3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-04 19:19:23 +01:00

eap: export session ID as key materials

ERP/FILS requires the session ID which is derived internally to an
EAP method.
This commit is contained in:
James Prestwood 2019-04-10 14:52:26 -07:00 committed by Denis Kenzior
parent 5df84a6933
commit e963e64f9b
12 changed files with 29 additions and 12 deletions

View File

@ -273,7 +273,8 @@ static void check_milenage_cb(const uint8_t *res, const uint8_t *ck,
if (!aka->protected) {
eap_method_success(eap);
eap_set_key_material(eap, aka->msk, 32, NULL, 0, NULL, 0);
eap_set_key_material(eap, aka->msk, 32, NULL, 0, NULL, 0,
NULL, 0);
aka->state = EAP_AKA_STATE_SUCCESS;
}
@ -502,7 +503,8 @@ static void handle_notification(struct eap_state *eap, const uint8_t *pkt,
* Server sent successful result indication
*/
eap_method_success(eap);
eap_set_key_material(eap, aka->msk, 32, NULL, 0, NULL, 0);
eap_set_key_material(eap, aka->msk, 32, NULL, 0, NULL, 0,
NULL, 0);
/*
* Build response packet

View File

@ -349,7 +349,7 @@ static void eap_mschapv2_handle_success(struct eap_state *eap,
eap_send_response(eap, EAP_TYPE_MSCHAPV2, buffer, sizeof(buffer));
/* The eapol set_key_material only needs msk, and that's all we got */
eap_set_key_material(eap, session_key, 32, NULL, 0, NULL, 0);
eap_set_key_material(eap, session_key, 32, NULL, 0, NULL, 0, NULL, 0);
done:
if (!ret)

View File

@ -201,7 +201,7 @@ static bool eap_peap_tunnel_ready(struct eap_state *eap,
eap_tls_common_tunnel_prf_get_bytes(eap, true, "client EAP encryption",
msk_emsk, 128);
eap_set_key_material(eap, msk_emsk + 0, 64, NULL, 0, NULL, 0);
eap_set_key_material(eap, msk_emsk + 0, 64, NULL, 0, NULL, 0, NULL, 0);
explicit_bzero(msk_emsk, sizeof(msk_emsk));
eap_tls_common_send_empty_response(eap);

View File

@ -121,7 +121,8 @@ void eap_send_response(struct eap_state *eap,
void eap_set_key_material(struct eap_state *eap,
const uint8_t *msk_data, size_t msk_len,
const uint8_t *emsk_data, size_t emsk_len,
const uint8_t *iv, size_t iv_len);
const uint8_t *iv, size_t iv_len,
const uint8_t *session_id, size_t session_len);
void eap_start_complete_timeout(struct eap_state *eap);

View File

@ -541,7 +541,8 @@ static void eap_pwd_handle_confirm(struct eap_state *eap,
scalar_s, clen);
kdf(mk, 32, (const char *) session_id, 33, msk_emsk, 128);
eap_set_key_material(eap, msk_emsk, 64, msk_emsk + 64, 64, NULL, 0);
eap_set_key_material(eap, msk_emsk, 64, msk_emsk + 64, 64, NULL, 0,
session_id, sizeof(session_id));
explicit_bzero(mk, sizeof(mk));
explicit_bzero(msk_emsk, sizeof(msk_emsk));

View File

@ -379,7 +379,9 @@ static void gsm_callback(const uint8_t *sres, const uint8_t *kc,
* Result indication not required, we must accept success.
*/
eap_method_success(eap);
eap_set_key_material(eap, sim->msk, 32, NULL, 0, NULL, 0);
/* TODO: Derive Session-ID */
eap_set_key_material(eap, sim->msk, 32, NULL, 0, NULL, 0,
NULL, 0);
sim->state = EAP_SIM_STATE_SUCCESS;
}
@ -532,7 +534,9 @@ static void handle_notification(struct eap_state *eap, const uint8_t *pkt,
* Server sent successful result indication
*/
eap_method_success(eap);
eap_set_key_material(eap, sim->msk, 32, NULL, 0, NULL, 0);
/* TODO: Derive Session-ID */
eap_set_key_material(eap, sim->msk, 32, NULL, 0, NULL, 0,
NULL, 0);
/*
* Build response packet

View File

@ -49,7 +49,9 @@ static bool eap_tls_tunnel_ready(struct eap_state *eap,
eap_tls_common_tunnel_prf_get_bytes(eap, false, "client EAP encryption",
iv, 64);
eap_set_key_material(eap, msk_emsk + 0, 64, msk_emsk + 64, 64, iv, 64);
/* TODO: Derive Session-ID */
eap_set_key_material(eap, msk_emsk + 0, 64, msk_emsk + 64, 64, iv, 64,
NULL, 0);
explicit_bzero(msk_emsk, sizeof(msk_emsk));
explicit_bzero(iv, sizeof(iv));

View File

@ -920,7 +920,8 @@ static bool eap_ttls_tunnel_ready(struct eap_state *eap,
eap_tls_common_tunnel_prf_get_bytes(eap, true, "ttls keying material",
msk_emsk, 128);
eap_set_key_material(eap, msk_emsk + 0, 64, msk_emsk + 64, 64, NULL, 0);
eap_set_key_material(eap, msk_emsk + 0, 64, msk_emsk + 64, 64, NULL, 0,
NULL, 0);
explicit_bzero(msk_emsk, sizeof(msk_emsk));
if (phase2->ops->init)

View File

@ -598,13 +598,15 @@ const char *eap_get_method_name(struct eap_state *eap)
void eap_set_key_material(struct eap_state *eap,
const uint8_t *msk_data, size_t msk_len,
const uint8_t *emsk_data, size_t emsk_len,
const uint8_t *iv, size_t iv_len)
const uint8_t *iv, size_t iv_len,
const uint8_t *session_id, size_t session_len)
{
if (!eap->set_key_material)
return;
eap->set_key_material(msk_data, msk_len, emsk_data, emsk_len,
iv, iv_len, eap->user_data);
iv, iv_len, session_id, session_len,
eap->user_data);
}
void eap_method_event(struct eap_state *eap, unsigned int id, const void *data)

View File

@ -58,6 +58,7 @@ typedef void (*eap_tx_packet_func_t)(const uint8_t *eap_data, size_t len,
typedef void (*eap_key_material_func_t)(const uint8_t *msk_data, size_t msk_len,
const uint8_t *emsk_data, size_t emsk_len,
const uint8_t *iv, size_t iv_len,
const uint8_t *session_id, size_t session_len,
void *user_data);
typedef void (*eap_complete_func_t)(enum eap_result result, void *user_data);
typedef void (*eap_event_func_t)(unsigned int event, const void *event_data,

View File

@ -1948,6 +1948,7 @@ static void eapol_eap_complete_cb(enum eap_result result, void *user_data)
static void eapol_eap_results_cb(const uint8_t *msk_data, size_t msk_len,
const uint8_t *emsk_data, size_t emsk_len,
const uint8_t *iv, size_t iv_len,
const uint8_t *session_id, size_t session_len,
void *user_data)
{
struct eapol_sm *sm = user_data;
@ -2372,6 +2373,7 @@ static void preauth_eap_complete_cb(enum eap_result result, void *user_data)
static void preauth_eap_results_cb(const uint8_t *msk_data, size_t msk_len,
const uint8_t *emsk_data, size_t emsk_len,
const uint8_t *iv, size_t iv_len,
const uint8_t *session_id, size_t session_len,
void *user_data)
{
struct preauth_sm *sm = user_data;

View File

@ -183,6 +183,7 @@ static void eap_complete(enum eap_result result, void *user_data)
static void eap_key_material(const uint8_t *msk_data, size_t msk_len,
const uint8_t *emsk_data, size_t emsk_len,
const uint8_t *iv, size_t iv_len,
const uint8_t *session_id, size_t session_len,
void *user_data)
{
l_debug("EAP key material received");