aboutsummaryrefslogtreecommitdiffstats
path: root/src/eap_peer
diff options
context:
space:
mode:
authorJouni Malinen <jouni.malinen@atheros.com>2008-11-19 17:25:14 (GMT)
committerJouni Malinen <j@w1.fi>2008-11-19 17:25:14 (GMT)
commit2d981c2fd026688f3140e716c83cba200a6b9fc1 (patch)
tree4dd734c370656d099a9a11fe251dafb13837ca64 /src/eap_peer
parent98842d51ec1d4c6b124774b2c2fdaa6b312a1dc0 (diff)
downloadhostap-06-2d981c2fd026688f3140e716c83cba200a6b9fc1.zip
hostap-06-2d981c2fd026688f3140e716c83cba200a6b9fc1.tar.gz
hostap-06-2d981c2fd026688f3140e716c83cba200a6b9fc1.tar.bz2
EAP-PEAP: Copy Binding nonce from cryptobinding request to reply
It looks like [MS-PEAP] 3.2.5.6 points towards this being the expected behavior (however, that chapter is very confusing). In addition, remove Cryptobinding TLV from response if the received Cryptobinding TLV is not valid. Add some more debug messages to the case where the received Cryptobinding TLV is found invalid.
Diffstat (limited to 'src/eap_peer')
-rw-r--r--src/eap_peer/eap_peap.c18
1 files changed, 12 insertions, 6 deletions
diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c
index 954ecf1..3af888c 100644
--- a/src/eap_peer/eap_peap.c
+++ b/src/eap_peer/eap_peap.c
@@ -65,6 +65,7 @@ struct eap_peap_data {
struct wpabuf *pending_phase2_req;
enum { NO_BINDING, OPTIONAL_BINDING, REQUIRE_BINDING } crypto_binding;
int crypto_binding_used;
+ u8 binding_nonce[32];
u8 ipmk[40];
u8 cmk[20];
int soh; /* Whether IF-TNCCS-SOH (Statement of Health; Microsoft NAP)
@@ -304,11 +305,6 @@ static int eap_tlv_add_cryptobinding(struct eap_sm *sm,
const u8 *addr[2];
size_t len[2];
u16 tlv_type;
- u8 binding_nonce[32];
-
- /* FIX: should binding_nonce be copied from request? */
- if (os_get_random(binding_nonce, 32))
- return -1;
/* Compound_MAC: HMAC-SHA1-160(cryptobinding TLV | EAP type) */
addr[0] = wpabuf_put(buf, 0);
@@ -326,7 +322,7 @@ static int eap_tlv_add_cryptobinding(struct eap_sm *sm,
wpabuf_put_u8(buf, data->peap_version); /* Version */
wpabuf_put_u8(buf, data->peap_version); /* RecvVersion */
wpabuf_put_u8(buf, 1); /* SubType: 0 = Request, 1 = Response */
- wpabuf_put_data(buf, binding_nonce, 32); /* Nonce */
+ wpabuf_put_data(buf, data->binding_nonce, 32); /* Nonce */
mac = wpabuf_put(buf, 20); /* Compound_MAC */
wpa_hexdump(MSG_MSGDUMP, "EAP-PEAP: Compound_MAC CMK", data->cmk, 20);
wpa_hexdump(MSG_MSGDUMP, "EAP-PEAP: Compound_MAC data 1",
@@ -417,17 +413,24 @@ static int eap_tlv_validate_cryptobinding(struct eap_sm *sm,
return -1;
}
pos += 4;
+ os_memcpy(data->binding_nonce, pos, 32);
pos += 32; /* Nonce */
/* Compound_MAC: HMAC-SHA1-160(cryptobinding TLV | EAP type) */
os_memcpy(buf, crypto_tlv, 60);
os_memset(buf + 4 + 4 + 32, 0, 20); /* Compound_MAC */
buf[60] = EAP_TYPE_PEAP;
+ wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Compound_MAC data",
+ buf, sizeof(buf));
hmac_sha1(data->cmk, 20, buf, sizeof(buf), mac);
if (os_memcmp(mac, pos, SHA1_MAC_LEN) != 0) {
wpa_printf(MSG_DEBUG, "EAP-PEAP: Invalid Compound_MAC in "
"cryptobinding TLV");
+ wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Received MAC",
+ pos, SHA1_MAC_LEN);
+ wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Expected MAC",
+ mac, SHA1_MAC_LEN);
return -1;
}
@@ -523,6 +526,9 @@ static int eap_tlv_process(struct eap_sm *sm, struct eap_peap_data *data,
if (result_tlv == NULL)
return -1;
force_failure = 1;
+ crypto_tlv = NULL; /* do not include Cryptobinding TLV
+ * in response, if the received
+ * cryptobinding was invalid. */
}
} else if (!crypto_tlv && data->crypto_binding == REQUIRE_BINDING) {
wpa_printf(MSG_DEBUG, "EAP-PEAP: No cryptobinding TLV");