EAP-PEAP peer: Cryptobinding in fast-reconnect case with inner EAP
This was reported to fail with Windows 2012r2 with "Invalid Compound_MAC in cryptobinding TLV". It turns out that the server decided to go through inner EAP method (EAP-MSCHAPv2 in the reported case) even when using PEAP fast-reconnect. This seems to be against the [MS-PEAP] specification which claims that inner EAP method is not used in such a case. This resulted in a different CMK being derived by the server (used the version that used ISK) and wpa_supplicant (used the version where IPMK|CMK = TK without ISK when using fast-reconnect). Fix this interop issue by making wpa_supplicant to use the fast-reconnect version of CMK derivation only when using TLS session resumption and the server having not initiated inner EAP method before going through the cryptobinding exchange. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
cba9ebfdc2
commit
acc39435ff
1 changed files with 7 additions and 2 deletions
|
@ -253,6 +253,7 @@ static int eap_peap_derive_cmk(struct eap_sm *sm, struct eap_peap_data *data)
|
||||||
{
|
{
|
||||||
u8 *tk;
|
u8 *tk;
|
||||||
u8 isk[32], imck[60];
|
u8 isk[32], imck[60];
|
||||||
|
int resumed;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Tunnel key (TK) is the first 60 octets of the key generated by
|
* Tunnel key (TK) is the first 60 octets of the key generated by
|
||||||
|
@ -263,8 +264,12 @@ static int eap_peap_derive_cmk(struct eap_sm *sm, struct eap_peap_data *data)
|
||||||
return -1;
|
return -1;
|
||||||
wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: TK", tk, 60);
|
wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: TK", tk, 60);
|
||||||
|
|
||||||
if (data->reauth &&
|
resumed = tls_connection_resumed(sm->ssl_ctx, data->ssl.conn);
|
||||||
tls_connection_resumed(sm->ssl_ctx, data->ssl.conn)) {
|
wpa_printf(MSG_DEBUG,
|
||||||
|
"EAP-PEAP: CMK derivation - reauth=%d resumed=%d phase2_eap_started=%d phase2_success=%d",
|
||||||
|
data->reauth, resumed, data->phase2_eap_started,
|
||||||
|
data->phase2_success);
|
||||||
|
if (data->reauth && !data->phase2_eap_started && resumed) {
|
||||||
/* Fast-connect: IPMK|CMK = TK */
|
/* Fast-connect: IPMK|CMK = TK */
|
||||||
os_memcpy(data->ipmk, tk, 40);
|
os_memcpy(data->ipmk, tk, 40);
|
||||||
wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: IPMK from TK",
|
wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: IPMK from TK",
|
||||||
|
|
Loading…
Reference in a new issue