PERFORCE change 140644 for review
John Birrell
jb at FreeBSD.org
Fri Apr 25 22:56:59 UTC 2008
http://perforce.freebsd.org/chv.cgi?CH=140644
Change 140644 by jb at freebsd3 on 2008/04/25 22:56:47
IF7
Affected files ...
.. //depot/projects/dtrace7/src/contrib/hostapd/ChangeLog#2 integrate
.. //depot/projects/dtrace7/src/contrib/hostapd/Makefile#2 integrate
.. //depot/projects/dtrace7/src/contrib/hostapd/README#2 integrate
.. //depot/projects/dtrace7/src/contrib/hostapd/aes_wrap.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/hostapd/aes_wrap.h#2 integrate
.. //depot/projects/dtrace7/src/contrib/hostapd/common.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/hostapd/common.h#2 integrate
.. //depot/projects/dtrace7/src/contrib/hostapd/defconfig#2 integrate
.. //depot/projects/dtrace7/src/contrib/hostapd/driver.h#2 integrate
.. //depot/projects/dtrace7/src/contrib/hostapd/driver_test.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/hostapd/driver_wired.c#2 delete
.. //depot/projects/dtrace7/src/contrib/hostapd/eap_aka.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/hostapd/eap_gpsk.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/hostapd/eap_gpsk_common.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/hostapd/eap_gpsk_common.h#2 integrate
.. //depot/projects/dtrace7/src/contrib/hostapd/eap_sim.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/hostapd/eap_sim_common.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/hostapd/eap_sim_db.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/hostapd/eap_tls_common.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/hostapd/hostapd.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/hostapd/hostapd.conf#2 integrate
.. //depot/projects/dtrace7/src/contrib/hostapd/ieee802_11.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/hostapd/ieee802_11_auth.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/hostapd/ieee802_1x.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/hostapd/madwifi.conf#2 integrate
.. //depot/projects/dtrace7/src/contrib/hostapd/os.h#2 integrate
.. //depot/projects/dtrace7/src/contrib/hostapd/os_unix.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/hostapd/radius.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/hostapd/radius.h#2 integrate
.. //depot/projects/dtrace7/src/contrib/hostapd/radius_client.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/hostapd/radius_server.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/hostapd/tls_openssl.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/hostapd/version.h#2 integrate
.. //depot/projects/dtrace7/src/contrib/hostapd/wpa.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/ChangeLog#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/FREEBSD-Xlist#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/FREEBSD-upgrade#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/Makefile#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/README#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/aes_wrap.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/aes_wrap.h#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/asn1.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/common.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/common.h#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/config.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/config_ssid.h#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/ctrl_iface.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/ctrl_iface_dbus.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/ctrl_iface_dbus_handlers.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/ctrl_iface_dbus_handlers.h#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/ctrl_iface_unix.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/dbus-wpa_supplicant.conf#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/dbus-wpa_supplicant.service#1 branch
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/defconfig#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/doc/ctrl_iface.doxygen#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/doc/docbook/wpa_background.8#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/doc/docbook/wpa_cli.8#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/doc/docbook/wpa_cli.sgml#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/doc/docbook/wpa_passphrase.8#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/doc/docbook/wpa_supplicant.8#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/doc/docbook/wpa_supplicant.conf.5#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/doc/docbook/wpa_supplicant.sgml#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/driver_ndis.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/eap_gpsk.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/eap_gpsk_common.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/eap_gpsk_common.h#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/eap_peap.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/eap_sim.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/eap_sim_common.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/eap_tlv.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/eap_tlv.h#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/eapol_sm.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/eapol_test.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/events.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/main.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/os.h#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/os_unix.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/pcsc_funcs.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/radius.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/radius.h#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/radius_client.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/tls_openssl.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/version.h#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/wpa.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/wpa_cli.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/wpa_gui-qt4/networkconfig.cpp#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/wpa_gui-qt4/wpagui.cpp#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/wpa_gui/networkconfig.ui.h#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/wpa_gui/setup-mingw-cross-compiling#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/wpa_gui/wpagui.ui.h#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/wpa_supplicant.c#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/wpa_supplicant.conf#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/wpa_supplicant_i.h#2 integrate
.. //depot/projects/dtrace7/src/contrib/wpa_supplicant/x509v3.c#2 integrate
.. //depot/projects/dtrace7/src/etc/rc.d/wpa_supplicant#2 integrate
.. //depot/projects/dtrace7/src/sbin/dhclient/dhclient.c#2 integrate
.. //depot/projects/dtrace7/src/sbin/ifconfig/ifclone.c#2 integrate
.. //depot/projects/dtrace7/src/sbin/ifconfig/ifconfig.c#3 integrate
.. //depot/projects/dtrace7/src/sbin/ifconfig/ifconfig.h#2 integrate
.. //depot/projects/dtrace7/src/sbin/ifconfig/ifvlan.c#2 integrate
.. //depot/projects/dtrace7/src/sbin/ipfw/ipfw.8#5 integrate
.. //depot/projects/dtrace7/src/sbin/ipfw/ipfw2.c#5 integrate
.. //depot/projects/dtrace7/src/share/man/man4/uart.4#2 integrate
.. //depot/projects/dtrace7/src/sys/arm/conf/AVILA.hints#2 integrate
.. //depot/projects/dtrace7/src/sys/arm/xscale/ixp425/ixdp425_pci.c#2 integrate
.. //depot/projects/dtrace7/src/sys/cddl/contrib/opensolaris/common/atomic/sparc64/atomic.S#2 integrate
.. //depot/projects/dtrace7/src/sys/cddl/contrib/opensolaris/uts/common/sys/asm_linkage.h#3 integrate
.. //depot/projects/dtrace7/src/sys/conf/files#9 integrate
.. //depot/projects/dtrace7/src/sys/ddb/db_command.c#4 integrate
.. //depot/projects/dtrace7/src/sys/ddb/db_ps.c#2 integrate
.. //depot/projects/dtrace7/src/sys/ddb/ddb.h#4 integrate
.. //depot/projects/dtrace7/src/sys/dev/ath/if_ath.c#3 integrate
.. //depot/projects/dtrace7/src/sys/dev/ral/rt2661.c#2 integrate
.. //depot/projects/dtrace7/src/sys/dev/uart/uart.h#2 integrate
.. //depot/projects/dtrace7/src/sys/dev/uart/uart_dev_ns8250.c#2 integrate
.. //depot/projects/dtrace7/src/sys/dev/usb/ucom.c#3 integrate
.. //depot/projects/dtrace7/src/sys/dev/usb/ucomvar.h#2 integrate
.. //depot/projects/dtrace7/src/sys/dev/usb/usbdevs#6 integrate
.. //depot/projects/dtrace7/src/sys/modules/Makefile#9 integrate
.. //depot/projects/dtrace7/src/sys/modules/zfs/Makefile#6 integrate
.. //depot/projects/dtrace7/src/sys/net/if_bridge.c#4 integrate
.. //depot/projects/dtrace7/src/sys/net/if_ethersubr.c#2 integrate
.. //depot/projects/dtrace7/src/sys/net/if_media.h#2 integrate
.. //depot/projects/dtrace7/src/sys/net80211/ieee80211_scan_sta.c#3 integrate
.. //depot/projects/dtrace7/src/sys/netinet/ip_dummynet.c#2 integrate
.. //depot/projects/dtrace7/src/sys/netinet/ip_dummynet.h#2 integrate
.. //depot/projects/dtrace7/src/sys/netinet/ip_fw_pfil.c#3 integrate
.. //depot/projects/dtrace7/src/sys/sys/cdefs.h#3 integrate
.. //depot/projects/dtrace7/src/sys/sys/mbuf.h#3 integrate
.. //depot/projects/dtrace7/src/usr.sbin/arp/arp.8#2 integrate
.. //depot/projects/dtrace7/src/usr.sbin/arp/arp.c#2 integrate
.. //depot/projects/dtrace7/src/usr.sbin/wpa/wpa_supplicant/Makefile#4 integrate
.. //depot/projects/dtrace7/src/usr.sbin/wpa/wpa_supplicant/driver_freebsd.c#2 integrate
.. //depot/projects/dtrace7/src/usr.sbin/wpa/wpa_supplicant/wpa_supplicant.8#3 integrate
Differences ...
==== //depot/projects/dtrace7/src/contrib/hostapd/ChangeLog#2 (text+ko) ====
@@ -1,5 +1,25 @@
ChangeLog for hostapd
+2008-02-19 - v0.5.10
+ * fixed EAP-SIM and EAP-AKA message parser to validate attribute
+ lengths properly to avoid potential crash caused by invalid messages
+ * fixed Reassociation Response callback processing when using internal
+ MLME (driver_{hostap,devicescape,test}.c)
+ * fixed EAP-SIM/AKA realm processing to allow decorated usernames to
+ be used
+ * added a workaround for EAP-SIM/AKA peers that include incorrect null
+ termination in the username
+ * fixed EAP-SIM Start response processing for fast reauthentication
+ case
+ * copy optional Proxy-State attributes into RADIUS response when acting
+ as a RADIUS authentication server
+
+2007-12-02 - v0.5.9
+ * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
+ draft (draft-ietf-emu-eap-gpsk-07.txt)
+ * fixed debugging code not to use potentially unaligned read to fetch
+ IPv4 addresses
+
2007-05-28 - v0.5.8
* updated driver_devicescape.c to build with the current
wireless-dev.git tree and net/d80211 changes
==== //depot/projects/dtrace7/src/contrib/hostapd/Makefile#2 (text+ko) ====
@@ -313,6 +313,10 @@
CFLAGS += -DCONFIG_IPV6
endif
+ifdef CONFIG_DRIVER_RADIUS_ACL
+CFLAGS += -DCONFIG_DRIVER_RADIUS_ACL
+endif
+
ifdef CONFIG_FULL_DYNAMIC_VLAN
# define CONFIG_FULL_DYNAMIC_VLAN to have hostapd manipulate bridges
# and vlan interfaces for the vlan feature.
==== //depot/projects/dtrace7/src/contrib/hostapd/README#2 (text+ko) ====
@@ -2,7 +2,7 @@
Authenticator and RADIUS authentication server
================================================================
-Copyright (c) 2002-2007, Jouni Malinen <j at w1.fi> and contributors
+Copyright (c) 2002-2008, Jouni Malinen <j at w1.fi> and contributors
All Rights Reserved.
This program is dual-licensed under both the GPL version 2 and BSD
==== //depot/projects/dtrace7/src/contrib/hostapd/aes_wrap.c#2 (text+ko) ====
@@ -7,7 +7,7 @@
* - AES-128 EAX mode encryption/decryption
* - AES-128 CBC
*
- * Copyright (c) 2003-2005, Jouni Malinen <j at w1.fi>
+ * Copyright (c) 2003-2007, Jouni Malinen <j at w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -34,10 +34,11 @@
/**
* aes_wrap - Wrap keys with AES Key Wrap Algorithm (128-bit KEK) (RFC3394)
- * @kek: Key encryption key (KEK)
- * @n: Length of the wrapped key in 64-bit units; e.g., 2 = 128-bit = 16 bytes
- * @plain: Plaintext key to be wrapped, n * 64 bit
- * @cipher: Wrapped key, (n + 1) * 64 bit
+ * @kek: 16-octet Key encryption key (KEK)
+ * @n: Length of the plaintext key in 64-bit units; e.g., 2 = 128-bit = 16
+ * bytes
+ * @plain: Plaintext key to be wrapped, n * 64 bits
+ * @cipher: Wrapped key, (n + 1) * 64 bits
* Returns: 0 on success, -1 on failure
*/
int aes_wrap(const u8 *kek, int n, const u8 *plain, u8 *cipher)
@@ -93,9 +94,10 @@
/**
* aes_unwrap - Unwrap key with AES Key Wrap Algorithm (128-bit KEK) (RFC3394)
* @kek: Key encryption key (KEK)
- * @n: Length of the wrapped key in 64-bit units; e.g., 2 = 128-bit = 16 bytes
- * @cipher: Wrapped key to be unwrapped, (n + 1) * 64 bit
- * @plain: Plaintext key, n * 64 bit
+ * @n: Length of the plaintext key in 64-bit units; e.g., 2 = 128-bit = 16
+ * bytes
+ * @cipher: Wrapped key to be unwrapped, (n + 1) * 64 bits
+ * @plain: Plaintext key, n * 64 bits
* Returns: 0 on success, -1 on failure (e.g., integrity verification failed)
*/
int aes_unwrap(const u8 *kek, int n, const u8 *cipher, u8 *plain)
@@ -167,28 +169,45 @@
/**
- * omac1_aes_128 - One-Key CBC MAC (OMAC1) hash with AES-128 (aka AES-CMAC)
+ * omac1_aes_128_vector - One-Key CBC MAC (OMAC1) hash with AES-128
* @key: 128-bit key for the hash operation
- * @data: Data buffer for which a MAC is determined
- * @data: Length of data buffer in bytes
+ * @num_elem: Number of elements in the data vector
+ * @addr: Pointers to the data areas
+ * @len: Lengths of the data blocks
* @mac: Buffer for MAC (128 bits, i.e., 16 bytes)
* Returns: 0 on success, -1 on failure
*/
-int omac1_aes_128(const u8 *key, const u8 *data, size_t data_len, u8 *mac)
+int omac1_aes_128_vector(const u8 *key, size_t num_elem,
+ const u8 *addr[], const size_t *len, u8 *mac)
{
void *ctx;
u8 cbc[BLOCK_SIZE], pad[BLOCK_SIZE];
- const u8 *pos = data;
- size_t i, left = data_len;
+ const u8 *pos, *end;
+ size_t i, e, left, total_len;
ctx = aes_encrypt_init(key, 16);
if (ctx == NULL)
return -1;
os_memset(cbc, 0, BLOCK_SIZE);
+ total_len = 0;
+ for (e = 0; e < num_elem; e++)
+ total_len += len[e];
+ left = total_len;
+
+ e = 0;
+ pos = addr[0];
+ end = pos + len[0];
+
while (left >= BLOCK_SIZE) {
- for (i = 0; i < BLOCK_SIZE; i++)
+ for (i = 0; i < BLOCK_SIZE; i++) {
cbc[i] ^= *pos++;
+ if (pos >= end) {
+ e++;
+ pos = addr[e];
+ end = pos + len[e];
+ }
+ }
if (left > BLOCK_SIZE)
aes_encrypt(ctx, cbc, cbc);
left -= BLOCK_SIZE;
@@ -198,9 +217,15 @@
aes_encrypt(ctx, pad, pad);
gf_mulx(pad);
- if (left || data_len == 0) {
- for (i = 0; i < left; i++)
+ if (left || total_len == 0) {
+ for (i = 0; i < left; i++) {
cbc[i] ^= *pos++;
+ if (pos >= end) {
+ e++;
+ pos = addr[e];
+ end = pos + len[e];
+ }
+ }
cbc[left] ^= 0x80;
gf_mulx(pad);
}
@@ -212,6 +237,24 @@
return 0;
}
+
+/**
+ * omac1_aes_128 - One-Key CBC MAC (OMAC1) hash with AES-128 (aka AES-CMAC)
+ * @key: 128-bit key for the hash operation
+ * @data: Data buffer for which a MAC is determined
+ * @data_len: Length of data buffer in bytes
+ * @mac: Buffer for MAC (128 bits, i.e., 16 bytes)
+ * Returns: 0 on success, -1 on failure
+ *
+ * This is a mode for using block cipher (AES in this case) for authentication.
+ * OMAC1 was standardized with the name CMAC by NIST in a Special Publication
+ * (SP) 800-38B.
+ */
+int omac1_aes_128(const u8 *key, const u8 *data, size_t data_len, u8 *mac)
+{
+ return omac1_aes_128_vector(key, 1, &data, &data_len, mac);
+}
+
#endif /* CONFIG_NO_AES_OMAC1 */
==== //depot/projects/dtrace7/src/contrib/hostapd/aes_wrap.h#2 (text+ko) ====
@@ -7,7 +7,7 @@
* - AES-128 EAX mode encryption/decryption
* - AES-128 CBC
*
- * Copyright (c) 2003-2005, Jouni Malinen <j at w1.fi>
+ * Copyright (c) 2003-2007, Jouni Malinen <j at w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -24,6 +24,8 @@
int aes_wrap(const u8 *kek, int n, const u8 *plain, u8 *cipher);
int aes_unwrap(const u8 *kek, int n, const u8 *cipher, u8 *plain);
+int omac1_aes_128_vector(const u8 *key, size_t num_elem,
+ const u8 *addr[], const size_t *len, u8 *mac);
int omac1_aes_128(const u8 *key, const u8 *data, size_t data_len, u8 *mac);
int aes_128_encrypt_block(const u8 *key, const u8 *in, u8 *out);
int aes_128_ctr_encrypt(const u8 *key, const u8 *nonce,
==== //depot/projects/dtrace7/src/contrib/hostapd/common.c#2 (text+ko) ====
@@ -20,7 +20,6 @@
#ifdef CONFIG_DEBUG_FILE
static FILE *out_file = NULL;
#endif /* CONFIG_DEBUG_FILE */
-int wpa_debug_use_file = 0;
int wpa_debug_level = MSG_INFO;
int wpa_debug_show_keys = 0;
int wpa_debug_timestamp = 0;
@@ -344,32 +343,29 @@
}
-int wpa_debug_open_file(void)
+int wpa_debug_open_file(const char *path)
{
#ifdef CONFIG_DEBUG_FILE
- static int count = 0;
- char fname[64];
- if (!wpa_debug_use_file)
+ if (!path)
return 0;
-#ifdef _WIN32
- os_snprintf(fname, sizeof(fname), "\\Temp\\wpa_supplicant-log-%d.txt",
- count++);
-#else /* _WIN32 */
- os_snprintf(fname, sizeof(fname), "/tmp/wpa_supplicant-log-%d.txt",
- count++);
+ out_file = fopen(path, "a");
+ if (out_file == NULL) {
+ wpa_printf(MSG_ERROR, "wpa_debug_open_file: Failed to open "
+ "output file, using standard output");
+ return -1;
+ }
+#ifndef _WIN32
+ setvbuf(out_file, NULL, _IOLBF, 0);
#endif /* _WIN32 */
- out_file = fopen(fname, "w");
- return out_file == NULL ? -1 : 0;
-#else /* CONFIG_DEBUG_FILE */
+#endif /* CONFIG_DEBUG_FILE */
return 0;
-#endif /* CONFIG_DEBUG_FILE */
}
void wpa_debug_close_file(void)
{
#ifdef CONFIG_DEBUG_FILE
- if (!wpa_debug_use_file)
+ if (!out_file)
return;
fclose(out_file);
out_file = NULL;
==== //depot/projects/dtrace7/src/contrib/hostapd/common.h#2 (text+ko) ====
@@ -264,12 +264,12 @@
#define wpa_hexdump_key(l,t,b,le) do { } while (0)
#define wpa_hexdump_ascii(l,t,b,le) do { } while (0)
#define wpa_hexdump_ascii_key(l,t,b,le) do { } while (0)
-#define wpa_debug_open_file() do { } while (0)
+#define wpa_debug_open_file(p) do { } while (0)
#define wpa_debug_close_file() do { } while (0)
#else /* CONFIG_NO_STDOUT_DEBUG */
-int wpa_debug_open_file(void);
+int wpa_debug_open_file(const char *path);
void wpa_debug_close_file(void);
/**
==== //depot/projects/dtrace7/src/contrib/hostapd/defconfig#2 (text+ko) ====
@@ -102,3 +102,7 @@
# Build IPv6 support for RADIUS operations
CONFIG_IPV6=y
+
+# Use the hostapd's IEEE 802.11 authentication (ACL), but without
+# the IEEE 802.11 Management capability
+CONFIG_DRIVER_RADIUS_ACL=y
==== //depot/projects/dtrace7/src/contrib/hostapd/driver.h#2 (text+ko) ====
@@ -141,6 +141,10 @@
* this handler will be called after initial setup has been completed.
*/
int (*commit)(void *priv);
+
+ int (*set_radius_acl_auth)(void *priv, const u8 *mac, int accepted,
+ u32 session_timeout);
+ int (*set_radius_acl_expire)(void *priv, const u8 *mac);
};
static inline int
@@ -653,4 +657,22 @@
return hapd->driver->commit(hapd->driver);
}
+static inline int
+hostapd_set_radius_acl_auth(struct hostapd_data *hapd, const u8 *mac, int accepted,
+ u32 session_timeout)
+{
+ if (hapd->driver == NULL || hapd->driver->set_radius_acl_auth == NULL)
+ return 0;
+ return hapd->driver->set_radius_acl_auth(hapd->driver, mac, accepted,
+ session_timeout);
+}
+
+static inline int
+hostapd_set_radius_acl_expire(struct hostapd_data *hapd, const u8 *mac)
+{
+ if (hapd->driver == NULL || hapd->driver->set_radius_acl_expire == NULL)
+ return 0;
+ return hapd->driver->set_radius_acl_expire(hapd->driver, mac);
+}
+
#endif /* DRIVER_H */
==== //depot/projects/dtrace7/src/contrib/hostapd/driver_test.c#2 (text+ko) ====
@@ -170,9 +170,10 @@
u16 fc;
if (drv->test_socket < 0 || len < 10 || drv->socket_dir == NULL) {
- wpa_printf(MSG_DEBUG, "%s: invalid parameters (sock=%d len=%d "
- "socket_dir=%p)",
- __func__, drv->test_socket, len, drv->socket_dir);
+ wpa_printf(MSG_DEBUG, "%s: invalid parameters (sock=%d len=%lu"
+ " socket_dir=%p)",
+ __func__, drv->test_socket, (unsigned long) len,
+ drv->socket_dir);
return -1;
}
==== //depot/projects/dtrace7/src/contrib/hostapd/eap_aka.c#2 (text+ko) ====
@@ -1,6 +1,6 @@
/*
* hostapd / EAP-AKA (RFC 4187)
- * Copyright (c) 2005-2007, Jouni Malinen <j at w1.fi>
+ * Copyright (c) 2005-2008, Jouni Malinen <j at w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -124,6 +124,14 @@
sm->identity_len)) {
wpa_printf(MSG_DEBUG, " AT_PERMANENT_ID_REQ");
eap_sim_msg_add(msg, EAP_SIM_AT_PERMANENT_ID_REQ, 0, NULL, 0);
+ } else {
+ /*
+ * RFC 4187, Chap. 4.1.4 recommends that identity from EAP is
+ * ignored and the AKA/Identity is used to request the
+ * identity.
+ */
+ wpa_printf(MSG_DEBUG, " AT_ANY_ID_REQ");
+ eap_sim_msg_add(msg, EAP_SIM_AT_ANY_ID_REQ, 0, NULL, 0);
}
return eap_sim_msg_finish(msg, reqDataLen, NULL, NULL, 0);
}
@@ -445,10 +453,16 @@
sm->method_pending = METHOD_PENDING_NONE;
}
+ identity_len = sm->identity_len;
+ while (identity_len > 0 && sm->identity[identity_len - 1] == '\0') {
+ wpa_printf(MSG_DEBUG, "EAP-AKA: Workaround - drop last null "
+ "character from identity");
+ identity_len--;
+ }
wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA: Identity for MK derivation",
- sm->identity, sm->identity_len);
+ sm->identity, identity_len);
- eap_aka_derive_mk(sm->identity, sm->identity_len, data->ik, data->ck,
+ eap_aka_derive_mk(sm->identity, identity_len, data->ik, data->ck,
data->mk);
eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut, data->msk,
data->emsk);
==== //depot/projects/dtrace7/src/contrib/hostapd/eap_gpsk.c#2 (text+ko) ====
@@ -1,5 +1,5 @@
/*
- * hostapd / EAP-GPSK (draft-ietf-emu-eap-gpsk-03.txt) server
+ * hostapd / EAP-GPSK (draft-ietf-emu-eap-gpsk-08.txt) server
* Copyright (c) 2006-2007, Jouni Malinen <j at w1.fi>
*
* This program is free software; you can redistribute it and/or modify
@@ -23,15 +23,15 @@
struct eap_gpsk_data {
enum { GPSK_1, GPSK_3, SUCCESS, FAILURE } state;
u8 rand_server[EAP_GPSK_RAND_LEN];
- u8 rand_client[EAP_GPSK_RAND_LEN];
+ u8 rand_peer[EAP_GPSK_RAND_LEN];
u8 msk[EAP_MSK_LEN];
u8 emsk[EAP_EMSK_LEN];
u8 sk[EAP_GPSK_MAX_SK_LEN];
size_t sk_len;
u8 pk[EAP_GPSK_MAX_PK_LEN];
size_t pk_len;
- u8 *id_client;
- size_t id_client_len;
+ u8 *id_peer;
+ size_t id_peer_len;
u8 *id_server;
size_t id_server_len;
#define MAX_NUM_CSUITES 2
@@ -85,17 +85,17 @@
data->csuite_count = 0;
if (eap_gpsk_supported_ciphersuite(EAP_GPSK_VENDOR_IETF,
EAP_GPSK_CIPHER_AES)) {
- WPA_PUT_BE24(data->csuite_list[data->csuite_count].vendor,
+ WPA_PUT_BE32(data->csuite_list[data->csuite_count].vendor,
EAP_GPSK_VENDOR_IETF);
- WPA_PUT_BE24(data->csuite_list[data->csuite_count].specifier,
+ WPA_PUT_BE16(data->csuite_list[data->csuite_count].specifier,
EAP_GPSK_CIPHER_AES);
data->csuite_count++;
}
if (eap_gpsk_supported_ciphersuite(EAP_GPSK_VENDOR_IETF,
EAP_GPSK_CIPHER_SHA256)) {
- WPA_PUT_BE24(data->csuite_list[data->csuite_count].vendor,
+ WPA_PUT_BE32(data->csuite_list[data->csuite_count].vendor,
EAP_GPSK_VENDOR_IETF);
- WPA_PUT_BE24(data->csuite_list[data->csuite_count].specifier,
+ WPA_PUT_BE16(data->csuite_list[data->csuite_count].specifier,
EAP_GPSK_CIPHER_SHA256);
data->csuite_count++;
}
@@ -108,7 +108,7 @@
{
struct eap_gpsk_data *data = priv;
free(data->id_server);
- free(data->id_client);
+ free(data->id_peer);
free(data);
}
@@ -174,8 +174,8 @@
wpa_printf(MSG_DEBUG, "EAP-GPSK: Request/GPSK-3");
miclen = eap_gpsk_mic_len(data->vendor, data->specifier);
- len = 1 + 2 * EAP_GPSK_RAND_LEN + sizeof(struct eap_gpsk_csuite) + 2 +
- miclen;
+ len = 1 + 2 * EAP_GPSK_RAND_LEN + 2 + data->id_server_len +
+ sizeof(struct eap_gpsk_csuite) + 2 + miclen;
req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_GPSK, reqDataLen,
len, EAP_CODE_REQUEST, id, &pos);
if (req == NULL) {
@@ -188,13 +188,18 @@
*pos++ = EAP_GPSK_OPCODE_GPSK_3;
start = pos;
- memcpy(pos, data->rand_client, EAP_GPSK_RAND_LEN);
+ memcpy(pos, data->rand_peer, EAP_GPSK_RAND_LEN);
pos += EAP_GPSK_RAND_LEN;
memcpy(pos, data->rand_server, EAP_GPSK_RAND_LEN);
pos += EAP_GPSK_RAND_LEN;
+ WPA_PUT_BE16(pos, data->id_server_len);
+ pos += 2;
+ if (data->id_server)
+ memcpy(pos, data->id_server, data->id_server_len);
+ pos += data->id_server_len;
csuite = (struct eap_gpsk_csuite *) pos;
- WPA_PUT_BE24(csuite->vendor, data->vendor);
- WPA_PUT_BE24(csuite->specifier, data->specifier);
+ WPA_PUT_BE32(csuite->vendor, data->vendor);
+ WPA_PUT_BE16(csuite->specifier, data->specifier);
pos += sizeof(*csuite);
/* no PD_Payload_2 */
@@ -282,7 +287,7 @@
if (end - pos < 2) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for "
- "ID_Client length");
+ "ID_Peer length");
eap_gpsk_state(data, FAILURE);
return;
}
@@ -290,21 +295,21 @@
pos += 2;
if (end - pos < alen) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for "
- "ID_Client");
+ "ID_Peer");
eap_gpsk_state(data, FAILURE);
return;
}
- free(data->id_client);
- data->id_client = malloc(alen);
- if (data->id_client == NULL) {
+ free(data->id_peer);
+ data->id_peer = malloc(alen);
+ if (data->id_peer == NULL) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Not enough memory to store "
- "%d-octet ID_Client", alen);
+ "%d-octet ID_Peer", alen);
return;
}
- memcpy(data->id_client, pos, alen);
- data->id_client_len = alen;
- wpa_hexdump_ascii(MSG_DEBUG, "EAP-GPSK: ID_Client",
- data->id_client, data->id_client_len);
+ memcpy(data->id_peer, pos, alen);
+ data->id_peer_len = alen;
+ wpa_hexdump_ascii(MSG_DEBUG, "EAP-GPSK: ID_Peer",
+ data->id_peer, data->id_peer_len);
pos += alen;
if (end - pos < 2) {
@@ -332,13 +337,13 @@
if (end - pos < EAP_GPSK_RAND_LEN) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for "
- "RAND_Client");
+ "RAND_Peer");
eap_gpsk_state(data, FAILURE);
return;
}
- memcpy(data->rand_client, pos, EAP_GPSK_RAND_LEN);
- wpa_hexdump(MSG_DEBUG, "EAP-GPSK: RAND_Client",
- data->rand_client, EAP_GPSK_RAND_LEN);
+ memcpy(data->rand_peer, pos, EAP_GPSK_RAND_LEN);
+ wpa_hexdump(MSG_DEBUG, "EAP-GPSK: RAND_Peer",
+ data->rand_peer, EAP_GPSK_RAND_LEN);
pos += EAP_GPSK_RAND_LEN;
if (end - pos < EAP_GPSK_RAND_LEN) {
@@ -397,13 +402,13 @@
if (i == data->csuite_count) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Peer selected unsupported "
"ciphersuite %d:%d",
- WPA_GET_BE24(csuite->vendor),
- WPA_GET_BE24(csuite->specifier));
+ WPA_GET_BE32(csuite->vendor),
+ WPA_GET_BE16(csuite->specifier));
eap_gpsk_state(data, FAILURE);
return;
}
- data->vendor = WPA_GET_BE24(csuite->vendor);
- data->specifier = WPA_GET_BE24(csuite->specifier);
+ data->vendor = WPA_GET_BE32(csuite->vendor);
+ data->specifier = WPA_GET_BE16(csuite->specifier);
wpa_printf(MSG_DEBUG, "EAP-GPSK: CSuite_Sel %d:%d",
data->vendor, data->specifier);
pos += sizeof(*csuite);
@@ -434,8 +439,8 @@
if (eap_gpsk_derive_keys(sm->user->password, sm->user->password_len,
data->vendor, data->specifier,
- data->rand_client, data->rand_server,
- data->id_client, data->id_client_len,
+ data->rand_peer, data->rand_server,
+ data->id_peer, data->id_peer_len,
data->id_server, data->id_server_len,
data->msk, data->emsk,
data->sk, &data->sk_len,
==== //depot/projects/dtrace7/src/contrib/hostapd/eap_gpsk_common.c#2 (text+ko) ====
@@ -18,8 +18,9 @@
#include "eap_defs.h"
#include "aes_wrap.h"
#include "crypto.h"
-#include "sha1.h"
+#ifdef EAP_GPSK_SHA256
#include "sha256.h"
+#endif /* EAP_GPSK_SHA256 */
#include "eap_gpsk_common.h"
@@ -43,31 +44,29 @@
}
-static int eap_gpsk_gkdf(const u8 *psk /* Y */, size_t psk_len,
- const u8 *data /* Z */, size_t data_len,
- u8 *buf, size_t len /* X */)
+static int eap_gpsk_gkdf_cmac(const u8 *psk /* Y */,
+ const u8 *data /* Z */, size_t data_len,
+ u8 *buf, size_t len /* X */)
{
u8 *opos;
size_t i, n, hashlen, left, clen;
- u8 ibuf[2], hash[SHA1_MAC_LEN];
- const u8 *addr[3];
- size_t vlen[3];
+ u8 ibuf[2], hash[16];
+ const u8 *addr[2];
+ size_t vlen[2];
- hashlen = SHA1_MAC_LEN;
- /* M_i = Hash-Function (i || Y || Z); */
+ hashlen = sizeof(hash);
+ /* M_i = MAC_Y (i || Z); (MAC = AES-CMAC-128) */
addr[0] = ibuf;
vlen[0] = sizeof(ibuf);
- addr[1] = psk;
- vlen[1] = psk_len;
- addr[2] = data;
- vlen[2] = data_len;
+ addr[1] = data;
+ vlen[1] = data_len;
opos = buf;
left = len;
n = (len + hashlen - 1) / hashlen;
for (i = 1; i <= n; i++) {
WPA_PUT_BE16(ibuf, i);
- sha1_vector(3, addr, vlen, hash);
+ omac1_aes_128_vector(psk, 2, addr, vlen, hash);
clen = left > hashlen ? hashlen : left;
os_memcpy(opos, hash, clen);
opos += clen;
@@ -78,112 +77,30 @@
}
-static int eap_gpsk_derive_keys_aes(const u8 *psk, size_t psk_len,
- const u8 *seed, size_t seed_len,
- u8 *msk, u8 *emsk, u8 *sk, size_t *sk_len,
- u8 *pk, size_t *pk_len)
-{
-#define EAP_GPSK_SK_LEN_AES 16
-#define EAP_GPSK_PK_LEN_AES 16
- u8 zero_string[1], mk[32], *pos, *data;
- u8 kdf_out[EAP_MSK_LEN + EAP_EMSK_LEN + EAP_GPSK_SK_LEN_AES +
- EAP_GPSK_PK_LEN_AES];
- size_t data_len;
-
- /*
- * inputString = RAND_Client || ID_Client || RAND_Server || ID_Server
- * (= seed)
- * KS = 16, PL = psk_len, CSuite_Sel = 0x000000 0x000001
- * MK = GKDF-32 (0x00, PL || PSK || CSuite_Sel || inputString)
- * MSK = GKDF-160 (MK, inputString)[0..63]
- * EMSK = GKDF-160 (MK, inputString)[64..127]
- * SK = GKDF-160 (MK, inputString)[128..143]
- * PK = GKDF-160 (MK, inputString)[144..159]
- * MID = GKDF-16(0x00, "Method ID" || EAP_Method_Type || CSuite_Sel ||
- * inputString)
- * Hash-Function = SHA-1 (see [RFC3174])
- * hashlen = 20 octets (160 bits)
- */
-
- os_memset(zero_string, 0, sizeof(zero_string));
-
- data_len = 2 + psk_len + 6 + seed_len;
- data = os_malloc(data_len);
- if (data == NULL)
- return -1;
- pos = data;
- WPA_PUT_BE16(pos, psk_len);
- pos += 2;
- os_memcpy(pos, psk, psk_len);
- pos += psk_len;
- WPA_PUT_BE24(pos, 0); /* CSuite/Vendor = IETF */
- pos += 3;
- WPA_PUT_BE24(pos, EAP_GPSK_CIPHER_AES); /* CSuite/Specifier */
- pos += 3;
- os_memcpy(pos, seed, seed_len); /* inputString */
- wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: Data to MK derivation (AES)",
- data, data_len);
-
- if (eap_gpsk_gkdf(zero_string, sizeof(zero_string), data, data_len,
- mk, sizeof(mk)) < 0) {
- os_free(data);
- return -1;
- }
- os_free(data);
- wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: MK", mk, sizeof(mk));
-
- if (eap_gpsk_gkdf(mk, sizeof(mk), seed, seed_len,
- kdf_out, sizeof(kdf_out)) < 0)
- return -1;
-
- pos = kdf_out;
- wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: MSK", pos, EAP_MSK_LEN);
- os_memcpy(msk, pos, EAP_MSK_LEN);
- pos += EAP_MSK_LEN;
-
- wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: EMSK", pos, EAP_EMSK_LEN);
- os_memcpy(emsk, pos, EAP_EMSK_LEN);
- pos += EAP_EMSK_LEN;
-
- wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: SK", pos, EAP_GPSK_SK_LEN_AES);
- os_memcpy(sk, pos, EAP_GPSK_SK_LEN_AES);
- *sk_len = EAP_GPSK_SK_LEN_AES;
- pos += EAP_GPSK_SK_LEN_AES;
-
- wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: PK", pos, EAP_GPSK_PK_LEN_AES);
- os_memcpy(pk, pos, EAP_GPSK_PK_LEN_AES);
- *pk_len = EAP_GPSK_PK_LEN_AES;
-
- return 0;
-}
-
-
#ifdef EAP_GPSK_SHA256
-static int eap_gpsk_gkdf_sha256(const u8 *psk /* Y */, size_t psk_len,
+static int eap_gpsk_gkdf_sha256(const u8 *psk /* Y */,
const u8 *data /* Z */, size_t data_len,
u8 *buf, size_t len /* X */)
{
u8 *opos;
size_t i, n, hashlen, left, clen;
u8 ibuf[2], hash[SHA256_MAC_LEN];
- const u8 *addr[3];
- size_t vlen[3];
+ const u8 *addr[2];
+ size_t vlen[2];
hashlen = SHA256_MAC_LEN;
- /* M_i = Hash-Function (i || Y || Z); */
+ /* M_i = MAC_Y (i || Z); (MAC = HMAC-SHA256) */
addr[0] = ibuf;
vlen[0] = sizeof(ibuf);
- addr[1] = psk;
- vlen[1] = psk_len;
- addr[2] = data;
- vlen[2] = data_len;
+ addr[1] = data;
+ vlen[1] = data_len;
opos = buf;
left = len;
n = (len + hashlen - 1) / hashlen;
for (i = 1; i <= n; i++) {
WPA_PUT_BE16(ibuf, i);
- sha256_vector(3, addr, vlen, hash);
+ hmac_sha256_vector(psk, 32, 2, addr, vlen, hash);
clen = left > hashlen ? hashlen : left;
os_memcpy(opos, hash, clen);
opos += clen;
@@ -192,37 +109,40 @@
return 0;
}
+#endif /* EAP_GPSK_SHA256 */
-static int eap_gpsk_derive_keys_sha256(const u8 *psk, size_t psk_len,
+static int eap_gpsk_derive_keys_helper(u32 csuite_specifier,
+ u8 *kdf_out, size_t kdf_out_len,
+ const u8 *psk, size_t psk_len,
const u8 *seed, size_t seed_len,
u8 *msk, u8 *emsk,
- u8 *sk, size_t *sk_len,
- u8 *pk, size_t *pk_len)
+ u8 *sk, size_t sk_len,
+ u8 *pk, size_t pk_len)
{
-#define EAP_GPSK_SK_LEN_SHA256 SHA256_MAC_LEN
-#define EAP_GPSK_PK_LEN_SHA256 SHA256_MAC_LEN
- u8 mk[SHA256_MAC_LEN], zero_string[1], *pos, *data;
- u8 kdf_out[EAP_MSK_LEN + EAP_EMSK_LEN + EAP_GPSK_SK_LEN_SHA256 +
- EAP_GPSK_PK_LEN_SHA256];
- size_t data_len;
+ u8 mk[32], *pos, *data;
+ size_t data_len, mk_len;
+ int (*gkdf)(const u8 *psk, const u8 *data, size_t data_len,
+ u8 *buf, size_t len);
- /*
- * inputString = RAND_Client || ID_Client || RAND_Server || ID_Server
- * (= seed)
- * KS = 32, PL = psk_len, CSuite_Sel = 0x000000 0x000002
- * MK = GKDF-32 (0x00, PL || PSK || CSuite_Sel || inputString)
- * MSK = GKDF-192 (MK, inputString)[0..63]
- * EMSK = GKDF-192 (MK, inputString)[64..127]
- * SK = GKDF-192 (MK, inputString)[128..159]
- * PK = GKDF-192 (MK, inputString)[160..191]
- * MID = GKDF-16(0x00, "Method ID" || EAP_Method_Type || CSuite_Sel ||
- * inputString)
- * Hash-Function = SHA256 (see [RFC4634])
- * hashlen = 32 octets (256 bits)
- */
+ gkdf = NULL;
+ switch (csuite_specifier) {
+ case EAP_GPSK_CIPHER_AES:
+ gkdf = eap_gpsk_gkdf_cmac;
+ mk_len = 16;
+ break;
+#ifdef EAP_GPSK_SHA256
+ case EAP_GPSK_CIPHER_SHA256:
+ gkdf = eap_gpsk_gkdf_sha256;
+ mk_len = SHA256_MAC_LEN;
+ break;
+#endif /* EAP_GPSK_SHA256 */
+ default:
+ return -1;
+ }
- os_memset(zero_string, 0, sizeof(zero_string));
+ if (psk_len < mk_len)
+ return -1;
data_len = 2 + psk_len + 6 + seed_len;
data = os_malloc(data_len);
@@ -233,24 +153,22 @@
pos += 2;
os_memcpy(pos, psk, psk_len);
pos += psk_len;
- WPA_PUT_BE24(pos, 0); /* CSuite/Vendor = IETF */
- pos += 3;
- WPA_PUT_BE24(pos, EAP_GPSK_CIPHER_SHA256); /* CSuite/Specifier */
- pos += 3;
+ WPA_PUT_BE32(pos, EAP_GPSK_VENDOR_IETF); /* CSuite/Vendor = IETF */
+ pos += 4;
+ WPA_PUT_BE16(pos, csuite_specifier); /* CSuite/Specifier */
+ pos += 2;
os_memcpy(pos, seed, seed_len); /* inputString */
- wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: Data to MK derivation (SHA256)",
+ wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: Data to MK derivation",
data, data_len);
- if (eap_gpsk_gkdf_sha256(zero_string, sizeof(zero_string),
- data, data_len, mk, sizeof(mk)) < 0) {
+ if (gkdf(psk, data, data_len, mk, mk_len) < 0) {
os_free(data);
return -1;
}
os_free(data);
- wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: MK", mk, sizeof(mk));
+ wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: MK", mk, mk_len);
- if (eap_gpsk_gkdf_sha256(mk, sizeof(mk), seed, seed_len,
- kdf_out, sizeof(kdf_out)) < 0)
+ if (gkdf(mk, seed, seed_len, kdf_out, kdf_out_len) < 0)
return -1;
pos = kdf_out;
@@ -262,46 +180,113 @@
os_memcpy(emsk, pos, EAP_EMSK_LEN);
pos += EAP_EMSK_LEN;
- wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: SK",
>>> TRUNCATED FOR MAIL (1000 lines) <<<
More information about the p4-projects
mailing list