EAP-pwd peer: Export Session-Id through getSessionId callback

EAP-pwd was already deriving the EAP Session-Id, but it was not yet
exposed through the EAP method API.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2014-05-11 21:22:55 +03:00
parent cfdb32e88f
commit 13e2574f7d
4 changed files with 27 additions and 5 deletions

View file

@ -284,11 +284,10 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
int compute_keys(EAP_PWD_group *grp, BN_CTX *bnctx, BIGNUM *k,
BIGNUM *peer_scalar, BIGNUM *server_scalar,
u8 *confirm_peer, u8 *confirm_server,
u32 *ciphersuite, u8 *msk, u8 *emsk)
u32 *ciphersuite, u8 *msk, u8 *emsk, u8 *session_id)
{
struct crypto_hash *hash;
u8 mk[SHA256_MAC_LEN], *cruft;
u8 session_id[SHA256_MAC_LEN + 1];
u8 msk_emsk[EAP_MSK_LEN + EAP_EMSK_LEN];
int offset;

View file

@ -59,7 +59,7 @@ struct eap_pwd_id {
int compute_password_element(EAP_PWD_group *, u16, u8 *, int, u8 *, int, u8 *,
int, u8 *);
int compute_keys(EAP_PWD_group *, BN_CTX *, BIGNUM *, BIGNUM *, BIGNUM *,
u8 *, u8 *, u32 *, u8 *, u8 *);
u8 *, u8 *, u32 *, u8 *, u8 *, u8 *);
struct crypto_hash * eap_pwd_h_init(void);
void eap_pwd_h_update(struct crypto_hash *hash, const u8 *data, size_t len);
void eap_pwd_h_final(struct crypto_hash *hash, u8 *digest);

View file

@ -43,6 +43,7 @@ struct eap_pwd_data {
u8 msk[EAP_MSK_LEN];
u8 emsk[EAP_EMSK_LEN];
u8 session_id[1 + SHA256_MAC_LEN];
BN_CTX *bnctx;
};
@ -189,6 +190,25 @@ static u8 * eap_pwd_getkey(struct eap_sm *sm, void *priv, size_t *len)
}
static u8 * eap_pwd_get_session_id(struct eap_sm *sm, void *priv, size_t *len)
{
struct eap_pwd_data *data = priv;
u8 *id;
if (data->state != SUCCESS)
return NULL;
id = os_malloc(1 + SHA256_MAC_LEN);
if (id == NULL)
return NULL;
os_memcpy(id, data->session_id, 1 + SHA256_MAC_LEN);
*len = 1 + SHA256_MAC_LEN;
return id;
}
static void
eap_pwd_perform_id_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
struct eap_method_ret *ret,
@ -647,7 +667,7 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
if (compute_keys(data->grp, data->bnctx, data->k,
data->my_scalar, data->server_scalar, conf, ptr,
&cs, data->msk, data->emsk) < 0) {
&cs, data->msk, data->emsk, data->session_id) < 0) {
wpa_printf(MSG_INFO, "EAP-PWD (peer): unable to compute MSK | "
"EMSK");
goto fin;
@ -934,6 +954,7 @@ int eap_peer_pwd_register(void)
eap->process = eap_pwd_process;
eap->isKeyAvailable = eap_pwd_key_available;
eap->getKey = eap_pwd_getkey;
eap->getSessionId = eap_pwd_get_session_id;
eap->get_emsk = eap_pwd_get_emsk;
ret = eap_peer_method_register(eap);

View file

@ -45,6 +45,7 @@ struct eap_pwd_data {
u8 msk[EAP_MSK_LEN];
u8 emsk[EAP_EMSK_LEN];
u8 session_id[1 + SHA256_MAC_LEN];
BN_CTX *bnctx;
};
@ -841,7 +842,8 @@ eap_pwd_process_confirm_resp(struct eap_sm *sm, struct eap_pwd_data *data,
wpa_printf(MSG_DEBUG, "EAP-pwd (server): confirm verified");
if (compute_keys(data->grp, data->bnctx, data->k,
data->peer_scalar, data->my_scalar, conf,
data->my_confirm, &cs, data->msk, data->emsk) < 0)
data->my_confirm, &cs, data->msk, data->emsk,
data->session_id) < 0)
eap_pwd_state(data, FAILURE);
else
eap_pwd_state(data, SUCCESS);