DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

EAP-FAST: Check T-PRF result in MSK/EMSK derivation

Browse source 
Pass the error return from sha1_t_prf() to callers.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2015-12-12 11:20:05 +02:00
parent b1d8c5ce6a
commit 5b904b3e42
4 changed files with 25 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

20
src/eap_common/eap_fast_common.c
View file

@ -111,22 +111,24 @@ u8 * eap_fast_derive_key(void *ssl_ctx, struct tls_connection *conn,
}
void eap_fast_derive_eap_msk(const u8 *simck, u8 *msk)
int eap_fast_derive_eap_msk(const u8 *simck, u8 *msk)
{
/*
* RFC 4851, Section 5.4: EAP Master Session Key Generation
* MSK = T-PRF(S-IMCK[j], "Session Key Generating Function", 64)
*/
sha1_t_prf(simck, EAP_FAST_SIMCK_LEN,
"Session Key Generating Function", (u8 *) "", 0,
msk, EAP_FAST_KEY_LEN);
if (sha1_t_prf(simck, EAP_FAST_SIMCK_LEN,
"Session Key Generating Function", (u8 *) "", 0,
msk, EAP_FAST_KEY_LEN) < 0)
return -1;
wpa_hexdump_key(MSG_DEBUG, "EAP-FAST: Derived key (MSK)",
msk, EAP_FAST_KEY_LEN);
return 0;
}
void eap_fast_derive_eap_emsk(const u8 *simck, u8 *emsk)
int eap_fast_derive_eap_emsk(const u8 *simck, u8 *emsk)
{
/*
* RFC 4851, Section 5.4: EAP Master Session Key Genreration
@ -134,11 +136,13 @@ void eap_fast_derive_eap_emsk(const u8 *simck, u8 *emsk)
* "Extended Session Key Generating Function", 64)
*/
sha1_t_prf(simck, EAP_FAST_SIMCK_LEN,
"Extended Session Key Generating Function", (u8 *) "", 0,
emsk, EAP_EMSK_LEN);
if (sha1_t_prf(simck, EAP_FAST_SIMCK_LEN,
"Extended Session Key Generating Function", (u8 *) "", 0,
emsk, EAP_EMSK_LEN) < 0)
return -1;
wpa_hexdump_key(MSG_DEBUG, "EAP-FAST: Derived key (EMSK)",
emsk, EAP_EMSK_LEN);
return 0;
}

4
src/eap_common/eap_fast_common.h
View file

@ -99,8 +99,8 @@ void eap_fast_derive_master_secret(const u8 *pac_key, const u8 *server_random,
const u8 *client_random, u8 *master_secret);
u8 * eap_fast_derive_key(void *ssl_ctx, struct tls_connection *conn,
const char *label, size_t len);
void eap_fast_derive_eap_msk(const u8 *simck, u8 *msk);
void eap_fast_derive_eap_emsk(const u8 *simck, u8 *emsk);
int eap_fast_derive_eap_msk(const u8 *simck, u8 *msk);
int eap_fast_derive_eap_emsk(const u8 *simck, u8 *emsk);
int eap_fast_parse_tlv(struct eap_fast_tlv_parse *tlv,
int tlv_type, u8 *pos, size_t len);