aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2005-12-04 02:46:28 (GMT)
committerJouni Malinen <j@w1.fi>2005-12-04 02:46:28 (GMT)
commit3830f9f4f22f754ed2e0561ad985fb44f6433bfa (patch)
treec903616d671dd5b7e73109dd1fd92805efb146da
parentde4fe6ae3961b02a9d77339fd0cec9ed69697b83 (diff)
downloadhostap-history-3830f9f4f22f754ed2e0561ad985fb44f6433bfa.zip
hostap-history-3830f9f4f22f754ed2e0561ad985fb44f6433bfa.tar.gz
hostap-history-3830f9f4f22f754ed2e0561ad985fb44f6433bfa.tar.bz2
Added support for EAP-FAST key derivation using other ciphers than
RC4-128-SHA for authentication and AES128-SHA for provisioning.
-rw-r--r--wpa_supplicant/ChangeLog2
-rw-r--r--wpa_supplicant/eap_fast.c31
-rw-r--r--wpa_supplicant/tls.h10
-rw-r--r--wpa_supplicant/tls_openssl.c21
4 files changed, 46 insertions, 18 deletions
diff --git a/wpa_supplicant/ChangeLog b/wpa_supplicant/ChangeLog
index 1326a98..c51de5a 100644
--- a/wpa_supplicant/ChangeLog
+++ b/wpa_supplicant/ChangeLog
@@ -46,6 +46,8 @@ ChangeLog for wpa_supplicant
(CONFIG_L2_PACKET=winpcap) that uses a separate receive thread to
reduce latency in EAPOL receive processing from about 100 ms to about
3 ms
+ * added support for EAP-FAST key derivation using other ciphers than
+ RC4-128-SHA for authentication and AES128-SHA for provisioning
2005-11-20 - v0.4.7 (beginning of 0.4.x stable releases)
* l2_packet_pcap: fixed wired IEEE 802.1X authentication with libpcap
diff --git a/wpa_supplicant/eap_fast.c b/wpa_supplicant/eap_fast.c
index d743220..7c47cbc 100644
--- a/wpa_supplicant/eap_fast.c
+++ b/wpa_supplicant/eap_fast.c
@@ -59,28 +59,18 @@ struct pac_tlv_hdr {
};
-/* draft-cam-winget-eap-fast-00.txt, 6.2 EAP-FAST Authentication Phase 1 */
+/* draft-cam-winget-eap-fast-02.txt:
+ * 6.2 EAP-FAST Authentication Phase 1: Key Derivations */
struct eap_fast_key_block_auth {
- /* RC4-128-SHA */
- u8 client_write_MAC_secret[20];
- u8 server_write_MAC_secret[20];
- u8 client_write_key[16];
- u8 server_write_key[16];
- /* u8 client_write_IV[0]; */
- /* u8 server_write_IV[0]; */
+ /* Extra key material after TLS key_block */
u8 session_key_seed[40];
};
-/* draft-cam-winget-eap-fast-00.txt, 7.3 EAP-FAST Provisioning Exchange */
+/* draft-cam-winget-eap-fast-provisioning-01.txt:
+ * 3.4 Key Derivations Used in the EAP-FAST Provisioning Exchange */
struct eap_fast_key_block_provisioning {
- /* AES128-SHA */
- u8 client_write_MAC_secret[20];
- u8 server_write_MAC_secret[20];
- u8 client_write_key[16];
- u8 server_write_key[16];
- u8 client_write_IV[16];
- u8 server_write_IV[16];
+ /* Extra key material after TLS key_block */
u8 session_key_seed[40];
u8 server_challenge[16];
u8 client_challenge[16];
@@ -899,10 +889,14 @@ static u8 * eap_fast_derive_key(struct eap_sm *sm, struct eap_ssl_data *data,
struct tls_keys keys;
u8 *rnd;
u8 *out;
+ int block_size;
if (tls_connection_get_keys(sm->ssl_ctx, data->conn, &keys))
return NULL;
- out = malloc(len);
+ block_size = tls_connection_get_keyblock_size(sm->ssl_ctx, data->conn);
+ if (block_size < 0)
+ return NULL;
+ out = malloc(block_size + len);
rnd = malloc(keys.client_random_len + keys.server_random_len);
if (out == NULL || rnd == NULL) {
free(out);
@@ -917,12 +911,13 @@ static u8 * eap_fast_derive_key(struct eap_sm *sm, struct eap_ssl_data *data,
"expansion", keys.master_key, keys.master_key_len);
if (tls_prf(keys.master_key, keys.master_key_len,
label, rnd, keys.client_random_len +
- keys.server_random_len, out, len)) {
+ keys.server_random_len, out, block_size + len)) {
free(rnd);
free(out);
return NULL;
}
free(rnd);
+ memmove(out, out + block_size, len);
return out;
}
diff --git a/wpa_supplicant/tls.h b/wpa_supplicant/tls.h
index d11255f..08dc42e 100644
--- a/wpa_supplicant/tls.h
+++ b/wpa_supplicant/tls.h
@@ -442,4 +442,14 @@ int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn);
int tls_connection_get_write_alerts(void *tls_ctx,
struct tls_connection *conn);
+/**
+ * tls_connection_get_keyblock_size - Get TLS key_block size
+ * @tls_ctx: TLS context data from tls_init()
+ * @conn: Connection context data from tls_connection_init()
+ * Returns: Size of the key_block for the negotiated cipher suite or -1 on
+ * failure
+ */
+int tls_connection_get_keyblock_size(void *tls_ctx,
+ struct tls_connection *conn);
+
#endif /* TLS_H */
diff --git a/wpa_supplicant/tls_openssl.c b/wpa_supplicant/tls_openssl.c
index 2f71402..38f0d76 100644
--- a/wpa_supplicant/tls_openssl.c
+++ b/wpa_supplicant/tls_openssl.c
@@ -1931,3 +1931,24 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
return 0;
}
+
+
+int tls_connection_get_keyblock_size(void *tls_ctx,
+ struct tls_connection *conn)
+{
+ const EVP_CIPHER *c;
+ const EVP_MD *h;
+
+ if (conn == NULL || conn->ssl == NULL ||
+ conn->ssl->enc_read_ctx == NULL ||
+ conn->ssl->enc_read_ctx->cipher == NULL ||
+ conn->ssl->read_hash == NULL)
+ return -1;
+
+ c = conn->ssl->enc_read_ctx->cipher;
+ h = conn->ssl->read_hash;
+
+ return 2 * (EVP_CIPHER_key_length(c) +
+ EVP_MD_size(h) +
+ EVP_CIPHER_iv_length(c));
+}