p,
data->serverid, data->serverid_len, sm->server_id, sm->server_id_len,
data->peerid, data->peerid_len, 1, data->peerid, data->peerid_len, 1,
wpabuf_head(respData), wpabuf_len(respData), wpabuf_head(respData), wpabuf_len(respData),
attr.mic_p, mic_p); attr.mic_p, mic_p);
@ -399,7 +384,7 @@ static void eap_sake_process_confirm(struct eap_sm *sm,
} }
eap_sake_compute_mic(data->tek.auth, data->rand_s, data->rand_p, eap_sake_compute_mic(data->tek.auth, data->rand_s, data->rand_p,
data->serverid, data->serverid_len, sm->server_id, sm->server_id_len,
data->peerid, data->peerid_len, 1, data->peerid, data->peerid_len, 1,
wpabuf_head(respData), wpabuf_len(respData), wpabuf_head(respData), wpabuf_len(respData),
attr.mic_p, mic_p); attr.mic_p, mic_p);