DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

EAP-SAKE: Report hash function failures to callers

Browse source 
While this is mostly theoretical, the hash functions can fail and it is
better for the upper layer code to explicitly check for such failures.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2019-04-19 16:50:42 +03:00
parent 24b06511e2
commit 848718ddde
4 changed files with 82 additions and 53 deletions
Download patch file Download diff file Expand all files Collapse all files

40
src/eap_server/eap_server_sake.c
View file

@ -340,16 +340,25 @@ static void eap_sake_process_challenge(struct eap_sm *sm,
data->state = FAILURE;
return;
}
eap_sake_derive_keys(sm->user->password,
sm->user->password + EAP_SAKE_ROOT_SECRET_LEN,
data->rand_s, data->rand_p,
(u8 *) &data->tek, data->msk, data->emsk);
if (eap_sake_derive_keys(sm->user->password,
sm->user->password + EAP_SAKE_ROOT_SECRET_LEN,
data->rand_s, data->rand_p,
(u8 *) &data->tek, data->msk,
data->emsk) < 0) {
wpa_printf(MSG_INFO, "EAP-SAKE: Failed to derive keys");
data->state = FAILURE;
return;
}
eap_sake_compute_mic(data->tek.auth, data->rand_s, data->rand_p,
sm->server_id, sm->server_id_len,
data->peerid, data->peerid_len, 1,
wpabuf_head(respData), wpabuf_len(respData),
attr.mic_p, mic_p);
if (eap_sake_compute_mic(data->tek.auth, data->rand_s, data->rand_p,
sm->server_id, sm->server_id_len,
data->peerid, data->peerid_len, 1,
wpabuf_head(respData), wpabuf_len(respData),
attr.mic_p, mic_p) < 0) {
wpa_printf(MSG_INFO, "EAP-SAKE: Failed to compute MIC");
data->state = FAILURE;
return;
}
if (os_memcmp_const(attr.mic_p, mic_p, EAP_SAKE_MIC_LEN) != 0) {
wpa_printf(MSG_INFO, "EAP-SAKE: Incorrect AT_MIC_P");
eap_sake_state(data, FAILURE);
@ -382,11 +391,14 @@ static void eap_sake_process_confirm(struct eap_sm *sm,
return;
}
eap_sake_compute_mic(data->tek.auth, data->rand_s, data->rand_p,
sm->server_id, sm->server_id_len,
data->peerid, data->peerid_len, 1,
wpabuf_head(respData), wpabuf_len(respData),
attr.mic_p, mic_p);
if (eap_sake_compute_mic(data->tek.auth, data->rand_s, data->rand_p,
sm->server_id, sm->server_id_len,
data->peerid, data->peerid_len, 1,
wpabuf_head(respData), wpabuf_len(respData),
attr.mic_p, mic_p) < 0) {
wpa_printf(MSG_INFO, "EAP-SAKE: Failed to compute MIC");
return;
}
if (os_memcmp_const(attr.mic_p, mic_p, EAP_SAKE_MIC_LEN) != 0) {
wpa_printf(MSG_INFO, "EAP-SAKE: Incorrect AT_MIC_P");
eap_sake_state(data, FAILURE);