mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-12-31 23:42:52 +01:00
eap-sim: Memzero secrets after use
Also slightly simplify eap_aka_prf_prime and other functions.
This commit is contained in:
parent
b1317d3984
commit
8954c62bcf
@ -124,6 +124,15 @@ struct eap_sim_handle {
|
|||||||
unsigned int auth_watch;
|
unsigned int auth_watch;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
static void eap_sim_clear_secrets(struct eap_sim_handle *sim)
|
||||||
|
{
|
||||||
|
explicit_bzero(sim->mk, sizeof(sim->mk));
|
||||||
|
explicit_bzero(sim->k_encr, sizeof(sim->k_encr));
|
||||||
|
explicit_bzero(sim->k_aut, sizeof(sim->k_aut));
|
||||||
|
explicit_bzero(sim->msk, sizeof(sim->msk));
|
||||||
|
explicit_bzero(sim->emsk, sizeof(sim->emsk));
|
||||||
|
}
|
||||||
|
|
||||||
static void eap_sim_free(struct eap_state *eap)
|
static void eap_sim_free(struct eap_state *eap)
|
||||||
{
|
{
|
||||||
struct eap_sim_handle *sim = eap_get_data(eap);
|
struct eap_sim_handle *sim = eap_get_data(eap);
|
||||||
@ -131,6 +140,8 @@ static void eap_sim_free(struct eap_state *eap)
|
|||||||
if (sim->auth)
|
if (sim->auth)
|
||||||
sim_auth_unregistered_watch_remove(sim->auth, sim->auth_watch);
|
sim_auth_unregistered_watch_remove(sim->auth, sim->auth_watch);
|
||||||
|
|
||||||
|
eap_sim_clear_secrets(sim);
|
||||||
|
|
||||||
l_free(sim->identity);
|
l_free(sim->identity);
|
||||||
l_free(sim->vlist);
|
l_free(sim->vlist);
|
||||||
l_free(sim);
|
l_free(sim);
|
||||||
@ -294,6 +305,7 @@ static void gsm_callback(const uint8_t *sres, const uint8_t *kc,
|
|||||||
uint8_t *pos = response;
|
uint8_t *pos = response;
|
||||||
uint8_t prng_buf[160];
|
uint8_t prng_buf[160];
|
||||||
uint8_t *mac_pos;
|
uint8_t *mac_pos;
|
||||||
|
bool r;
|
||||||
|
|
||||||
if (!sres || !kc)
|
if (!sres || !kc)
|
||||||
goto chal_error;
|
goto chal_error;
|
||||||
@ -309,8 +321,11 @@ static void gsm_callback(const uint8_t *sres, const uint8_t *kc,
|
|||||||
|
|
||||||
eap_sim_fips_prf(sim->mk, 20, prng_buf, 160);
|
eap_sim_fips_prf(sim->mk, 20, prng_buf, 160);
|
||||||
|
|
||||||
if (!eap_sim_get_encryption_keys(prng_buf, sim->k_encr, sim->k_aut,
|
r = eap_sim_get_encryption_keys(prng_buf, sim->k_encr, sim->k_aut,
|
||||||
sim->msk, sim->emsk)) {
|
sim->msk, sim->emsk);
|
||||||
|
explicit_bzero(prng_buf, sizeof(prng_buf));
|
||||||
|
|
||||||
|
if (!r) {
|
||||||
l_error("could not derive encryption keys");
|
l_error("could not derive encryption keys");
|
||||||
goto chal_fatal;
|
goto chal_fatal;
|
||||||
}
|
}
|
||||||
@ -647,11 +662,7 @@ static bool eap_sim_reset_state(struct eap_state *eap)
|
|||||||
sim->chal_pkt = NULL;
|
sim->chal_pkt = NULL;
|
||||||
|
|
||||||
memset(sim->nonce, 0, sizeof(sim->nonce));
|
memset(sim->nonce, 0, sizeof(sim->nonce));
|
||||||
memset(sim->mk, 0, sizeof(sim->mk));
|
eap_sim_clear_secrets(sim);
|
||||||
memset(sim->k_encr, 0, sizeof(sim->k_encr));
|
|
||||||
memset(sim->k_aut, 0, sizeof(sim->k_aut));
|
|
||||||
memset(sim->msk, 0, sizeof(sim->msk));
|
|
||||||
memset(sim->emsk, 0, sizeof(sim->emsk));
|
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user