PEAP: Verify peap_prfplus() result

This function can fail in theory since the SHA-1 functions are
allowed to return an error. While this does not really happen in
practice (we would not get this far if SHA-1 does not work), it is
cleaner to include the error handling here to keep static analyzers
happier. [Bug 421]

Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2011-11-13 11:29:17 +02:00
parent b6c8df695c
commit 3724ddc0c1
4 changed files with 32 additions and 19 deletions

View file

@ -1,6 +1,6 @@
/* /*
* EAP-PEAP common routines * EAP-PEAP common routines
* Copyright (c) 2008, Jouni Malinen <j@w1.fi> * Copyright (c) 2008-2011, Jouni Malinen <j@w1.fi>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as
@ -18,7 +18,7 @@
#include "crypto/sha1.h" #include "crypto/sha1.h"
#include "eap_peap_common.h" #include "eap_peap_common.h"
void peap_prfplus(int version, const u8 *key, size_t key_len, int peap_prfplus(int version, const u8 *key, size_t key_len,
const char *label, const u8 *seed, size_t seed_len, const char *label, const u8 *seed, size_t seed_len,
u8 *buf, size_t buf_len) u8 *buf, size_t buf_len)
{ {
@ -75,7 +75,8 @@ void peap_prfplus(int version, const u8 *key, size_t key_len,
while (pos < buf_len) { while (pos < buf_len) {
counter++; counter++;
plen = buf_len - pos; plen = buf_len - pos;
hmac_sha1_vector(key, key_len, 5, addr, len, hash); if (hmac_sha1_vector(key, key_len, 5, addr, len, hash) < 0)
return -1;
if (plen >= SHA1_MAC_LEN) { if (plen >= SHA1_MAC_LEN) {
os_memcpy(&buf[pos], hash, SHA1_MAC_LEN); os_memcpy(&buf[pos], hash, SHA1_MAC_LEN);
pos += SHA1_MAC_LEN; pos += SHA1_MAC_LEN;
@ -85,4 +86,6 @@ void peap_prfplus(int version, const u8 *key, size_t key_len,
} }
len[0] = SHA1_MAC_LEN; len[0] = SHA1_MAC_LEN;
} }
return 0;
} }

View file

@ -1,6 +1,6 @@
/* /*
* EAP-PEAP common routines * EAP-PEAP common routines
* Copyright (c) 2008, Jouni Malinen <j@w1.fi> * Copyright (c) 2008-2011, Jouni Malinen <j@w1.fi>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as
@ -15,7 +15,7 @@
#ifndef EAP_PEAP_COMMON_H #ifndef EAP_PEAP_COMMON_H
#define EAP_PEAP_COMMON_H #define EAP_PEAP_COMMON_H
void peap_prfplus(int version, const u8 *key, size_t key_len, int peap_prfplus(int version, const u8 *key, size_t key_len,
const char *label, const u8 *seed, size_t seed_len, const char *label, const u8 *seed, size_t seed_len,
u8 *buf, size_t buf_len); u8 *buf, size_t buf_len);

View file

@ -285,8 +285,10 @@ static int eap_peap_derive_cmk(struct eap_sm *sm, struct eap_peap_data *data)
* in the end of the label just before ISK; is that just a typo?) * in the end of the label just before ISK; is that just a typo?)
*/ */
wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: TempKey", tk, 40); wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: TempKey", tk, 40);
peap_prfplus(data->peap_version, tk, 40, "Inner Methods Compound Keys", if (peap_prfplus(data->peap_version, tk, 40,
isk, sizeof(isk), imck, sizeof(imck)); "Inner Methods Compound Keys",
isk, sizeof(isk), imck, sizeof(imck)) < 0)
return -1;
wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: IMCK (IPMKj)", wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: IMCK (IPMKj)",
imck, sizeof(imck)); imck, sizeof(imck));
@ -1247,9 +1249,12 @@ static u8 * eap_peap_getKey(struct eap_sm *sm, void *priv, size_t *len)
* termination for this label while the one used for deriving * termination for this label while the one used for deriving
* IPMK|CMK did not use null termination. * IPMK|CMK did not use null termination.
*/ */
peap_prfplus(data->peap_version, data->ipmk, 40, if (peap_prfplus(data->peap_version, data->ipmk, 40,
"Session Key Generating Function", "Session Key Generating Function",
(u8 *) "\00", 1, csk, sizeof(csk)); (u8 *) "\00", 1, csk, sizeof(csk)) < 0) {
os_free(key);
return NULL;
}
wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: CSK", csk, sizeof(csk)); wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: CSK", csk, sizeof(csk));
os_memcpy(key, csk, EAP_TLS_KEY_LEN); os_memcpy(key, csk, EAP_TLS_KEY_LEN);
wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Derived key", wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Derived key",

View file

@ -351,8 +351,12 @@ static int eap_peap_derive_cmk(struct eap_sm *sm, struct eap_peap_data *data)
* in the end of the label just before ISK; is that just a typo?) * in the end of the label just before ISK; is that just a typo?)
*/ */
wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: TempKey", tk, 40); wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: TempKey", tk, 40);
peap_prfplus(data->peap_version, tk, 40, "Inner Methods Compound Keys", if (peap_prfplus(data->peap_version, tk, 40,
isk, sizeof(isk), imck, sizeof(imck)); "Inner Methods Compound Keys",
isk, sizeof(isk), imck, sizeof(imck)) < 0) {
os_free(tk);
return -1;
}
wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: IMCK (IPMKj)", wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: IMCK (IPMKj)",
imck, sizeof(imck)); imck, sizeof(imck));
@ -1320,9 +1324,10 @@ static u8 * eap_peap_getKey(struct eap_sm *sm, void *priv, size_t *len)
* termination for this label while the one used for deriving * termination for this label while the one used for deriving
* IPMK|CMK did not use null termination. * IPMK|CMK did not use null termination.
*/ */
peap_prfplus(data->peap_version, data->ipmk, 40, if (peap_prfplus(data->peap_version, data->ipmk, 40,
"Session Key Generating Function", "Session Key Generating Function",
(u8 *) "\00", 1, csk, sizeof(csk)); (u8 *) "\00", 1, csk, sizeof(csk)) < 0)
return NULL;
wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: CSK", csk, sizeof(csk)); wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: CSK", csk, sizeof(csk));
eapKeyData = os_malloc(EAP_TLS_KEY_LEN); eapKeyData = os_malloc(EAP_TLS_KEY_LEN);
if (eapKeyData) { if (eapKeyData) {