eap: export session ID as key materials
ERP/FILS requires the session ID which is derived internally to an EAP method.
This commit is contained in:
James Prestwood
Denis Kenzior
parent
5df84a6933
commit
e963e64f9b
|
|
@ -273,7 +273,8 @@ static void check_milenage_cb(const uint8_t *res, const uint8_t *ck,
|
|||
|
||||
if (!aka->protected) {
|
||||
eap_method_success(eap);
|
||||
eap_set_key_material(eap, aka->msk, 32, NULL, 0, NULL, 0);
|
||||
eap_set_key_material(eap, aka->msk, 32, NULL, 0, NULL, 0,
|
||||
NULL, 0);
|
||||
|
||||
aka->state = EAP_AKA_STATE_SUCCESS;
|
||||
}
|
||||
|
|
@ -502,7 +503,8 @@ static void handle_notification(struct eap_state *eap, const uint8_t *pkt,
|
|||
* Server sent successful result indication
|
||||
*/
|
||||
eap_method_success(eap);
|
||||
eap_set_key_material(eap, aka->msk, 32, NULL, 0, NULL, 0);
|
||||
eap_set_key_material(eap, aka->msk, 32, NULL, 0, NULL, 0,
|
||||
NULL, 0);
|
||||
|
||||
/*
|
||||
* Build response packet
|
||||
|
|
|
|||
|
|
@ -349,7 +349,7 @@ static void eap_mschapv2_handle_success(struct eap_state *eap,
|
|||
eap_send_response(eap, EAP_TYPE_MSCHAPV2, buffer, sizeof(buffer));
|
||||
|
||||
/* The eapol set_key_material only needs msk, and that's all we got */
|
||||
eap_set_key_material(eap, session_key, 32, NULL, 0, NULL, 0);
|
||||
eap_set_key_material(eap, session_key, 32, NULL, 0, NULL, 0, NULL, 0);
|
||||
|
||||
done:
|
||||
if (!ret)
|
||||
|
|
|
|||
|
|
@ -201,7 +201,7 @@ static bool eap_peap_tunnel_ready(struct eap_state *eap,
|
|||
eap_tls_common_tunnel_prf_get_bytes(eap, true, "client EAP encryption",
|
||||
msk_emsk, 128);
|
||||
|
||||
eap_set_key_material(eap, msk_emsk + 0, 64, NULL, 0, NULL, 0);
|
||||
eap_set_key_material(eap, msk_emsk + 0, 64, NULL, 0, NULL, 0, NULL, 0);
|
||||
explicit_bzero(msk_emsk, sizeof(msk_emsk));
|
||||
|
||||
eap_tls_common_send_empty_response(eap);
|
||||
|
|
|
|||
|
|
@ -121,7 +121,8 @@ void eap_send_response(struct eap_state *eap,
|
|||
void eap_set_key_material(struct eap_state *eap,
|
||||
const uint8_t *msk_data, size_t msk_len,
|
||||
const uint8_t *emsk_data, size_t emsk_len,
|
||||
const uint8_t *iv, size_t iv_len);
|
||||
const uint8_t *iv, size_t iv_len,
|
||||
const uint8_t *session_id, size_t session_len);
|
||||
|
||||
void eap_start_complete_timeout(struct eap_state *eap);
|
||||
|
||||
|
|
|
|||
|
|
@ -541,7 +541,8 @@ static void eap_pwd_handle_confirm(struct eap_state *eap,
|
|||
scalar_s, clen);
|
||||
|
||||
kdf(mk, 32, (const char *) session_id, 33, msk_emsk, 128);
|
||||
eap_set_key_material(eap, msk_emsk, 64, msk_emsk + 64, 64, NULL, 0);
|
||||
eap_set_key_material(eap, msk_emsk, 64, msk_emsk + 64, 64, NULL, 0,
|
||||
session_id, sizeof(session_id));
|
||||
|
||||
explicit_bzero(mk, sizeof(mk));
|
||||
explicit_bzero(msk_emsk, sizeof(msk_emsk));
|
||||
|
|
|
|||
|
|
@ -379,7 +379,9 @@ static void gsm_callback(const uint8_t *sres, const uint8_t *kc,
|
|||
* Result indication not required, we must accept success.
|
||||
*/
|
||||
eap_method_success(eap);
|
||||
eap_set_key_material(eap, sim->msk, 32, NULL, 0, NULL, 0);
|
||||
/* TODO: Derive Session-ID */
|
||||
eap_set_key_material(eap, sim->msk, 32, NULL, 0, NULL, 0,
|
||||
NULL, 0);
|
||||
|
||||
sim->state = EAP_SIM_STATE_SUCCESS;
|
||||
}
|
||||
|
|
@ -532,7 +534,9 @@ static void handle_notification(struct eap_state *eap, const uint8_t *pkt,
|
|||
* Server sent successful result indication
|
||||
*/
|
||||
eap_method_success(eap);
|
||||
eap_set_key_material(eap, sim->msk, 32, NULL, 0, NULL, 0);
|
||||
/* TODO: Derive Session-ID */
|
||||
eap_set_key_material(eap, sim->msk, 32, NULL, 0, NULL, 0,
|
||||
NULL, 0);
|
||||
|
||||
/*
|
||||
* Build response packet
|
||||
|
|
|
|||
|
|
@ -49,7 +49,9 @@ static bool eap_tls_tunnel_ready(struct eap_state *eap,
|
|||
eap_tls_common_tunnel_prf_get_bytes(eap, false, "client EAP encryption",
|
||||
iv, 64);
|
||||
|
||||
eap_set_key_material(eap, msk_emsk + 0, 64, msk_emsk + 64, 64, iv, 64);
|
||||
/* TODO: Derive Session-ID */
|
||||
eap_set_key_material(eap, msk_emsk + 0, 64, msk_emsk + 64, 64, iv, 64,
|
||||
NULL, 0);
|
||||
explicit_bzero(msk_emsk, sizeof(msk_emsk));
|
||||
explicit_bzero(iv, sizeof(iv));
|
||||
|
||||
|
|
|
|||
|
|
@ -920,7 +920,8 @@ static bool eap_ttls_tunnel_ready(struct eap_state *eap,
|
|||
eap_tls_common_tunnel_prf_get_bytes(eap, true, "ttls keying material",
|
||||
msk_emsk, 128);
|
||||
|
||||
eap_set_key_material(eap, msk_emsk + 0, 64, msk_emsk + 64, 64, NULL, 0);
|
||||
eap_set_key_material(eap, msk_emsk + 0, 64, msk_emsk + 64, 64, NULL, 0,
|
||||
NULL, 0);
|
||||
explicit_bzero(msk_emsk, sizeof(msk_emsk));
|
||||
|
||||
if (phase2->ops->init)
|
||||
|
|
|
|||
|
|
@ -598,13 +598,15 @@ const char *eap_get_method_name(struct eap_state *eap)
|
|||
void eap_set_key_material(struct eap_state *eap,
|
||||
const uint8_t *msk_data, size_t msk_len,
|
||||
const uint8_t *emsk_data, size_t emsk_len,
|
||||
const uint8_t *iv, size_t iv_len)
|
||||
const uint8_t *iv, size_t iv_len,
|
||||
const uint8_t *session_id, size_t session_len)
|
||||
{
|
||||
if (!eap->set_key_material)
|
||||
return;
|
||||
|
||||
eap->set_key_material(msk_data, msk_len, emsk_data, emsk_len,
|
||||
iv, iv_len, eap->user_data);
|
||||
iv, iv_len, session_id, session_len,
|
||||
eap->user_data);
|
||||
}
|
||||
|
||||
void eap_method_event(struct eap_state *eap, unsigned int id, const void *data)
|
||||
|
|
|
|||
|
|
@ -58,6 +58,7 @@ typedef void (*eap_tx_packet_func_t)(const uint8_t *eap_data, size_t len,
|
|||
typedef void (*eap_key_material_func_t)(const uint8_t *msk_data, size_t msk_len,
|
||||
const uint8_t *emsk_data, size_t emsk_len,
|
||||
const uint8_t *iv, size_t iv_len,
|
||||
const uint8_t *session_id, size_t session_len,
|
||||
void *user_data);
|
||||
typedef void (*eap_complete_func_t)(enum eap_result result, void *user_data);
|
||||
typedef void (*eap_event_func_t)(unsigned int event, const void *event_data,
|
||||
|
|
|
|||
|
|
@ -1948,6 +1948,7 @@ static void eapol_eap_complete_cb(enum eap_result result, void *user_data)
|
|||
static void eapol_eap_results_cb(const uint8_t *msk_data, size_t msk_len,
|
||||
const uint8_t *emsk_data, size_t emsk_len,
|
||||
const uint8_t *iv, size_t iv_len,
|
||||
const uint8_t *session_id, size_t session_len,
|
||||
void *user_data)
|
||||
{
|
||||
struct eapol_sm *sm = user_data;
|
||||
|
|
@ -2372,6 +2373,7 @@ static void preauth_eap_complete_cb(enum eap_result result, void *user_data)
|
|||
static void preauth_eap_results_cb(const uint8_t *msk_data, size_t msk_len,
|
||||
const uint8_t *emsk_data, size_t emsk_len,
|
||||
const uint8_t *iv, size_t iv_len,
|
||||
const uint8_t *session_id, size_t session_len,
|
||||
void *user_data)
|
||||
{
|
||||
struct preauth_sm *sm = user_data;
|
||||
|
|
|
|||
|
|
@ -183,6 +183,7 @@ static void eap_complete(enum eap_result result, void *user_data)
|
|||
static void eap_key_material(const uint8_t *msk_data, size_t msk_len,
|
||||
const uint8_t *emsk_data, size_t emsk_len,
|
||||
const uint8_t *iv, size_t iv_len,
|
||||
const uint8_t *session_id, size_t session_len,
|
||||
void *user_data)
|
||||
{
|
||||
l_debug("EAP key material received");
|
||||
|
|
|
|||
Loading…
Reference in New Issue