Kernel/iwd
3
0
Fork 0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2025-01-09 00:12:36 +01:00
Code Releases Activity

eap-aka: derive Session-ID for ERP

Browse Source
This commit is contained in:
James Prestwood 2019-04-22 14:09:27 -07:00 committed by Denis Kenzior
parent 00bbc62dfb
commit 2cbdc1aa43
1 changed files with 20 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/eap-aka.c
View File

@ -98,6 +98,8 @@ struct eap_aka_handle {
/* re-auth key */ /* re-auth key */
uint8_t k_re[EAP_AKA_K_RE_LEN]; uint8_t k_re[EAP_AKA_K_RE_LEN];
uint8_t rand[EAP_SIM_RAND_LEN];
char *kdf_in; char *kdf_in;
uint8_t *chal_pkt; uint8_t *chal_pkt;
@ -166,6 +168,20 @@ mk_error:
return false; return false;
} }
static void eap_aka_finish(struct eap_state *eap)
{
struct eap_aka_handle *aka = eap_get_data(eap);
uint8_t session_id[1 + EAP_SIM_RAND_LEN + EAP_AKA_AUTN_LEN];
session_id[0] = EAP_TYPE_AKA;
memcpy(session_id + 1, aka->rand, EAP_SIM_RAND_LEN);
memcpy(session_id + 1 + EAP_SIM_RAND_LEN, aka->autn, EAP_AKA_AUTN_LEN);
eap_method_success(eap);
eap_set_key_material(eap, aka->msk, 32, aka->emsk, 32, NULL, 0,
session_id, sizeof(session_id));
}
static void check_milenage_cb(const uint8_t *res, const uint8_t *ck, static void check_milenage_cb(const uint8_t *res, const uint8_t *ck,
const uint8_t *ik, const uint8_t *auts, void *data) const uint8_t *ik, const uint8_t *auts, void *data)
{ {
@ -272,9 +288,7 @@ static void check_milenage_cb(const uint8_t *res, const uint8_t *ck,
eap_send_response(eap, aka->type, response, resp_len); eap_send_response(eap, aka->type, response, resp_len);
if (!aka->protected) { if (!aka->protected) {
eap_method_success(eap); eap_aka_finish(eap);
eap_set_key_material(eap, aka->msk, 32, NULL, 0, NULL, 0,
NULL, 0);
aka->state = EAP_AKA_STATE_SUCCESS; aka->state = EAP_AKA_STATE_SUCCESS;
} }
@ -434,6 +448,8 @@ static void handle_challenge(struct eap_state *eap, const uint8_t *pkt,
/* AKA' needs AUTN for prime derivation */ /* AKA' needs AUTN for prime derivation */
memcpy(aka->autn, autn, EAP_AKA_AUTN_LEN); memcpy(aka->autn, autn, EAP_AKA_AUTN_LEN);
/* Keep RAND for session ID derivation */
memcpy(aka->rand, rand, EAP_SIM_RAND_LEN);
if (sim_auth_check_milenage(aka->auth, rand, autn, check_milenage_cb, if (sim_auth_check_milenage(aka->auth, rand, autn, check_milenage_cb,
eap) < 0) { eap) < 0) {
@ -502,9 +518,7 @@ static void handle_notification(struct eap_state *eap, const uint8_t *pkt,
/* /*
* Server sent successful result indication * Server sent successful result indication
*/ */
eap_method_success(eap); eap_aka_finish(eap);
eap_set_key_material(eap, aka->msk, 32, NULL, 0, NULL, 0,
NULL, 0);
/* /*
* Build response packet * Build response packet