aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2014-05-11 18:22:55 (GMT)
committerJouni Malinen <j@w1.fi>2014-05-11 18:22:55 (GMT)
commit13e2574f7d462f61b665069a6a6352e98cf1dab5 (patch)
tree3c15fc81a6f3546ddbc43e9bb347adbd507732c1 /src
parentcfdb32e88f0f0832d0781c51d79a845a412c4970 (diff)
downloadhostap-13e2574f7d462f61b665069a6a6352e98cf1dab5.zip
hostap-13e2574f7d462f61b665069a6a6352e98cf1dab5.tar.gz
hostap-13e2574f7d462f61b665069a6a6352e98cf1dab5.tar.bz2
EAP-pwd peer: Export Session-Id through getSessionId callback
EAP-pwd was already deriving the EAP Session-Id, but it was not yet exposed through the EAP method API. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src')
-rw-r--r--src/eap_common/eap_pwd_common.c3
-rw-r--r--src/eap_common/eap_pwd_common.h2
-rw-r--r--src/eap_peer/eap_pwd.c23
-rw-r--r--src/eap_server/eap_server_pwd.c4
4 files changed, 27 insertions, 5 deletions
diff --git a/src/eap_common/eap_pwd_common.c b/src/eap_common/eap_pwd_common.c
index 7d6e6b8..96c9efd 100644
--- a/src/eap_common/eap_pwd_common.c
+++ b/src/eap_common/eap_pwd_common.c
@@ -284,11 +284,10 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
int compute_keys(EAP_PWD_group *grp, BN_CTX *bnctx, BIGNUM *k,
BIGNUM *peer_scalar, BIGNUM *server_scalar,
u8 *confirm_peer, u8 *confirm_server,
- u32 *ciphersuite, u8 *msk, u8 *emsk)
+ u32 *ciphersuite, u8 *msk, u8 *emsk, u8 *session_id)
{
struct crypto_hash *hash;
u8 mk[SHA256_MAC_LEN], *cruft;
- u8 session_id[SHA256_MAC_LEN + 1];
u8 msk_emsk[EAP_MSK_LEN + EAP_EMSK_LEN];
int offset;
diff --git a/src/eap_common/eap_pwd_common.h b/src/eap_common/eap_pwd_common.h
index 816e58c..c54c441 100644
--- a/src/eap_common/eap_pwd_common.h
+++ b/src/eap_common/eap_pwd_common.h
@@ -59,7 +59,7 @@ struct eap_pwd_id {
int compute_password_element(EAP_PWD_group *, u16, u8 *, int, u8 *, int, u8 *,
int, u8 *);
int compute_keys(EAP_PWD_group *, BN_CTX *, BIGNUM *, BIGNUM *, BIGNUM *,
- u8 *, u8 *, u32 *, u8 *, u8 *);
+ u8 *, u8 *, u32 *, u8 *, u8 *, u8 *);
struct crypto_hash * eap_pwd_h_init(void);
void eap_pwd_h_update(struct crypto_hash *hash, const u8 *data, size_t len);
void eap_pwd_h_final(struct crypto_hash *hash, u8 *digest);
diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c
index e4168fc..ac1b6eb 100644
--- a/src/eap_peer/eap_pwd.c
+++ b/src/eap_peer/eap_pwd.c
@@ -43,6 +43,7 @@ struct eap_pwd_data {
u8 msk[EAP_MSK_LEN];
u8 emsk[EAP_EMSK_LEN];
+ u8 session_id[1 + SHA256_MAC_LEN];
BN_CTX *bnctx;
};
@@ -189,6 +190,25 @@ static u8 * eap_pwd_getkey(struct eap_sm *sm, void *priv, size_t *len)
}
+static u8 * eap_pwd_get_session_id(struct eap_sm *sm, void *priv, size_t *len)
+{
+ struct eap_pwd_data *data = priv;
+ u8 *id;
+
+ if (data->state != SUCCESS)
+ return NULL;
+
+ id = os_malloc(1 + SHA256_MAC_LEN);
+ if (id == NULL)
+ return NULL;
+
+ os_memcpy(id, data->session_id, 1 + SHA256_MAC_LEN);
+ *len = 1 + SHA256_MAC_LEN;
+
+ return id;
+}
+
+
static void
eap_pwd_perform_id_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
struct eap_method_ret *ret,
@@ -647,7 +667,7 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
if (compute_keys(data->grp, data->bnctx, data->k,
data->my_scalar, data->server_scalar, conf, ptr,
- &cs, data->msk, data->emsk) < 0) {
+ &cs, data->msk, data->emsk, data->session_id) < 0) {
wpa_printf(MSG_INFO, "EAP-PWD (peer): unable to compute MSK | "
"EMSK");
goto fin;
@@ -934,6 +954,7 @@ int eap_peer_pwd_register(void)
eap->process = eap_pwd_process;
eap->isKeyAvailable = eap_pwd_key_available;
eap->getKey = eap_pwd_getkey;
+ eap->getSessionId = eap_pwd_get_session_id;
eap->get_emsk = eap_pwd_get_emsk;
ret = eap_peer_method_register(eap);
diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c
index 3467dd1..b0d03d2 100644
--- a/src/eap_server/eap_server_pwd.c
+++ b/src/eap_server/eap_server_pwd.c
@@ -45,6 +45,7 @@ struct eap_pwd_data {
u8 msk[EAP_MSK_LEN];
u8 emsk[EAP_EMSK_LEN];
+ u8 session_id[1 + SHA256_MAC_LEN];
BN_CTX *bnctx;
};
@@ -841,7 +842,8 @@ eap_pwd_process_confirm_resp(struct eap_sm *sm, struct eap_pwd_data *data,
wpa_printf(MSG_DEBUG, "EAP-pwd (server): confirm verified");
if (compute_keys(data->grp, data->bnctx, data->k,
data->peer_scalar, data->my_scalar, conf,
- data->my_confirm, &cs, data->msk, data->emsk) < 0)
+ data->my_confirm, &cs, data->msk, data->emsk,
+ data->session_id) < 0)
eap_pwd_state(data, FAILURE);
else
eap_pwd_state(data, SUCCESS);