aboutsummaryrefslogtreecommitdiffstats
path: root/src/eap_peer
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2008-11-26 11:27:40 (GMT)
committerJouni Malinen <j@w1.fi>2008-11-26 11:27:40 (GMT)
commit6dcfad915f34b1faf5ee7895fba359698ddcf305 (patch)
tree5e1ece746972d5fd1b945302aee03015bdff810c /src/eap_peer
parenta78d3dbd02de9579f75158c10864b0f84969bf5b (diff)
downloadhostap-06-6dcfad915f34b1faf5ee7895fba359698ddcf305.zip
hostap-06-6dcfad915f34b1faf5ee7895fba359698ddcf305.tar.gz
hostap-06-6dcfad915f34b1faf5ee7895fba359698ddcf305.tar.bz2
PEAPv0: Added support for IPMK/CMK derivation in session resumption case
Diffstat (limited to 'src/eap_peer')
-rw-r--r--src/eap_peer/eap_peap.c15
1 files changed, 14 insertions, 1 deletions
diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c
index a350448..392b36a 100644
--- a/src/eap_peer/eap_peap.c
+++ b/src/eap_peer/eap_peap.c
@@ -60,6 +60,7 @@ struct eap_peap_data {
* EAP-Success and expect AS to send outer
* (unencrypted) EAP-Success after this */
int resuming; /* starting a resumed session */
+ int reauth; /* reauthentication */
u8 *key_data;
struct wpabuf *pending_phase2_req;
@@ -269,6 +270,18 @@ static int eap_peap_derive_cmk(struct eap_sm *sm, struct eap_peap_data *data)
return -1;
wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: TK", tk, 60);
+ if (data->reauth &&
+ tls_connection_resumed(sm->ssl_ctx, data->ssl.conn)) {
+ /* Fast-connect: IPMK|CMK = TK */
+ os_memcpy(data->ipmk, tk, 40);
+ wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: IPMK from TK",
+ data->ipmk, 40);
+ os_memcpy(data->cmk, tk + 40, 20);
+ wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: CMK from TK",
+ data->cmk, 20);
+ return 0;
+ }
+
if (eap_peap_get_isk(sm, data, isk, sizeof(isk)) < 0)
return -1;
wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: ISK", isk, sizeof(isk));
@@ -286,7 +299,6 @@ static int eap_peap_derive_cmk(struct eap_sm *sm, struct eap_peap_data *data)
wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: IMCK (IPMKj)",
imck, sizeof(imck));
- /* TODO: fast-connect: IPMK|CMK = TK */
os_memcpy(data->ipmk, imck, 40);
wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: IPMK (S-IPMKj)", data->ipmk, 40);
os_memcpy(data->cmk, imck + 40, 20);
@@ -1191,6 +1203,7 @@ static void * eap_peap_init_for_reauth(struct eap_sm *sm, void *priv)
data->phase2_eap_success = 0;
data->phase2_eap_started = 0;
data->resuming = 1;
+ data->reauth = 1;
sm->peap_done = FALSE;
return priv;
}