3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-12-22 13:02:44 +01:00

eapol: Check the MSK size supplied by EAP

Despite RFC3748 mandating MSKs to be at least 256 bits some EAP methods
return shorter MSKs.  Since we call handshake_failed when the MSK is too
short, EAP methods have to be careful with their calls to set_key_material
because it may result in a call to the method's .remove method.

EAP-TLS and EAP-TTLS can't handle that currently and would be difficult to
adapt because of the TLS internals but they always set msk_len to 64 so
handshake_failed will not be called.
This commit is contained in:
Andrew Zaborowski 2017-01-06 02:51:18 -05:00 committed by Denis Kenzior
parent c5906d1c20
commit 3f3e60e415

View File

@ -1419,6 +1419,8 @@ static void eapol_eap_results_cb(const uint8_t *msk_data, size_t msk_len,
void *user_data)
{
struct eapol_sm *sm = user_data;
ssize_t pmk_len;
const uint8_t *pmk_data;
l_debug("EAP key material received");
@ -1443,10 +1445,26 @@ static void eapol_eap_results_cb(const uint8_t *msk_data, size_t msk_len,
* 802.1X authentication), i.e., XXKey = L(MSK, 256, 256)."
*/
if (sm->handshake->akm_suite == IE_RSN_AKM_SUITE_FT_OVER_8021X)
handshake_state_set_pmk(sm->handshake, msk_data + 32);
else
handshake_state_set_pmk(sm->handshake, msk_data);
if (sm->handshake->akm_suite == IE_RSN_AKM_SUITE_FT_OVER_8021X) {
pmk_len = (ssize_t) msk_len - 32;
pmk_data = msk_data + 32;
} else {
pmk_len = msk_len;
pmk_data = msk_data;
}
if (pmk_len < 32)
goto msk_short;
handshake_state_set_pmk(sm->handshake, pmk_data);
return;
msk_short:
l_error("EAP method's MSK too short for AKM suite %u",
sm->handshake->akm_suite);
handshake_failed(sm, MPDU_REASON_CODE_IEEE8021X_FAILED);
}
static void eapol_eap_event_cb(unsigned int event,