EAP-PEAP: Fixed interop issues in key derivation with cryptobinding
It looks like Microsoft implementation does not match with their specification as far as PRF+ label usage is concerned.. IPMK|CMK is derived without null termination on the label, but the label for CSK derivation must be null terminated. This allows cryptobinding to be used with PEAPv0 in a way that interoperates with Windows XP SP3 (RC2) and as such, this functionality is now enabled as an optional addition to PEAPv0.
This commit is contained in:
parent
32f049b2af
commit
e7d8003358
4 changed files with 16 additions and 4 deletions
|
@ -8,6 +8,7 @@ ChangeLog for hostapd
|
||||||
(this version implements the EAP-TNC method and EAP-TTLS/EAP-FAST
|
(this version implements the EAP-TNC method and EAP-TTLS/EAP-FAST
|
||||||
changes needed to run two methods in sequence (IF-T) and the IF-IMV
|
changes needed to run two methods in sequence (IF-T) and the IF-IMV
|
||||||
and IF-TNCCS interfaces from TNCS)
|
and IF-TNCCS interfaces from TNCS)
|
||||||
|
* added support for optional cryptobinding with PEAPv0
|
||||||
|
|
||||||
2008-02-22 - v0.6.3
|
2008-02-22 - v0.6.3
|
||||||
* fixed Reassociation Response callback processing when using internal
|
* fixed Reassociation Response callback processing when using internal
|
||||||
|
|
|
@ -117,7 +117,7 @@ static void * eap_peap_init(struct eap_sm *sm)
|
||||||
data->peap_version = EAP_PEAP_VERSION;
|
data->peap_version = EAP_PEAP_VERSION;
|
||||||
data->force_peap_version = -1;
|
data->force_peap_version = -1;
|
||||||
data->peap_outer_success = 2;
|
data->peap_outer_success = 2;
|
||||||
data->crypto_binding = NO_BINDING;
|
data->crypto_binding = OPTIONAL_BINDING;
|
||||||
|
|
||||||
if (config && config->phase1 &&
|
if (config && config->phase1 &&
|
||||||
eap_peap_parse_phase1(data, config->phase1) < 0) {
|
eap_peap_parse_phase1(data, config->phase1) < 0) {
|
||||||
|
@ -1249,9 +1249,14 @@ static u8 * eap_peap_getKey(struct eap_sm *sm, void *priv, size_t *len)
|
||||||
|
|
||||||
if (data->crypto_binding_used) {
|
if (data->crypto_binding_used) {
|
||||||
u8 csk[128];
|
u8 csk[128];
|
||||||
|
/*
|
||||||
|
* Note: It looks like Microsoft implementation requires null
|
||||||
|
* termination for this label while the one used for deriving
|
||||||
|
* IPMK|CMK did not use null termination.
|
||||||
|
*/
|
||||||
peap_prfplus(data->peap_version, data->ipmk, 40,
|
peap_prfplus(data->peap_version, data->ipmk, 40,
|
||||||
"Session Key Generating Function",
|
"Session Key Generating Function",
|
||||||
(u8 *) "", 0, csk, sizeof(csk));
|
(u8 *) "\00", 1, csk, sizeof(csk));
|
||||||
wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: CSK", csk, sizeof(csk));
|
wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: CSK", csk, sizeof(csk));
|
||||||
os_memcpy(key, csk, EAP_TLS_KEY_LEN);
|
os_memcpy(key, csk, EAP_TLS_KEY_LEN);
|
||||||
wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Derived key",
|
wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Derived key",
|
||||||
|
|
|
@ -177,7 +177,7 @@ static void * eap_peap_init(struct eap_sm *sm)
|
||||||
data->peap_version = data->force_version;
|
data->peap_version = data->force_version;
|
||||||
}
|
}
|
||||||
data->state = START;
|
data->state = START;
|
||||||
data->crypto_binding = NO_BINDING;
|
data->crypto_binding = OPTIONAL_BINDING;
|
||||||
|
|
||||||
if (eap_server_tls_ssl_init(sm, &data->ssl, 0)) {
|
if (eap_server_tls_ssl_init(sm, &data->ssl, 0)) {
|
||||||
wpa_printf(MSG_INFO, "EAP-PEAP: Failed to initialize SSL.");
|
wpa_printf(MSG_INFO, "EAP-PEAP: Failed to initialize SSL.");
|
||||||
|
@ -1271,9 +1271,14 @@ static u8 * eap_peap_getKey(struct eap_sm *sm, void *priv, size_t *len)
|
||||||
|
|
||||||
if (data->crypto_binding_used) {
|
if (data->crypto_binding_used) {
|
||||||
u8 csk[128];
|
u8 csk[128];
|
||||||
|
/*
|
||||||
|
* Note: It looks like Microsoft implementation requires null
|
||||||
|
* termination for this label while the one used for deriving
|
||||||
|
* IPMK|CMK did not use null termination.
|
||||||
|
*/
|
||||||
peap_prfplus(data->peap_version, data->ipmk, 40,
|
peap_prfplus(data->peap_version, data->ipmk, 40,
|
||||||
"Session Key Generating Function",
|
"Session Key Generating Function",
|
||||||
(u8 *) "", 0, csk, sizeof(csk));
|
(u8 *) "\00", 1, csk, sizeof(csk));
|
||||||
wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: CSK", csk, sizeof(csk));
|
wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: CSK", csk, sizeof(csk));
|
||||||
eapKeyData = os_malloc(EAP_TLS_KEY_LEN);
|
eapKeyData = os_malloc(EAP_TLS_KEY_LEN);
|
||||||
if (eapKeyData) {
|
if (eapKeyData) {
|
||||||
|
|
|
@ -4,6 +4,7 @@ ChangeLog for wpa_supplicant
|
||||||
* added support for EAP Sequences in EAP-FAST Phase 2
|
* added support for EAP Sequences in EAP-FAST Phase 2
|
||||||
* added support for using TNC with EAP-FAST
|
* added support for using TNC with EAP-FAST
|
||||||
* added driver_ps3 for the PS3 Linux wireless driver
|
* added driver_ps3 for the PS3 Linux wireless driver
|
||||||
|
* added support for optional cryptobinding with PEAPv0
|
||||||
|
|
||||||
2008-02-22 - v0.6.3
|
2008-02-22 - v0.6.3
|
||||||
* removed 'nai' and 'eappsk' network configuration variables that were
|
* removed 'nai' and 'eappsk' network configuration variables that were
|
||||||
|
|
Loading…
Reference in a new issue