mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-11-26 02:19:26 +01:00
eap: export session ID as key materials
ERP/FILS requires the session ID which is derived internally to an EAP method.
This commit is contained in:
parent
5df84a6933
commit
e963e64f9b
@ -273,7 +273,8 @@ static void check_milenage_cb(const uint8_t *res, const uint8_t *ck,
|
|||||||
|
|
||||||
if (!aka->protected) {
|
if (!aka->protected) {
|
||||||
eap_method_success(eap);
|
eap_method_success(eap);
|
||||||
eap_set_key_material(eap, aka->msk, 32, NULL, 0, NULL, 0);
|
eap_set_key_material(eap, aka->msk, 32, NULL, 0, NULL, 0,
|
||||||
|
NULL, 0);
|
||||||
|
|
||||||
aka->state = EAP_AKA_STATE_SUCCESS;
|
aka->state = EAP_AKA_STATE_SUCCESS;
|
||||||
}
|
}
|
||||||
@ -502,7 +503,8 @@ static void handle_notification(struct eap_state *eap, const uint8_t *pkt,
|
|||||||
* Server sent successful result indication
|
* Server sent successful result indication
|
||||||
*/
|
*/
|
||||||
eap_method_success(eap);
|
eap_method_success(eap);
|
||||||
eap_set_key_material(eap, aka->msk, 32, NULL, 0, NULL, 0);
|
eap_set_key_material(eap, aka->msk, 32, NULL, 0, NULL, 0,
|
||||||
|
NULL, 0);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Build response packet
|
* Build response packet
|
||||||
|
@ -349,7 +349,7 @@ static void eap_mschapv2_handle_success(struct eap_state *eap,
|
|||||||
eap_send_response(eap, EAP_TYPE_MSCHAPV2, buffer, sizeof(buffer));
|
eap_send_response(eap, EAP_TYPE_MSCHAPV2, buffer, sizeof(buffer));
|
||||||
|
|
||||||
/* The eapol set_key_material only needs msk, and that's all we got */
|
/* The eapol set_key_material only needs msk, and that's all we got */
|
||||||
eap_set_key_material(eap, session_key, 32, NULL, 0, NULL, 0);
|
eap_set_key_material(eap, session_key, 32, NULL, 0, NULL, 0, NULL, 0);
|
||||||
|
|
||||||
done:
|
done:
|
||||||
if (!ret)
|
if (!ret)
|
||||||
|
@ -201,7 +201,7 @@ static bool eap_peap_tunnel_ready(struct eap_state *eap,
|
|||||||
eap_tls_common_tunnel_prf_get_bytes(eap, true, "client EAP encryption",
|
eap_tls_common_tunnel_prf_get_bytes(eap, true, "client EAP encryption",
|
||||||
msk_emsk, 128);
|
msk_emsk, 128);
|
||||||
|
|
||||||
eap_set_key_material(eap, msk_emsk + 0, 64, NULL, 0, NULL, 0);
|
eap_set_key_material(eap, msk_emsk + 0, 64, NULL, 0, NULL, 0, NULL, 0);
|
||||||
explicit_bzero(msk_emsk, sizeof(msk_emsk));
|
explicit_bzero(msk_emsk, sizeof(msk_emsk));
|
||||||
|
|
||||||
eap_tls_common_send_empty_response(eap);
|
eap_tls_common_send_empty_response(eap);
|
||||||
|
@ -121,7 +121,8 @@ void eap_send_response(struct eap_state *eap,
|
|||||||
void eap_set_key_material(struct eap_state *eap,
|
void eap_set_key_material(struct eap_state *eap,
|
||||||
const uint8_t *msk_data, size_t msk_len,
|
const uint8_t *msk_data, size_t msk_len,
|
||||||
const uint8_t *emsk_data, size_t emsk_len,
|
const uint8_t *emsk_data, size_t emsk_len,
|
||||||
const uint8_t *iv, size_t iv_len);
|
const uint8_t *iv, size_t iv_len,
|
||||||
|
const uint8_t *session_id, size_t session_len);
|
||||||
|
|
||||||
void eap_start_complete_timeout(struct eap_state *eap);
|
void eap_start_complete_timeout(struct eap_state *eap);
|
||||||
|
|
||||||
|
@ -541,7 +541,8 @@ static void eap_pwd_handle_confirm(struct eap_state *eap,
|
|||||||
scalar_s, clen);
|
scalar_s, clen);
|
||||||
|
|
||||||
kdf(mk, 32, (const char *) session_id, 33, msk_emsk, 128);
|
kdf(mk, 32, (const char *) session_id, 33, msk_emsk, 128);
|
||||||
eap_set_key_material(eap, msk_emsk, 64, msk_emsk + 64, 64, NULL, 0);
|
eap_set_key_material(eap, msk_emsk, 64, msk_emsk + 64, 64, NULL, 0,
|
||||||
|
session_id, sizeof(session_id));
|
||||||
|
|
||||||
explicit_bzero(mk, sizeof(mk));
|
explicit_bzero(mk, sizeof(mk));
|
||||||
explicit_bzero(msk_emsk, sizeof(msk_emsk));
|
explicit_bzero(msk_emsk, sizeof(msk_emsk));
|
||||||
|
@ -379,7 +379,9 @@ static void gsm_callback(const uint8_t *sres, const uint8_t *kc,
|
|||||||
* Result indication not required, we must accept success.
|
* Result indication not required, we must accept success.
|
||||||
*/
|
*/
|
||||||
eap_method_success(eap);
|
eap_method_success(eap);
|
||||||
eap_set_key_material(eap, sim->msk, 32, NULL, 0, NULL, 0);
|
/* TODO: Derive Session-ID */
|
||||||
|
eap_set_key_material(eap, sim->msk, 32, NULL, 0, NULL, 0,
|
||||||
|
NULL, 0);
|
||||||
|
|
||||||
sim->state = EAP_SIM_STATE_SUCCESS;
|
sim->state = EAP_SIM_STATE_SUCCESS;
|
||||||
}
|
}
|
||||||
@ -532,7 +534,9 @@ static void handle_notification(struct eap_state *eap, const uint8_t *pkt,
|
|||||||
* Server sent successful result indication
|
* Server sent successful result indication
|
||||||
*/
|
*/
|
||||||
eap_method_success(eap);
|
eap_method_success(eap);
|
||||||
eap_set_key_material(eap, sim->msk, 32, NULL, 0, NULL, 0);
|
/* TODO: Derive Session-ID */
|
||||||
|
eap_set_key_material(eap, sim->msk, 32, NULL, 0, NULL, 0,
|
||||||
|
NULL, 0);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Build response packet
|
* Build response packet
|
||||||
|
@ -49,7 +49,9 @@ static bool eap_tls_tunnel_ready(struct eap_state *eap,
|
|||||||
eap_tls_common_tunnel_prf_get_bytes(eap, false, "client EAP encryption",
|
eap_tls_common_tunnel_prf_get_bytes(eap, false, "client EAP encryption",
|
||||||
iv, 64);
|
iv, 64);
|
||||||
|
|
||||||
eap_set_key_material(eap, msk_emsk + 0, 64, msk_emsk + 64, 64, iv, 64);
|
/* TODO: Derive Session-ID */
|
||||||
|
eap_set_key_material(eap, msk_emsk + 0, 64, msk_emsk + 64, 64, iv, 64,
|
||||||
|
NULL, 0);
|
||||||
explicit_bzero(msk_emsk, sizeof(msk_emsk));
|
explicit_bzero(msk_emsk, sizeof(msk_emsk));
|
||||||
explicit_bzero(iv, sizeof(iv));
|
explicit_bzero(iv, sizeof(iv));
|
||||||
|
|
||||||
|
@ -920,7 +920,8 @@ static bool eap_ttls_tunnel_ready(struct eap_state *eap,
|
|||||||
eap_tls_common_tunnel_prf_get_bytes(eap, true, "ttls keying material",
|
eap_tls_common_tunnel_prf_get_bytes(eap, true, "ttls keying material",
|
||||||
msk_emsk, 128);
|
msk_emsk, 128);
|
||||||
|
|
||||||
eap_set_key_material(eap, msk_emsk + 0, 64, msk_emsk + 64, 64, NULL, 0);
|
eap_set_key_material(eap, msk_emsk + 0, 64, msk_emsk + 64, 64, NULL, 0,
|
||||||
|
NULL, 0);
|
||||||
explicit_bzero(msk_emsk, sizeof(msk_emsk));
|
explicit_bzero(msk_emsk, sizeof(msk_emsk));
|
||||||
|
|
||||||
if (phase2->ops->init)
|
if (phase2->ops->init)
|
||||||
|
@ -598,13 +598,15 @@ const char *eap_get_method_name(struct eap_state *eap)
|
|||||||
void eap_set_key_material(struct eap_state *eap,
|
void eap_set_key_material(struct eap_state *eap,
|
||||||
const uint8_t *msk_data, size_t msk_len,
|
const uint8_t *msk_data, size_t msk_len,
|
||||||
const uint8_t *emsk_data, size_t emsk_len,
|
const uint8_t *emsk_data, size_t emsk_len,
|
||||||
const uint8_t *iv, size_t iv_len)
|
const uint8_t *iv, size_t iv_len,
|
||||||
|
const uint8_t *session_id, size_t session_len)
|
||||||
{
|
{
|
||||||
if (!eap->set_key_material)
|
if (!eap->set_key_material)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
eap->set_key_material(msk_data, msk_len, emsk_data, emsk_len,
|
eap->set_key_material(msk_data, msk_len, emsk_data, emsk_len,
|
||||||
iv, iv_len, eap->user_data);
|
iv, iv_len, session_id, session_len,
|
||||||
|
eap->user_data);
|
||||||
}
|
}
|
||||||
|
|
||||||
void eap_method_event(struct eap_state *eap, unsigned int id, const void *data)
|
void eap_method_event(struct eap_state *eap, unsigned int id, const void *data)
|
||||||
|
@ -58,6 +58,7 @@ typedef void (*eap_tx_packet_func_t)(const uint8_t *eap_data, size_t len,
|
|||||||
typedef void (*eap_key_material_func_t)(const uint8_t *msk_data, size_t msk_len,
|
typedef void (*eap_key_material_func_t)(const uint8_t *msk_data, size_t msk_len,
|
||||||
const uint8_t *emsk_data, size_t emsk_len,
|
const uint8_t *emsk_data, size_t emsk_len,
|
||||||
const uint8_t *iv, size_t iv_len,
|
const uint8_t *iv, size_t iv_len,
|
||||||
|
const uint8_t *session_id, size_t session_len,
|
||||||
void *user_data);
|
void *user_data);
|
||||||
typedef void (*eap_complete_func_t)(enum eap_result result, void *user_data);
|
typedef void (*eap_complete_func_t)(enum eap_result result, void *user_data);
|
||||||
typedef void (*eap_event_func_t)(unsigned int event, const void *event_data,
|
typedef void (*eap_event_func_t)(unsigned int event, const void *event_data,
|
||||||
|
@ -1948,6 +1948,7 @@ static void eapol_eap_complete_cb(enum eap_result result, void *user_data)
|
|||||||
static void eapol_eap_results_cb(const uint8_t *msk_data, size_t msk_len,
|
static void eapol_eap_results_cb(const uint8_t *msk_data, size_t msk_len,
|
||||||
const uint8_t *emsk_data, size_t emsk_len,
|
const uint8_t *emsk_data, size_t emsk_len,
|
||||||
const uint8_t *iv, size_t iv_len,
|
const uint8_t *iv, size_t iv_len,
|
||||||
|
const uint8_t *session_id, size_t session_len,
|
||||||
void *user_data)
|
void *user_data)
|
||||||
{
|
{
|
||||||
struct eapol_sm *sm = user_data;
|
struct eapol_sm *sm = user_data;
|
||||||
@ -2372,6 +2373,7 @@ static void preauth_eap_complete_cb(enum eap_result result, void *user_data)
|
|||||||
static void preauth_eap_results_cb(const uint8_t *msk_data, size_t msk_len,
|
static void preauth_eap_results_cb(const uint8_t *msk_data, size_t msk_len,
|
||||||
const uint8_t *emsk_data, size_t emsk_len,
|
const uint8_t *emsk_data, size_t emsk_len,
|
||||||
const uint8_t *iv, size_t iv_len,
|
const uint8_t *iv, size_t iv_len,
|
||||||
|
const uint8_t *session_id, size_t session_len,
|
||||||
void *user_data)
|
void *user_data)
|
||||||
{
|
{
|
||||||
struct preauth_sm *sm = user_data;
|
struct preauth_sm *sm = user_data;
|
||||||
|
@ -183,6 +183,7 @@ static void eap_complete(enum eap_result result, void *user_data)
|
|||||||
static void eap_key_material(const uint8_t *msk_data, size_t msk_len,
|
static void eap_key_material(const uint8_t *msk_data, size_t msk_len,
|
||||||
const uint8_t *emsk_data, size_t emsk_len,
|
const uint8_t *emsk_data, size_t emsk_len,
|
||||||
const uint8_t *iv, size_t iv_len,
|
const uint8_t *iv, size_t iv_len,
|
||||||
|
const uint8_t *session_id, size_t session_len,
|
||||||
void *user_data)
|
void *user_data)
|
||||||
{
|
{
|
||||||
l_debug("EAP key material received");
|
l_debug("EAP key material received");
|
||||||
|
Loading…
Reference in New Issue
Block a user