EAP-PAX: Check hmac_sha1_vector() return value
This function can fail at least in theory, so check its return value before proceeding. This is mainly helping automated test case coverage to reach some more error paths. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
1e35aa15a4
commit
7a36f1184e
2 changed files with 28 additions and 16 deletions
|
@ -57,7 +57,8 @@ int eap_pax_kdf(u8 mac_id, const u8 *key, size_t key_len,
|
||||||
left = output_len;
|
left = output_len;
|
||||||
for (counter = 1; counter <= (u8) num_blocks; counter++) {
|
for (counter = 1; counter <= (u8) num_blocks; counter++) {
|
||||||
size_t clen = left > EAP_PAX_MAC_LEN ? EAP_PAX_MAC_LEN : left;
|
size_t clen = left > EAP_PAX_MAC_LEN ? EAP_PAX_MAC_LEN : left;
|
||||||
hmac_sha1_vector(key, key_len, 3, addr, len, mac);
|
if (hmac_sha1_vector(key, key_len, 3, addr, len, mac) < 0)
|
||||||
|
return -1;
|
||||||
os_memcpy(pos, mac, clen);
|
os_memcpy(pos, mac, clen);
|
||||||
pos += clen;
|
pos += clen;
|
||||||
left -= clen;
|
left -= clen;
|
||||||
|
@ -106,7 +107,8 @@ int eap_pax_mac(u8 mac_id, const u8 *key, size_t key_len,
|
||||||
len[2] = data3_len;
|
len[2] = data3_len;
|
||||||
|
|
||||||
count = (data1 ? 1 : 0) + (data2 ? 1 : 0) + (data3 ? 1 : 0);
|
count = (data1 ? 1 : 0) + (data2 ? 1 : 0) + (data3 ? 1 : 0);
|
||||||
hmac_sha1_vector(key, key_len, count, addr, len, hash);
|
if (hmac_sha1_vector(key, key_len, count, addr, len, hash) < 0)
|
||||||
|
return -1;
|
||||||
os_memcpy(mac, hash, EAP_PAX_MAC_LEN);
|
os_memcpy(mac, hash, EAP_PAX_MAC_LEN);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
|
|
@ -276,10 +276,10 @@ static struct wpabuf * eap_pax_process_std_3(struct eap_pax_data *data,
|
||||||
left -= 2;
|
left -= 2;
|
||||||
wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: MAC_CK(B, CID)",
|
wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: MAC_CK(B, CID)",
|
||||||
pos, EAP_PAX_MAC_LEN);
|
pos, EAP_PAX_MAC_LEN);
|
||||||
eap_pax_mac(data->mac_id, data->ck, EAP_PAX_CK_LEN,
|
if (eap_pax_mac(data->mac_id, data->ck, EAP_PAX_CK_LEN,
|
||||||
data->rand.r.y, EAP_PAX_RAND_LEN,
|
data->rand.r.y, EAP_PAX_RAND_LEN,
|
||||||
(u8 *) data->cid, data->cid_len, NULL, 0, mac);
|
(u8 *) data->cid, data->cid_len, NULL, 0, mac) < 0 ||
|
||||||
if (os_memcmp_const(pos, mac, EAP_PAX_MAC_LEN) != 0) {
|
os_memcmp_const(pos, mac, EAP_PAX_MAC_LEN) != 0) {
|
||||||
wpa_printf(MSG_INFO, "EAP-PAX: Invalid MAC_CK(B, CID) "
|
wpa_printf(MSG_INFO, "EAP-PAX: Invalid MAC_CK(B, CID) "
|
||||||
"received");
|
"received");
|
||||||
wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: expected MAC_CK(B, CID)",
|
wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: expected MAC_CK(B, CID)",
|
||||||
|
@ -306,9 +306,12 @@ static struct wpabuf * eap_pax_process_std_3(struct eap_pax_data *data,
|
||||||
/* Optional ADE could be added here, if needed */
|
/* Optional ADE could be added here, if needed */
|
||||||
|
|
||||||
rpos = wpabuf_put(resp, EAP_PAX_ICV_LEN);
|
rpos = wpabuf_put(resp, EAP_PAX_ICV_LEN);
|
||||||
eap_pax_mac(data->mac_id, data->ick, EAP_PAX_ICK_LEN,
|
if (eap_pax_mac(data->mac_id, data->ick, EAP_PAX_ICK_LEN,
|
||||||
wpabuf_head(resp), wpabuf_len(resp) - EAP_PAX_ICV_LEN,
|
wpabuf_head(resp), wpabuf_len(resp) - EAP_PAX_ICV_LEN,
|
||||||
NULL, 0, NULL, 0, rpos);
|
NULL, 0, NULL, 0, rpos) < 0) {
|
||||||
|
wpabuf_free(resp);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: ICV", rpos, EAP_PAX_ICV_LEN);
|
wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: ICV", rpos, EAP_PAX_ICV_LEN);
|
||||||
|
|
||||||
data->state = PAX_DONE;
|
data->state = PAX_DONE;
|
||||||
|
@ -472,9 +475,13 @@ static u8 * eap_pax_getKey(struct eap_sm *sm, void *priv, size_t *len)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
*len = EAP_MSK_LEN;
|
*len = EAP_MSK_LEN;
|
||||||
eap_pax_kdf(data->mac_id, data->mk, EAP_PAX_MK_LEN,
|
if (eap_pax_kdf(data->mac_id, data->mk, EAP_PAX_MK_LEN,
|
||||||
"Master Session Key", data->rand.e, 2 * EAP_PAX_RAND_LEN,
|
"Master Session Key",
|
||||||
EAP_MSK_LEN, key);
|
data->rand.e, 2 * EAP_PAX_RAND_LEN,
|
||||||
|
EAP_MSK_LEN, key) < 0) {
|
||||||
|
os_free(key);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
return key;
|
return key;
|
||||||
}
|
}
|
||||||
|
@ -493,10 +500,13 @@ static u8 * eap_pax_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
*len = EAP_EMSK_LEN;
|
*len = EAP_EMSK_LEN;
|
||||||
eap_pax_kdf(data->mac_id, data->mk, EAP_PAX_MK_LEN,
|
if (eap_pax_kdf(data->mac_id, data->mk, EAP_PAX_MK_LEN,
|
||||||
"Extended Master Session Key",
|
"Extended Master Session Key",
|
||||||
data->rand.e, 2 * EAP_PAX_RAND_LEN,
|
data->rand.e, 2 * EAP_PAX_RAND_LEN,
|
||||||
EAP_EMSK_LEN, key);
|
EAP_EMSK_LEN, key) < 0) {
|
||||||
|
os_free(key);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
return key;
|
return key;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue