aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2008-02-03 03:34:24 (GMT)
committerJouni Malinen <j@w1.fi>2008-02-03 03:34:24 (GMT)
commitf6417bcf58bd6e3c0a231bc8b3ba450265e5a2fe (patch)
treeb54d82ddc2b36b2f552558b52cdc6145e1086985
parent52b450dd741929d9290dac81ac172a80eafd8632 (diff)
downloadhostap-history-f6417bcf58bd6e3c0a231bc8b3ba450265e5a2fe.zip
hostap-history-f6417bcf58bd6e3c0a231bc8b3ba450265e5a2fe.tar.gz
hostap-history-f6417bcf58bd6e3c0a231bc8b3ba450265e5a2fe.tar.bz2
EAP-SIM/AKA workaround for incorrect null termination in the username
It looks like some EAP-SIM/AKA peer implementations include an extra null termination in the end of the identity/username. These implementations do not seem to include these null characters in key derivation and that would result in a key mismatch. As a workaround, drop the possible null characters from the end of the identity/username for key derivation.
-rw-r--r--hostapd/ChangeLog2
-rw-r--r--src/eap_common/eap_sim_common.c7
-rw-r--r--src/eap_server/eap_aka.c12
-rw-r--r--src/eap_server/eap_sim.c12
4 files changed, 26 insertions, 7 deletions
diff --git a/hostapd/ChangeLog b/hostapd/ChangeLog
index 5ba4fb9..563115c 100644
--- a/hostapd/ChangeLog
+++ b/hostapd/ChangeLog
@@ -20,6 +20,8 @@ ChangeLog for hostapd
could have triggered a crash in some cases after a timeout
* fixed EAP-SIM/AKA realm processing to allow decorated usernames to
be used
+ * added a workaround for EAP-SIM/AKA peers that include incorrect null
+ termination in the username
2008-01-01 - v0.6.2
* fixed EAP-SIM and EAP-AKA message parser to validate attribute
diff --git a/src/eap_common/eap_sim_common.c b/src/eap_common/eap_sim_common.c
index a46d470..02d20ca 100644
--- a/src/eap_common/eap_sim_common.c
+++ b/src/eap_common/eap_sim_common.c
@@ -1,6 +1,6 @@
/*
* EAP peer/server: EAP-SIM/AKA shared routines
- * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -119,6 +119,11 @@ int eap_sim_derive_keys_reauth(u16 _counter,
const u8 *addr[4];
size_t len[4];
+ while (identity_len > 0 && identity[identity_len - 1] == 0) {
+ wpa_printf(MSG_DEBUG, "EAP-SIM: Workaround - drop null "
+ "character from the end of identity");
+ identity_len--;
+ }
addr[0] = identity;
len[0] = identity_len;
addr[1] = counter;
diff --git a/src/eap_server/eap_aka.c b/src/eap_server/eap_aka.c
index c4e1e69..df21a85 100644
--- a/src/eap_server/eap_aka.c
+++ b/src/eap_server/eap_aka.c
@@ -1,6 +1,6 @@
/*
* hostapd / EAP-AKA (RFC 4187)
- * Copyright (c) 2005-2007, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2005-2008, Jouni Malinen <j@w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -576,10 +576,16 @@ static void eap_aka_determine_identity(struct eap_sm *sm,
sm->method_pending = METHOD_PENDING_NONE;
}
+ identity_len = sm->identity_len;
+ if (identity_len > 0 && sm->identity[identity_len - 1] == '\0') {
+ wpa_printf(MSG_DEBUG, "EAP-AKA: Workaround - drop last null "
+ "character from identity");
+ identity_len--;
+ }
wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA: Identity for MK derivation",
- sm->identity, sm->identity_len);
+ sm->identity, identity_len);
- eap_aka_derive_mk(sm->identity, sm->identity_len, data->ik, data->ck,
+ eap_aka_derive_mk(sm->identity, identity_len, data->ik, data->ck,
data->mk);
eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut, data->msk,
data->emsk);
diff --git a/src/eap_server/eap_sim.c b/src/eap_server/eap_sim.c
index bc67116..40886b2 100644
--- a/src/eap_server/eap_sim.c
+++ b/src/eap_server/eap_sim.c
@@ -1,6 +1,6 @@
/*
* hostapd / EAP-SIM (RFC 4186)
- * Copyright (c) 2005-2007, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2005-2008, Jouni Malinen <j@w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -474,12 +474,18 @@ static void eap_sim_process_start(struct eap_sm *sm,
return;
}
+ identity_len = sm->identity_len;
+ if (identity_len > 0 && sm->identity[identity_len - 1] == '\0') {
+ wpa_printf(MSG_DEBUG, "EAP-SIM: Workaround - drop last null "
+ "character from identity");
+ identity_len--;
+ }
wpa_hexdump_ascii(MSG_DEBUG, "EAP-SIM: Identity for MK derivation",
- sm->identity, sm->identity_len);
+ sm->identity, identity_len);
os_memcpy(data->nonce_mt, attr->nonce_mt, EAP_SIM_NONCE_MT_LEN);
WPA_PUT_BE16(ver_list, EAP_SIM_VERSION);
- eap_sim_derive_mk(sm->identity, sm->identity_len, attr->nonce_mt,
+ eap_sim_derive_mk(sm->identity, identity_len, attr->nonce_mt,
attr->selected_version, ver_list, sizeof(ver_list),
data->num_chal, (const u8 *) data->kc, data->mk);
eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut, data->msk,