mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2025-01-03 18:42:47 +01:00
peap: Delay key installation until success of Phase 2
Previously, the key was installed once the tunnel was created despite the outcome of the second authentication phase. Now, the key installation is delayed until the successful completion of the second authentication phase. This excludes the unnecessary operations in the case of a failure and key reinstallation with cypro-binding in use.
This commit is contained in:
parent
5273a3b581
commit
9bf0b756c8
@ -43,6 +43,8 @@
|
|||||||
|
|
||||||
struct peap_state {
|
struct peap_state {
|
||||||
struct eap_state *phase2;
|
struct eap_state *phase2;
|
||||||
|
|
||||||
|
uint8_t key[128];
|
||||||
};
|
};
|
||||||
|
|
||||||
static void eap_peap_phase2_send_response(const uint8_t *pdu, size_t pdu_len,
|
static void eap_peap_phase2_send_response(const uint8_t *pdu, size_t pdu_len,
|
||||||
@ -66,6 +68,7 @@ static void eap_peap_phase2_send_response(const uint8_t *pdu, size_t pdu_len,
|
|||||||
static void eap_peap_phase2_complete(enum eap_result result, void *user_data)
|
static void eap_peap_phase2_complete(enum eap_result result, void *user_data)
|
||||||
{
|
{
|
||||||
struct eap_state *eap = user_data;
|
struct eap_state *eap = user_data;
|
||||||
|
struct peap_state *peap_state;
|
||||||
|
|
||||||
l_debug("result: %d", result);
|
l_debug("result: %d", result);
|
||||||
|
|
||||||
@ -94,6 +97,12 @@ static void eap_peap_phase2_complete(enum eap_result result, void *user_data)
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
peap_state = eap_tls_common_get_variant_data(eap);
|
||||||
|
|
||||||
|
eap_set_key_material(eap, peap_state->key + 0, 64, NULL, 0, NULL,
|
||||||
|
0, NULL, 0);
|
||||||
|
explicit_bzero(peap_state->key, sizeof(peap_state->key));
|
||||||
|
|
||||||
eap_method_success(eap);
|
eap_method_success(eap);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -174,6 +183,7 @@ static void eap_extensions_handle_request(struct eap_state *eap,
|
|||||||
const uint8_t *pkt,
|
const uint8_t *pkt,
|
||||||
size_t len)
|
size_t len)
|
||||||
{
|
{
|
||||||
|
struct peap_state *peap_state;
|
||||||
uint8_t response[EAP_EXTENSIONS_HEADER_LEN +
|
uint8_t response[EAP_EXTENSIONS_HEADER_LEN +
|
||||||
EAP_EXTENSIONS_AVP_HEADER_LEN + 2];
|
EAP_EXTENSIONS_AVP_HEADER_LEN + 2];
|
||||||
int r = eap_extensions_handle_result_avp(eap, pkt, len, response);
|
int r = eap_extensions_handle_result_avp(eap, pkt, len, response);
|
||||||
@ -199,13 +209,19 @@ static void eap_extensions_handle_request(struct eap_state *eap,
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
peap_state = eap_tls_common_get_variant_data(eap);
|
||||||
|
|
||||||
|
eap_set_key_material(eap, peap_state->key + 0, 64, NULL, 0, NULL,
|
||||||
|
0, NULL, 0);
|
||||||
|
explicit_bzero(peap_state->key, sizeof(peap_state->key));
|
||||||
|
|
||||||
eap_method_success(eap);
|
eap_method_success(eap);
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool eap_peap_tunnel_ready(struct eap_state *eap,
|
static bool eap_peap_tunnel_ready(struct eap_state *eap,
|
||||||
const char *peer_identity)
|
const char *peer_identity)
|
||||||
{
|
{
|
||||||
uint8_t msk_emsk[128];
|
struct peap_state *peap_state = eap_tls_common_get_variant_data(eap);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* PEAPv1: draft-josefsson-pppext-eap-tls-eap-05, Section 2.1.1
|
* PEAPv1: draft-josefsson-pppext-eap-tls-eap-05, Section 2.1.1
|
||||||
@ -217,10 +233,7 @@ static bool eap_peap_tunnel_ready(struct eap_state *eap,
|
|||||||
|
|
||||||
/* MSK, EMSK and challenge derivation */
|
/* MSK, EMSK and challenge derivation */
|
||||||
eap_tls_common_tunnel_prf_get_bytes(eap, true, "client EAP encryption",
|
eap_tls_common_tunnel_prf_get_bytes(eap, true, "client EAP encryption",
|
||||||
msk_emsk, 128);
|
peap_state->key, 128);
|
||||||
|
|
||||||
eap_set_key_material(eap, msk_emsk + 0, 64, NULL, 0, NULL, 0, NULL, 0);
|
|
||||||
explicit_bzero(msk_emsk, sizeof(msk_emsk));
|
|
||||||
|
|
||||||
eap_tls_common_send_empty_response(eap);
|
eap_tls_common_send_empty_response(eap);
|
||||||
|
|
||||||
@ -286,6 +299,8 @@ static void eap_peap_state_reset(void *variant_data)
|
|||||||
return;
|
return;
|
||||||
|
|
||||||
eap_reset(peap_state->phase2);
|
eap_reset(peap_state->phase2);
|
||||||
|
|
||||||
|
explicit_bzero(peap_state->key, sizeof(peap_state->key));
|
||||||
}
|
}
|
||||||
|
|
||||||
static void eap_peap_state_destroy(void *variant_data)
|
static void eap_peap_state_destroy(void *variant_data)
|
||||||
@ -298,6 +313,8 @@ static void eap_peap_state_destroy(void *variant_data)
|
|||||||
eap_reset(peap_state->phase2);
|
eap_reset(peap_state->phase2);
|
||||||
eap_free(peap_state->phase2);
|
eap_free(peap_state->phase2);
|
||||||
|
|
||||||
|
explicit_bzero(peap_state->key, sizeof(peap_state->key));
|
||||||
|
|
||||||
l_free(peap_state);
|
l_free(peap_state);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user