Browse Source

EAP-FAST: Check T-PRF result in MSK/EMSK derivation

Pass the error return from sha1_t_prf() to callers.

Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen 9 years ago
parent
commit
5b904b3e42

+ 12 - 8
src/eap_common/eap_fast_common.c

@@ -111,22 +111,24 @@ u8 * eap_fast_derive_key(void *ssl_ctx, struct tls_connection *conn,
 }
 
 
-void eap_fast_derive_eap_msk(const u8 *simck, u8 *msk)
+int eap_fast_derive_eap_msk(const u8 *simck, u8 *msk)
 {
 	/*
 	 * RFC 4851, Section 5.4: EAP Master Session Key Generation
 	 * MSK = T-PRF(S-IMCK[j], "Session Key Generating Function", 64)
 	 */
 
-	sha1_t_prf(simck, EAP_FAST_SIMCK_LEN,
-		   "Session Key Generating Function", (u8 *) "", 0,
-		   msk, EAP_FAST_KEY_LEN);
+	if (sha1_t_prf(simck, EAP_FAST_SIMCK_LEN,
+		       "Session Key Generating Function", (u8 *) "", 0,
+		       msk, EAP_FAST_KEY_LEN) < 0)
+		return -1;
 	wpa_hexdump_key(MSG_DEBUG, "EAP-FAST: Derived key (MSK)",
 			msk, EAP_FAST_KEY_LEN);
+	return 0;
 }
 
 
-void eap_fast_derive_eap_emsk(const u8 *simck, u8 *emsk)
+int eap_fast_derive_eap_emsk(const u8 *simck, u8 *emsk)
 {
 	/*
 	 * RFC 4851, Section 5.4: EAP Master Session Key Genreration
@@ -134,11 +136,13 @@ void eap_fast_derive_eap_emsk(const u8 *simck, u8 *emsk)
 	 *        "Extended Session Key Generating Function", 64)
 	 */
 
-	sha1_t_prf(simck, EAP_FAST_SIMCK_LEN,
-		   "Extended Session Key Generating Function", (u8 *) "", 0,
-		   emsk, EAP_EMSK_LEN);
+	if (sha1_t_prf(simck, EAP_FAST_SIMCK_LEN,
+		       "Extended Session Key Generating Function", (u8 *) "", 0,
+		       emsk, EAP_EMSK_LEN) < 0)
+		return -1;
 	wpa_hexdump_key(MSG_DEBUG, "EAP-FAST: Derived key (EMSK)",
 			emsk, EAP_EMSK_LEN);
+	return 0;
 }
 
 

+ 2 - 2
src/eap_common/eap_fast_common.h

@@ -99,8 +99,8 @@ void eap_fast_derive_master_secret(const u8 *pac_key, const u8 *server_random,
 				   const u8 *client_random, u8 *master_secret);
 u8 * eap_fast_derive_key(void *ssl_ctx, struct tls_connection *conn,
 			 const char *label, size_t len);
-void eap_fast_derive_eap_msk(const u8 *simck, u8 *msk);
-void eap_fast_derive_eap_emsk(const u8 *simck, u8 *emsk);
+int eap_fast_derive_eap_msk(const u8 *simck, u8 *msk);
+int eap_fast_derive_eap_emsk(const u8 *simck, u8 *emsk);
 int eap_fast_parse_tlv(struct eap_fast_tlv_parse *tlv,
 		       int tlv_type, u8 *pos, size_t len);
 

+ 3 - 2
src/eap_peer/eap_fast.c

@@ -260,8 +260,9 @@ static void eap_fast_deinit(struct eap_sm *sm, void *priv)
 
 static int eap_fast_derive_msk(struct eap_fast_data *data)
 {
-	eap_fast_derive_eap_msk(data->simck, data->key_data);
-	eap_fast_derive_eap_emsk(data->simck, data->emsk);
+	if (eap_fast_derive_eap_msk(data->simck, data->key_data) < 0 ||
+	    eap_fast_derive_eap_emsk(data->simck, data->emsk) < 0)
+		return -1;
 	data->success = 1;
 	return 0;
 }

+ 8 - 2
src/eap_server/eap_server_fast.c

@@ -1564,7 +1564,10 @@ static u8 * eap_fast_getKey(struct eap_sm *sm, void *priv, size_t *len)
 	if (eapKeyData == NULL)
 		return NULL;
 
-	eap_fast_derive_eap_msk(data->simck, eapKeyData);
+	if (eap_fast_derive_eap_msk(data->simck, eapKeyData) < 0) {
+		os_free(eapKeyData);
+		return NULL;
+	}
 	*len = EAP_FAST_KEY_LEN;
 
 	return eapKeyData;
@@ -1583,7 +1586,10 @@ static u8 * eap_fast_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
 	if (eapKeyData == NULL)
 		return NULL;
 
-	eap_fast_derive_eap_emsk(data->simck, eapKeyData);
+	if (eap_fast_derive_eap_emsk(data->simck, eapKeyData) < 0) {
+		os_free(eapKeyData);
+		return NULL;
+	}
 	*len = EAP_EMSK_LEN;
 
 	return eapKeyData;