3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2025-01-05 04:32:34 +01:00

simutil: Memzero secrets after use

Also slightly simplify eap_aka_prf_prime and other functions.
This commit is contained in:
Andrew Zaborowski 2019-03-19 01:25:25 +01:00 committed by Denis Kenzior
parent c80b239b93
commit 28840b29a8

View File

@ -161,6 +161,8 @@ bool eap_aka_derive_primes(const uint8_t *ck, const uint8_t *ik,
memcpy(key + EAP_AKA_CK_LEN, ik, EAP_AKA_IK_LEN); memcpy(key + EAP_AKA_CK_LEN, ik, EAP_AKA_IK_LEN);
hmac = l_checksum_new_hmac(L_CHECKSUM_SHA256, key, 32); hmac = l_checksum_new_hmac(L_CHECKSUM_SHA256, key, 32);
explicit_bzero(key, sizeof(key));
if (!hmac) if (!hmac)
return false; return false;
@ -181,6 +183,7 @@ bool eap_aka_derive_primes(const uint8_t *ck, const uint8_t *ik,
memcpy(ck_p, digest, EAP_AKA_CK_LEN); memcpy(ck_p, digest, EAP_AKA_CK_LEN);
memcpy(ik_p, digest + EAP_AKA_CK_LEN, EAP_AKA_IK_LEN); memcpy(ik_p, digest + EAP_AKA_CK_LEN, EAP_AKA_IK_LEN);
explicit_bzero(digest, sizeof(digest));
return true; return true;
} }
@ -204,6 +207,8 @@ bool eap_aka_prf_prime(const uint8_t *ik_p, const uint8_t *ck_p,
memcpy(key + EAP_AKA_IK_LEN, ck_p, EAP_AKA_CK_LEN); memcpy(key + EAP_AKA_IK_LEN, ck_p, EAP_AKA_CK_LEN);
hmac = l_checksum_new_hmac(L_CHECKSUM_SHA256, key, 32); hmac = l_checksum_new_hmac(L_CHECKSUM_SHA256, key, 32);
explicit_bzero(key, sizeof(key));
if (!hmac) if (!hmac)
return false; return false;
@ -229,6 +234,7 @@ bool eap_aka_prf_prime(const uint8_t *ik_p, const uint8_t *ck_p,
iov[0].iov_len = 32; iov[0].iov_len = 32;
} }
explicit_bzero(digest, sizeof(digest));
l_checksum_free(hmac); l_checksum_free(hmac);
pos = out; pos = out;
@ -242,6 +248,7 @@ bool eap_aka_prf_prime(const uint8_t *ik_p, const uint8_t *ck_p,
pos += EAP_SIM_MSK_LEN; pos += EAP_SIM_MSK_LEN;
memcpy(emsk, pos, EAP_SIM_EMSK_LEN); memcpy(emsk, pos, EAP_SIM_EMSK_LEN);
explicit_bzero(out, sizeof(out));
return true; return true;
} }