Cleaned up EAP-MSCHAPv2 key derivation
Changed peer to derive the full key (both MS-MPPE-Recv-Key and MS-MPPE-Send-Key for total of 32 octets) to match with server implementation. Swapped the order of MPPE keys in MSK derivation since server MS-MPPE-Recv-Key | MS-MPPE-Send-Key matches with the order specified for EAP-TLS MSK derivation. This means that PEAPv0 cryptobinding is now using EAP-MSCHAPv2 MSK as-is for ISK while EAP-FAST will need to swap the order of the MPPE keys to get ISK in a way that interoperates with Cisco EAP-FAST implementation.
This commit is contained in:
Jouni Malinen
parent
6e783c6da9
commit
000a1de72b
9 changed files with 43 additions and 61 deletions
|
|
@ -975,21 +975,6 @@ static void eap_peap_process_phase2_response(struct eap_sm *sm,
|
|||
eap_peap_phase2_init(sm, data, EAP_TYPE_NONE);
|
||||
return;
|
||||
}
|
||||
|
||||
if (data->phase2_key_len == 32 &&
|
||||
data->phase2_method->vendor == EAP_VENDOR_IETF &&
|
||||
data->phase2_method->method == EAP_TYPE_MSCHAPV2) {
|
||||
/*
|
||||
* Microsoft uses reverse order for MS-MPPE keys in
|
||||
* EAP-PEAP when compared to EAP-FAST derivation of
|
||||
* ISK. Swap the keys here to get the correct ISK for
|
||||
* EAP-PEAPv0 cryptobinding.
|
||||
*/
|
||||
u8 tmp[16];
|
||||
os_memcpy(tmp, data->phase2_key, 16);
|
||||
os_memcpy(data->phase2_key, data->phase2_key + 16, 16);
|
||||
os_memcpy(data->phase2_key + 16, tmp, 16);
|
||||
}
|
||||
}
|
||||
|
||||
switch (data->state) {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue