Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

EAP-FAST: Check T-PRF result in MSK/EMSK derivation

Pass the error return from sha1_t_prf() to callers.

Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen 9 years ago
parent
b1d8c5ce6a
commit
5b904b3e42
4 changed files with 25 additions and 14 deletions
Split View Show Diff Stats
  1. 12 8
      src/eap_common/eap_fast_common.c
  2. 2 2
      src/eap_common/eap_fast_common.h
  3. 3 2
      src/eap_peer/eap_fast.c
  4. 8 2
      src/eap_server/eap_server_fast.c

+ 12 - 8
src/eap_common/eap_fast_common.c
View File 

@@ -111,22 +111,24 @@ u8 * eap_fast_derive_key(void *ssl_ctx, struct tls_connection *conn,
 
 }
 
 
 
-void eap_fast_derive_eap_msk(const u8 *simck, u8 *msk)
 
+int eap_fast_derive_eap_msk(const u8 *simck, u8 *msk)
 
 {
 
 	/*
 
 	 * RFC 4851, Section 5.4: EAP Master Session Key Generation
 
 	 * MSK = T-PRF(S-IMCK[j], "Session Key Generating Function", 64)
 
 	 */
 
 
-	sha1_t_prf(simck, EAP_FAST_SIMCK_LEN,
 
-		   "Session Key Generating Function", (u8 *) "", 0,
 
-		   msk, EAP_FAST_KEY_LEN);
 
+	if (sha1_t_prf(simck, EAP_FAST_SIMCK_LEN,
 
+		       "Session Key Generating Function", (u8 *) "", 0,
 
+		       msk, EAP_FAST_KEY_LEN) < 0)
 
+		return -1;
 
 	wpa_hexdump_key(MSG_DEBUG, "EAP-FAST: Derived key (MSK)",
 
 			msk, EAP_FAST_KEY_LEN);
 
+	return 0;
 
 }
 
 
 
-void eap_fast_derive_eap_emsk(const u8 *simck, u8 *emsk)
 
+int eap_fast_derive_eap_emsk(const u8 *simck, u8 *emsk)
 
 {
 
 	/*
 
 	 * RFC 4851, Section 5.4: EAP Master Session Key Genreration
 
@@ -134,11 +136,13 @@ void eap_fast_derive_eap_emsk(const u8 *simck, u8 *emsk)
 
 	 *        "Extended Session Key Generating Function", 64)
 
 	 */
 
 
-	sha1_t_prf(simck, EAP_FAST_SIMCK_LEN,
 
-		   "Extended Session Key Generating Function", (u8 *) "", 0,
 
-		   emsk, EAP_EMSK_LEN);
 
+	if (sha1_t_prf(simck, EAP_FAST_SIMCK_LEN,
 
+		       "Extended Session Key Generating Function", (u8 *) "", 0,
 
+		       emsk, EAP_EMSK_LEN) < 0)
 
+		return -1;
 
 	wpa_hexdump_key(MSG_DEBUG, "EAP-FAST: Derived key (EMSK)",
 
 			emsk, EAP_EMSK_LEN);
 
+	return 0;
 
 }

+ 2 - 2
src/eap_common/eap_fast_common.h
View File 

@@ -99,8 +99,8 @@ void eap_fast_derive_master_secret(const u8 *pac_key, const u8 *server_random,
 
 				   const u8 *client_random, u8 *master_secret);
 
 u8 * eap_fast_derive_key(void *ssl_ctx, struct tls_connection *conn,
 
 			 const char *label, size_t len);
 
-void eap_fast_derive_eap_msk(const u8 *simck, u8 *msk);
 
-void eap_fast_derive_eap_emsk(const u8 *simck, u8 *emsk);
 
+int eap_fast_derive_eap_msk(const u8 *simck, u8 *msk);
 
+int eap_fast_derive_eap_emsk(const u8 *simck, u8 *emsk);
 
 int eap_fast_parse_tlv(struct eap_fast_tlv_parse *tlv,
 
 		       int tlv_type, u8 *pos, size_t len);

+ 3 - 2
src/eap_peer/eap_fast.c
View File 

@@ -260,8 +260,9 @@ static void eap_fast_deinit(struct eap_sm *sm, void *priv)
 
 
 static int eap_fast_derive_msk(struct eap_fast_data *data)
 
 {
 
-	eap_fast_derive_eap_msk(data->simck, data->key_data);
 
-	eap_fast_derive_eap_emsk(data->simck, data->emsk);
 
+	if (eap_fast_derive_eap_msk(data->simck, data->key_data) < 0 ||
 
+	    eap_fast_derive_eap_emsk(data->simck, data->emsk) < 0)
 
+		return -1;
 
 	data->success = 1;
 
 	return 0;
 
 }

+ 8 - 2
src/eap_server/eap_server_fast.c
View File 

@@ -1564,7 +1564,10 @@ static u8 * eap_fast_getKey(struct eap_sm *sm, void *priv, size_t *len)
 
 	if (eapKeyData == NULL)
 
 		return NULL;
 
 
-	eap_fast_derive_eap_msk(data->simck, eapKeyData);
 
+	if (eap_fast_derive_eap_msk(data->simck, eapKeyData) < 0) {
 
+		os_free(eapKeyData);
 
+		return NULL;
 
+	}
 
 	*len = EAP_FAST_KEY_LEN;
 
 
 	return eapKeyData;
 
@@ -1583,7 +1586,10 @@ static u8 * eap_fast_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
 
 	if (eapKeyData == NULL)
 
 		return NULL;
 
 
-	eap_fast_derive_eap_emsk(data->simck, eapKeyData);
 
+	if (eap_fast_derive_eap_emsk(data->simck, eapKeyData) < 0) {
 
+		os_free(eapKeyData);
 
+		return NULL;
 
+	}
 
 	*len = EAP_EMSK_LEN;
 
 
 	return eapKeyData;