3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2025-01-24 05:14:05 +01:00

eap-wsc: Don't store AuthKey | KeyWrapKey | EMSK

AuthKey is already uploaded into auth_key_hmac.  KeyWrapKey is now
uploaded into the AES-CBC(128) cipher.  We currently have no use for
EMSK.

So we no longer need to keep the wsc_session_key structure around.
This commit is contained in:
Denis Kenzior 2016-08-30 14:34:03 -05:00
parent 24dfe6e436
commit 39d6acb07d

View File

@ -70,8 +70,8 @@ struct eap_wsc_state {
uint8_t e_snonce1[16]; uint8_t e_snonce1[16];
uint8_t e_snonce2[16]; uint8_t e_snonce2[16];
enum state state; enum state state;
struct wsc_session_key keys;
struct l_checksum *hmac_auth_key; struct l_checksum *hmac_auth_key;
struct l_cipher *aes_cbc_128;
}; };
static inline void eap_wsc_state_set_sent_pdu(struct eap_wsc_state *wsc, static inline void eap_wsc_state_set_sent_pdu(struct eap_wsc_state *wsc,
@ -146,6 +146,8 @@ static void eap_wsc_remove(struct eap_state *eap)
wsc->sent_len = 0; wsc->sent_len = 0;
l_checksum_free(wsc->hmac_auth_key); l_checksum_free(wsc->hmac_auth_key);
l_cipher_free(wsc->aes_cbc_128);
l_free(wsc->m1); l_free(wsc->m1);
l_free(wsc); l_free(wsc);
} }
@ -276,6 +278,7 @@ static void eap_wsc_handle_m2(struct eap_state *eap,
struct l_checksum *hmac_sha256; struct l_checksum *hmac_sha256;
struct iovec iov[3]; struct iovec iov[3];
uint8_t kdk[32]; uint8_t kdk[32];
struct wsc_session_key keys;
bool r; bool r;
/* Spec unclear what to do here, see comments in eap_wsc_send_nack */ /* Spec unclear what to do here, see comments in eap_wsc_send_nack */
@ -320,20 +323,30 @@ static void eap_wsc_handle_m2(struct eap_state *eap,
l_checksum_get_digest(hmac_sha256, kdk, sizeof(kdk)); l_checksum_get_digest(hmac_sha256, kdk, sizeof(kdk));
l_checksum_free(hmac_sha256); l_checksum_free(hmac_sha256);
if (!wsc_kdf(kdk, &wsc->keys, sizeof(wsc->keys))) if (!wsc_kdf(kdk, &keys, sizeof(keys)))
return; return;
wsc->hmac_auth_key = l_checksum_new_hmac(L_CHECKSUM_SHA256, wsc->hmac_auth_key = l_checksum_new_hmac(L_CHECKSUM_SHA256,
wsc->keys.auth_key, keys.auth_key,
sizeof(wsc->keys.auth_key)); sizeof(keys.auth_key));
if (!authenticator_check(wsc, pdu, len)) { if (!authenticator_check(wsc, pdu, len)) {
l_checksum_free(wsc->hmac_auth_key); l_checksum_free(wsc->hmac_auth_key);
wsc->hmac_auth_key = NULL; wsc->hmac_auth_key = NULL;
return; goto clear_keys;
} }
/* Everything checks out, lets build M3 */ /* Everything checks out, lets build M3 */
eap_wsc_send_m3(eap, pdu, len, &m2); eap_wsc_send_m3(eap, pdu, len, &m2);
/*
* AuthKey is uploaded into the kernel, once we upload KeyWrapKey,
* the keys variable is no longer useful. Make sure to wipe it
*/
wsc->aes_cbc_128 = l_cipher_new(L_CIPHER_AES_CBC, keys.keywrap_key,
sizeof(keys.keywrap_key));
clear_keys:
memset(&keys, 0, sizeof(keys));
} }
static void eap_wsc_handle_request(struct eap_state *eap, static void eap_wsc_handle_request(struct eap_state *eap,