Kernel/iwd
3
0
Fork 0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-12-22 21:22:37 +01:00
Code Releases Activity

simutil: updated EAP-SIM/AKA MAC API's to take type

Browse Source 
EAP-AKA' uses SHA256 rather than SHA1 to generate the packet MAC's.
This updates the derive MAC API to take the EAP method type and
correctly use the right SHA variant to derive the MAC.
This commit is contained in:
James Prestwood 2017-08-30 15:13:36 -07:00 committed by Denis Kenzior
parent 44463389f1
commit e29d0dd69c
4 changed files with 23 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/eap-aka.c
View File

@ -298,7 +298,7 @@ static void handle_challenge(struct eap_state *eap, const uint8_t *pkt,
pos += eap_sim_add_attribute(pos, EAP_SIM_AT_MAC, EAP_SIM_PAD_NONE,
NULL, EAP_SIM_MAC_LEN);
if (!eap_sim_derive_mac(response, resp_len, aka->k_aut,
if (!eap_sim_derive_mac(EAP_TYPE_AKA, response, resp_len, aka->k_aut,
pos - EAP_SIM_MAC_LEN)) {
l_error("error deriving MAC");
goto chal_fatal;
@ -389,8 +389,8 @@ static void handle_notification(struct eap_state *eap, const uint8_t *pkt,
pos += eap_sim_add_attribute(pos, EAP_SIM_AT_MAC,
EAP_SIM_PAD_NONE, NULL, EAP_SIM_MAC_LEN);
if (!eap_sim_derive_mac(response, pos - response, aka->k_aut,
response + 12)) {
if (!eap_sim_derive_mac(EAP_TYPE_AKA, response, pos - response,
aka->k_aut, response + 12)) {
l_error("could not derive MAC");
eap_method_error(eap);
aka->state = EAP_AKA_STATE_ERROR;

8
src/eap-sim.c
View File

@ -415,8 +415,8 @@ static void handle_challenge(struct eap_state *eap, const uint8_t *pkt,
memcpy(pos, sim->sres, EAP_SIM_SRES_LEN * 3);
pos += EAP_SIM_SRES_LEN * 3;
if (!eap_sim_derive_mac(response, pos - response, sim->k_aut,
mac_pos + 4)) {
if (!eap_sim_derive_mac(EAP_TYPE_SIM, response, pos - response,
sim->k_aut, mac_pos + 4)) {
l_error("could not derive MAC");
goto chal_fatal;
}
@ -513,8 +513,8 @@ static void handle_notification(struct eap_state *eap, const uint8_t *pkt,
pos += eap_sim_add_attribute(pos, EAP_SIM_AT_MAC,
EAP_SIM_PAD_NONE, NULL, EAP_SIM_MAC_LEN);
if (!eap_sim_derive_mac(response, pos - response, sim->k_aut,
response + 12)) {
if (!eap_sim_derive_mac(EAP_TYPE_SIM, response, pos - response,
sim->k_aut, response + 12)) {
l_error("could not derive MAC");
eap_method_error(eap);
sim->state = EAP_SIM_STATE_ERROR;

16
src/simutil.c
View File

@ -431,9 +431,13 @@ bool eap_sim_get_encryption_keys(const uint8_t *buf, uint8_t *k_encr,
return true;
}
bool eap_sim_derive_mac(const uint8_t *buf, size_t len, const uint8_t *key,
uint8_t *mac)
bool eap_sim_derive_mac(enum eap_type type, const uint8_t *buf, size_t len,
const uint8_t *key, uint8_t *mac)
{
if (type == EAP_TYPE_AKA_PRIME)
return hmac_sha256(key, EAP_AKA_PRIME_K_AUT_LEN, buf, len,
mac, EAP_SIM_MAC_LEN);
else
return hmac_sha1(key, EAP_SIM_K_AUT_LEN, buf, len, mac,
EAP_SIM_MAC_LEN);
}
@ -547,7 +551,13 @@ bool eap_sim_verify_mac(struct eap_state *eap, enum eap_type type,
iov[3].iov_base = extra;
iov[3].iov_len = elen;
hmac = l_checksum_new_hmac(L_CHECKSUM_SHA1, k_aut, EAP_SIM_K_AUT_LEN);
if (type == EAP_TYPE_AKA_PRIME)
hmac = l_checksum_new_hmac(L_CHECKSUM_SHA256, k_aut,
EAP_AKA_PRIME_K_AUT_LEN);
else
hmac = l_checksum_new_hmac(L_CHECKSUM_SHA1, k_aut,
EAP_SIM_K_AUT_LEN);
l_checksum_updatev(hmac, iov, 4);
/* reuse zero mac array for new mac */
l_checksum_get_digest(hmac, zero_mac, EAP_SIM_MAC_LEN);

4
src/simutil.h
View File

@ -218,8 +218,8 @@ bool eap_sim_get_encryption_keys(const uint8_t *buf, uint8_t *k_encr,
* key - encryption key to use (e.g. K_encr)
* mac - buffer for the 16 byte MAC
*/
bool eap_sim_derive_mac(const uint8_t *buf, size_t len, const uint8_t *key,
uint8_t *mac);
bool eap_sim_derive_mac(enum eap_type type, const uint8_t *buf, size_t len,
const uint8_t *key, uint8_t *mac);
/*
* Helper to build the EAP packet header