aboutsummaryrefslogtreecommitdiffstats
path: root/src/eap_server/eap_server_pax.c
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2019-04-19 21:08:00 (GMT)
committerJouni Malinen <j@w1.fi>2019-04-19 21:27:15 (GMT)
commitb3c2b5d9f7d8dc652398968ad33e00fc2fdacbf1 (patch)
treeb75932fb772c4308f2da9deafe9b73a7df1176c2 /src/eap_server/eap_server_pax.c
parent431802df003c4d3b58dc2d377b1610397e7d61a9 (diff)
downloadhostap-b3c2b5d9f7d8dc652398968ad33e00fc2fdacbf1.zip
hostap-b3c2b5d9f7d8dc652398968ad33e00fc2fdacbf1.tar.gz
hostap-b3c2b5d9f7d8dc652398968ad33e00fc2fdacbf1.tar.bz2
EAP-PAX server: Check hash function results
While these local failure cases are mostly theoretical, it is better to check for the errors explicitly. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/eap_server/eap_server_pax.c')
-rw-r--r--src/eap_server/eap_server_pax.c63
1 files changed, 39 insertions, 24 deletions
diff --git a/src/eap_server/eap_server_pax.c b/src/eap_server/eap_server_pax.c
index 3257789..8ef90c9 100644
--- a/src/eap_server/eap_server_pax.c
+++ b/src/eap_server/eap_server_pax.c
@@ -107,9 +107,14 @@ static struct wpabuf * eap_pax_build_std_1(struct eap_sm *sm,
data->rand.r.x, EAP_PAX_RAND_LEN);
pos = wpabuf_put(req, EAP_PAX_MAC_LEN);
- eap_pax_mac(data->mac_id, (u8 *) "", 0,
- wpabuf_mhead(req), wpabuf_len(req) - EAP_PAX_ICV_LEN,
- NULL, 0, NULL, 0, pos);
+ if (eap_pax_mac(data->mac_id, (u8 *) "", 0,
+ wpabuf_mhead(req), wpabuf_len(req) - EAP_PAX_ICV_LEN,
+ NULL, 0, NULL, 0, pos) < 0) {
+ wpa_printf(MSG_ERROR, "EAP-PAX: Failed to calculate ICV");
+ data->state = FAILURE;
+ wpabuf_free(req);
+ return NULL;
+ }
wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: ICV", pos, EAP_PAX_ICV_LEN);
return req;
@@ -144,18 +149,28 @@ static struct wpabuf * eap_pax_build_std_3(struct eap_sm *sm,
wpabuf_put_be16(req, EAP_PAX_MAC_LEN);
pos = wpabuf_put(req, EAP_PAX_MAC_LEN);
- eap_pax_mac(data->mac_id, data->ck, EAP_PAX_CK_LEN,
- data->rand.r.y, EAP_PAX_RAND_LEN,
- (u8 *) data->cid, data->cid_len, NULL, 0, pos);
+ if (eap_pax_mac(data->mac_id, data->ck, EAP_PAX_CK_LEN,
+ data->rand.r.y, EAP_PAX_RAND_LEN,
+ (u8 *) data->cid, data->cid_len, NULL, 0, pos) < 0) {
+ wpa_printf(MSG_ERROR, "EAP-PAX: Failed to calculate MAC");
+ data->state = FAILURE;
+ wpabuf_free(req);
+ return NULL;
+ }
wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: MAC_CK(B, CID)",
pos, EAP_PAX_MAC_LEN);
/* Optional ADE could be added here, if needed */
pos = wpabuf_put(req, EAP_PAX_MAC_LEN);
- eap_pax_mac(data->mac_id, data->ick, EAP_PAX_ICK_LEN,
- wpabuf_mhead(req), wpabuf_len(req) - EAP_PAX_ICV_LEN,
- NULL, 0, NULL, 0, pos);
+ if (eap_pax_mac(data->mac_id, data->ick, EAP_PAX_ICK_LEN,
+ wpabuf_mhead(req), wpabuf_len(req) - EAP_PAX_ICV_LEN,
+ NULL, 0, NULL, 0, pos) < 0) {
+ wpa_printf(MSG_ERROR, "EAP-PAX: Failed to calculate ICV");
+ data->state = FAILURE;
+ wpabuf_free(req);
+ return NULL;
+ }
wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: ICV", pos, EAP_PAX_ICV_LEN);
return req;
@@ -264,11 +279,11 @@ static Boolean eap_pax_check(struct eap_sm *sm, void *priv,
}
icv = wpabuf_mhead_u8(respData) + mlen - EAP_PAX_ICV_LEN;
wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: ICV", icv, EAP_PAX_ICV_LEN);
- eap_pax_mac(data->mac_id, data->ick, EAP_PAX_ICK_LEN,
- wpabuf_mhead(respData),
- wpabuf_len(respData) - EAP_PAX_ICV_LEN,
- NULL, 0, NULL, 0, icvbuf);
- if (os_memcmp_const(icvbuf, icv, EAP_PAX_ICV_LEN) != 0) {
+ if (eap_pax_mac(data->mac_id, data->ick, EAP_PAX_ICK_LEN,
+ wpabuf_mhead(respData),
+ wpabuf_len(respData) - EAP_PAX_ICV_LEN,
+ NULL, 0, NULL, 0, icvbuf) < 0 ||
+ os_memcmp_const(icvbuf, icv, EAP_PAX_ICV_LEN) != 0) {
wpa_printf(MSG_INFO, "EAP-PAX: Invalid ICV");
wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: Expected ICV",
icvbuf, EAP_PAX_ICV_LEN);
@@ -395,11 +410,11 @@ static void eap_pax_process_std_2(struct eap_sm *sm,
}
data->keys_set = 1;
- eap_pax_mac(data->mac_id, data->ck, EAP_PAX_CK_LEN,
- data->rand.r.x, EAP_PAX_RAND_LEN,
- data->rand.r.y, EAP_PAX_RAND_LEN,
- (u8 *) data->cid, data->cid_len, mac);
- if (os_memcmp_const(mac, pos, EAP_PAX_MAC_LEN) != 0) {
+ if (eap_pax_mac(data->mac_id, data->ck, EAP_PAX_CK_LEN,
+ data->rand.r.x, EAP_PAX_RAND_LEN,
+ data->rand.r.y, EAP_PAX_RAND_LEN,
+ (u8 *) data->cid, data->cid_len, mac) < 0 ||
+ os_memcmp_const(mac, pos, EAP_PAX_MAC_LEN) != 0) {
wpa_printf(MSG_INFO, "EAP-PAX: Invalid MAC_CK(A, B, CID) in "
"PAX_STD-2");
wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: Expected MAC_CK(A, B, CID)",
@@ -417,11 +432,11 @@ static void eap_pax_process_std_2(struct eap_sm *sm,
return;
}
wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: ICV", pos, EAP_PAX_ICV_LEN);
- eap_pax_mac(data->mac_id, data->ick, EAP_PAX_ICK_LEN,
- wpabuf_head(respData),
- wpabuf_len(respData) - EAP_PAX_ICV_LEN, NULL, 0, NULL, 0,
- icvbuf);
- if (os_memcmp_const(icvbuf, pos, EAP_PAX_ICV_LEN) != 0) {
+ if (eap_pax_mac(data->mac_id, data->ick, EAP_PAX_ICK_LEN,
+ wpabuf_head(respData),
+ wpabuf_len(respData) - EAP_PAX_ICV_LEN, NULL, 0,
+ NULL, 0, icvbuf) < 0 ||
+ os_memcmp_const(icvbuf, pos, EAP_PAX_ICV_LEN) != 0) {
wpa_printf(MSG_INFO, "EAP-PAX: Invalid ICV in PAX_STD-2");
wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: Expected ICV",
icvbuf, EAP_PAX_ICV_LEN);