aboutsummaryrefslogtreecommitdiffstats
path: root/src/eap_peer/eap_fast.c
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2008-12-14 11:12:20 (GMT)
committerJouni Malinen <j@w1.fi>2008-12-14 11:12:20 (GMT)
commit000a1de72b20a461710667477b98618ad545e941 (patch)
tree476bdd6eda7cfaddd186cfd8de9466e436289015 /src/eap_peer/eap_fast.c
parent6e783c6da9eab625732762e7d534159cb02b460c (diff)
downloadhostap-000a1de72b20a461710667477b98618ad545e941.zip
hostap-000a1de72b20a461710667477b98618ad545e941.tar.gz
hostap-000a1de72b20a461710667477b98618ad545e941.tar.bz2
Cleaned up EAP-MSCHAPv2 key derivation
Changed peer to derive the full key (both MS-MPPE-Recv-Key and MS-MPPE-Send-Key for total of 32 octets) to match with server implementation. Swapped the order of MPPE keys in MSK derivation since server MS-MPPE-Recv-Key | MS-MPPE-Send-Key matches with the order specified for EAP-TLS MSK derivation. This means that PEAPv0 cryptobinding is now using EAP-MSCHAPv2 MSK as-is for ISK while EAP-FAST will need to swap the order of the MPPE keys to get ISK in a way that interoperates with Cisco EAP-FAST implementation.
Diffstat (limited to 'src/eap_peer/eap_fast.c')
-rw-r--r--src/eap_peer/eap_fast.c15
1 files changed, 12 insertions, 3 deletions
diff --git a/src/eap_peer/eap_fast.c b/src/eap_peer/eap_fast.c
index b19f298..07e345f 100644
--- a/src/eap_peer/eap_fast.c
+++ b/src/eap_peer/eap_fast.c
@@ -343,10 +343,8 @@ static int eap_fast_init_phase2_method(struct eap_sm *sm,
sm->peer_challenge = data->key_block_p->client_challenge;
}
sm->init_phase2 = 1;
- sm->mschapv2_full_key = 1;
data->phase2_priv = data->phase2_method->init(sm);
sm->init_phase2 = 0;
- sm->mschapv2_full_key = 0;
sm->auth_challenge = NULL;
sm->peer_challenge = NULL;
@@ -661,7 +659,18 @@ static int eap_fast_get_phase2_key(struct eap_sm *sm,
if (key_len > isk_len)
key_len = isk_len;
- os_memcpy(isk, key, key_len);
+ if (key_len == 32 &&
+ data->phase2_method->vendor == EAP_VENDOR_IETF &&
+ data->phase2_method->method == EAP_TYPE_MSCHAPV2) {
+ /*
+ * EAP-FAST uses reverse order for MS-MPPE keys when deriving
+ * MSK from EAP-MSCHAPv2. Swap the keys here to get the correct
+ * ISK for EAP-FAST cryptobinding.
+ */
+ os_memcpy(isk, key + 16, 16);
+ os_memcpy(isk + 16, key, 16);
+ } else
+ os_memcpy(isk, key, key_len);
os_free(key);
return 0;