@ -276,10 +276,10 @@ static struct wpabuf * eap_pax_process_std_3(struct eap_pax_data *data,
left - = 2 ;
wpa_hexdump ( MSG_MSGDUMP , " EAP-PAX: MAC_CK(B, CID) " ,
pos , EAP_PAX_MAC_LEN ) ;
eap_pax_mac ( data - > mac_id , data - > ck , EAP_PAX_CK_LEN ,
data - > rand . r . y , EAP_PAX_RAND_LEN ,
( u8 * ) data - > cid , data - > cid_len , NULL , 0 , mac ) ;
if ( os_memcmp_const ( pos , mac , EAP_PAX_MAC_LEN ) ! = 0 ) {
if ( eap_pax_mac ( data - > mac_id , data - > ck , EAP_PAX_CK_LEN ,
data - > rand . r . y , EAP_PAX_RAND_LEN ,
( u8 * ) data - > cid , data - > cid_len , NULL , 0 , mac ) < 0 | |
os_memcmp_const ( pos , mac , EAP_PAX_MAC_LEN ) ! = 0 ) {
wpa_printf ( MSG_INFO , " EAP-PAX: Invalid MAC_CK(B, CID) "
" received " ) ;
wpa_hexdump ( MSG_MSGDUMP , " EAP-PAX: expected MAC_CK(B, CID) " ,
@ -306,9 +306,12 @@ static struct wpabuf * eap_pax_process_std_3(struct eap_pax_data *data,
/* Optional ADE could be added here, if needed */
rpos = wpabuf_put ( resp , EAP_PAX_ICV_LEN ) ;
eap_pax_mac ( data - > mac_id , data - > ick , EAP_PAX_ICK_LEN ,
wpabuf_head ( resp ) , wpabuf_len ( resp ) - EAP_PAX_ICV_LEN ,
NULL , 0 , NULL , 0 , rpos ) ;
if ( eap_pax_mac ( data - > mac_id , data - > ick , EAP_PAX_ICK_LEN ,
wpabuf_head ( resp ) , wpabuf_len ( resp ) - EAP_PAX_ICV_LEN ,
NULL , 0 , NULL , 0 , rpos ) < 0 ) {
wpabuf_free ( resp ) ;
return NULL ;
}
wpa_hexdump ( MSG_MSGDUMP , " EAP-PAX: ICV " , rpos , EAP_PAX_ICV_LEN ) ;
data - > state = PAX_DONE ;
@ -472,9 +475,13 @@ static u8 * eap_pax_getKey(struct eap_sm *sm, void *priv, size_t *len)
return NULL ;
* len = EAP_MSK_LEN ;
eap_pax_kdf ( data - > mac_id , data - > mk , EAP_PAX_MK_LEN ,
" Master Session Key " , data - > rand . e , 2 * EAP_PAX_RAND_LEN ,
EAP_MSK_LEN , key ) ;
if ( eap_pax_kdf ( data - > mac_id , data - > mk , EAP_PAX_MK_LEN ,
" Master Session Key " ,
data - > rand . e , 2 * EAP_PAX_RAND_LEN ,
EAP_MSK_LEN , key ) < 0 ) {
os_free ( key ) ;
return NULL ;
}
return key ;
}
@ -493,10 +500,13 @@ static u8 * eap_pax_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
return NULL ;
* len = EAP_EMSK_LEN ;
eap_pax_kdf ( data - > mac_id , data - > mk , EAP_PAX_MK_LEN ,
" Extended Master Session Key " ,
data - > rand . e , 2 * EAP_PAX_RAND_LEN ,
EAP_EMSK_LEN , key ) ;
if ( eap_pax_kdf ( data - > mac_id , data - > mk , EAP_PAX_MK_LEN ,
" Extended Master Session Key " ,
data - > rand . e , 2 * EAP_PAX_RAND_LEN ,
EAP_EMSK_LEN , key ) < 0 ) {
os_free ( key ) ;
return NULL ;
}
return key ;
}